From nobody Mon Nov 5 02:42:19 2018 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50783130DF7 for ; Mon, 5 Nov 2018 02:42:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=onIgKext; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=XfberFGW Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjWKbevpSCSk for ; Mon, 5 Nov 2018 02:41:58 -0800 (PST) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D78E4130EEB for ; Mon, 5 Nov 2018 02:41:57 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id BB25D21C60 for ; Mon, 5 Nov 2018 05:41:56 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute7.internal (MEProxy); Mon, 05 Nov 2018 05:41:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= message-id:from:to:mime-version:content-transfer-encoding :content-type:date:subject; s=fm1; bh=Flogs0ZBh1JH3/tz042LXCueER kRh0suoGjfhp80bo0=; b=onIgKextZKv9wZN5ZscjboTANiVQ7YANkw1zCL4muZ 0HtQlEYLgyd/wxXvllgmrbNECgl8t8uWLnj4M0fTpnGhpW0UvQURPjEL09pEdm3H 7xwtxR6Wh9T21XHCLbNXmzlZsSO2SgLaABAxWxazQEgW6wWbZK9j6drqsU/HYMKo q83x0Rjj/OtknvNirjfWad1OOrXs6f7EV8ZOajTDeSSBWqMzTgYjdQDjdmeAf2Ci zwHKDlwsRbjfsPaC3fpJQ6INK7cR+fRRiXy0NJX6VKuUQ2wHwdGXkWnbw/PaCYwZ 2tHJXp15GxtBoG7cvgJNVP2Re1XxfWi0nA5tUjnQAV1w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Flogs0 ZBh1JH3/tz042LXCueERkRh0suoGjfhp80bo0=; b=XfberFGW0cY+3OgbfRmCjU Zc8mpYVoUP7BsiygHJ5jLoQYoB+TsAcQ+IWWUDPjmV3jbLMc+G7l3gTEDrHYQUAX hmBWnMNIQGG8gsqVeg/mHIwyS33Z8WBminLjmWpF/f5T9ZyRXIE4Egs6V/FU5PYa FVTYiC5uwlb57u7uNUGUaOBPP+JZrxfhLSr422wNxLCqJ0BCWxovTbw3w/pdAUM5 86sTERNX4oK+u8/p9+X6HZ1DdaoxqolLgNf42rCY7437T5aavxQ/eQU6lPSxmLPU MRwcNBGhPAVeipTD7RA+bNcIwtfQzb/tPr7s5DmM2KK+OTHUTLJs2nHYdOIWsrVg == X-ME-Sender: X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 4A0084250; Mon, 5 Nov 2018 05:41:56 -0500 (EST) Message-Id: <1541414516.2523052.1565873248.73FBDB9E@webmail.messagingengine.com> From: Alexey Melnikov To: crypto-panel@irtf.org, crypto-panel@irtf.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-d469da0c Date: Mon, 05 Nov 2018 10:41:56 +0000 X-Forwarded-Message-Id: <4aa2c205-583a-8479-0658-a9b5f0461fbf@ericsson.com> Archived-At: Subject: [Crypto-panel] Fwd: Review of draft-ietf-lwig-curve-representations-00 by crypto review panel X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2018 10:42:01 -0000 Hi, Can one of Crypto Panel members review this document? Thank you, Alexey ----- Original message ----- From: Mohit Sethi M To: "aamelnikov@fastmail.fm" , Suresh Krishnan , Zhen Cao Subject: Review of draft-ietf-lwig-curve-representations-00 by crypto review panel Date: Sun, 4 Nov 2018 08:26:08 +0000 Hi Alexey, We spoke today about the need for getting more reviews on a LWIG document titled "Alternative Elliptic Curve Representations": https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-00 The draft describes how to implement Ed25519, Curve25519 and NIST P-256 with the same underlying implementation. Phillip Hallam-Baker also recently requested this on the SAAG list: https://mailarchive.ietf.org/arch/msg/saag/QM80DmA-3iEBxlh_VU5B5wOQnnA. It would be great if someone from the crypto review panel could provide feedback on this draft. The draft is currently hosted in the LWIG working group and Zhen (in CC) is my co-chair, while Suresh (in CC) is the responsible area director. Rene will also present the draft on Wednesday in LWIG in room Meeting 2 between 11:20-12:20. --Mohit From nobody Tue Nov 6 03:45:39 2018 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55E3D12D4F1 for ; Tue, 6 Nov 2018 03:45:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5JOXueLB2UXd for ; Tue, 6 Nov 2018 03:45:34 -0800 (PST) Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0278E130F24 for ; Tue, 6 Nov 2018 03:45:28 -0800 (PST) Received: by mail-qt1-x82f.google.com with SMTP id p17so2171655qtl.5 for ; Tue, 06 Nov 2018 03:45:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aNqS0tdpmWJTCh/oP8/eNSxcftb+BbfSrlJxcD76t0U=; b=qH6L1B1cq6SMDD2WuOa0WDtTRZj8QosOvfhkvIZjkzPpaISmc2N2KF7usXhYxxdUq9 OmDGI4Y2C75ns9RC78FB1VNN0QO/hNHeMddrJRahnhKPn82r7ayDmXXEkryciSME0uuk JcScNzUe25OQJbl1UPbGhp3GyvkN7XLjTxyUO9x0vGSH2OYU1I7LE5qyCFAaGI4DHFsJ UYZtLXV8MJWeLXPiPqkzaPRgxvlXxOMQrJiYatYx2978pWGCgP3jnaLfBVWDlIR9n5iE /+Dhj3tNVx6sbhF5x9jM5QC93CZdTzvXlaKUHiF4pqO1jVoPF+Htae4JmxA2pPqWns6r ILpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aNqS0tdpmWJTCh/oP8/eNSxcftb+BbfSrlJxcD76t0U=; b=a4aL3dvs9FsnjLUhOgUdUhmixgXi3Sf/gD4XgXP+jiCAv4WRVWaodzdQCnnauC2Fb1 TDAiVOEt215gqy41IBFbe2XlHUzeNzdv7gNwnX5O7h3MA2QhnTZzLx8k0DYnb/qJ3apo aSkhkxEoZTyf9u/fB9IyXXirPSgex0GP2X4NasB4BQ2bixaEE3B9xw1EC9j+ty77q4JK r56qeeOIgf2ZCOUHWJprvSh20xofCGHg8EMgeNHUGAZlfuzw6XxS/rnD7EWq+Er08FJv QiV2dc+JgGqJQWcrNzUGmR69iCm1o+ZXBAhJ5/CXED9LY6chybXcD9/SPV4oH2e+y0AK 7vcw== X-Gm-Message-State: AGRZ1gL2smyBlXIFKiXhlJFrKUC0EO6qwww2zk5PyiK9WYqO0oeEqipF maekTyKyYl5rf6AClbPLmJZqnXV1HwBGttP2hRg= X-Google-Smtp-Source: AJdET5fcv7Qx5/pHl9zkMXF63JkJCmZtgzwJI9OyKqfLoMb0HnRVF5/XQvqyyDobyxOPy+4UZjn2pRVGdWh5vFmz7dE= X-Received: by 2002:ac8:66c9:: with SMTP id m9-v6mr25326903qtp.349.1541504727922; Tue, 06 Nov 2018 03:45:27 -0800 (PST) MIME-Version: 1.0 References: <1541414516.2523052.1565873248.73FBDB9E@webmail.messagingengine.com> In-Reply-To: <1541414516.2523052.1565873248.73FBDB9E@webmail.messagingengine.com> From: "Stanislav V. Smyshlyaev" Date: Tue, 6 Nov 2018 18:45:16 +0700 Message-ID: To: Alexey Melnikov Cc: crypto-panel@irtf.org Content-Type: multipart/alternative; boundary="000000000000ba3c5b0579fd8923" Archived-At: Subject: Re: [Crypto-panel] Fwd: Review of draft-ietf-lwig-curve-representations-00 by crypto review panel X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2018 11:45:37 -0000 --000000000000ba3c5b0579fd8923 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Dear Alexey, I=E2=80=99ll be happy to do it. Since there are many numbers to check, and since it=E2=80=99s much better t= o be done using independent implementations of elliptics, it will take some time. Will it be OK if I do it until the end of November? Best regards, Stanislav =D0=BF=D0=BD, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 17:42, Alexey= Melnikov : > Hi, > Can one of Crypto Panel members review this document? > > Thank you, > Alexey > > ----- Original message ----- > From: Mohit Sethi M > To: "aamelnikov@fastmail.fm" , Suresh Krishnan < > Suresh@kaloom.com>, Zhen Cao > Subject: Review of draft-ietf-lwig-curve-representations-00 by crypto > review panel > Date: Sun, 4 Nov 2018 08:26:08 +0000 > > Hi Alexey, > > We spoke today about the need for getting more reviews on a LWIG > document titled "Alternative Elliptic Curve Representations": > https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-00 > > The draft describes how to implement Ed25519, Curve25519 and NIST P-256 > with the same underlying implementation. Phillip Hallam-Baker also > recently requested this on the SAAG list: > https://mailarchive.ietf.org/arch/msg/saag/QM80DmA-3iEBxlh_VU5B5wOQnnA. > > It would be great if someone from the crypto review panel could provide > feedback on this draft. The draft is currently hosted in the LWIG > working group and Zhen (in CC) is my co-chair, while Suresh (in CC) is > the responsible area director. > > Rene will also present the draft on Wednesday in LWIG in room Meeting 2 > between 11:20-12:20. > > --Mohit > > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel > --000000000000ba3c5b0579fd8923 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Alexey,

=
I=E2=80=99ll be happy to do it.=C2=A0

Since there are many numbers to check, and = since it=E2=80=99s much better to be done using independent implementations= of elliptics, it will take some time.=C2=A0

Will it be OK if I do it until the end of November?

Best regards,
Stanislav

=D0=BF=D0=BD, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 17:42, Al= exey Melnikov <aamelnikov@fast= mail.fm>:
Hi,
Can one of Crypto Panel members review this document?

Thank you,
Alexey

----- Original message -----
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: "aamel= nikov@fastmail.fm" <aamelnikov@fastmail.fm>, Suresh Krishnan <Suresh@kaloom.com>,= Zhen Cao <z= hencao.ietf@gmail.com>
Subject: Review of draft-ietf-lwig-curve-representations-00 by crypto revie= w panel
Date: Sun, 4 Nov 2018 08:26:08 +0000

Hi Alexey,

We spoke today about the need for getting more reviews on a LWIG
document titled "Alternative Elliptic Curve Representations": https://tools.ietf.org/html/draf= t-ietf-lwig-curve-representations-00

The draft describes how to implement Ed25519, Curve25519 and NIST P-256 with the same underlying implementation. Phillip Hallam-Baker also
recently requested this on the SAAG list:
https://mailarchive.ietf.org/a= rch/msg/saag/QM80DmA-3iEBxlh_VU5B5wOQnnA.

It would be great if someone from the crypto review panel could provide feedback on this draft. The draft is currently hosted in the LWIG
working group and Zhen (in CC) is my co-chair, while Suresh (in CC) is
the responsible area director.

Rene will also present the draft on Wednesday in LWIG in room Meeting 2 between 11:20-12:20.

--Mohit

_______________________________________________
Crypto-panel mailing list
Crypto-panel@irt= f.org
https://www.irtf.org/mailman/listinfo/crypto-panel=
--000000000000ba3c5b0579fd8923-- From nobody Wed Nov 7 21:02:00 2018 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF2B3130F23 for ; Wed, 7 Nov 2018 21:01:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=YF4zltPp; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=x7E6pAaq Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTyz1GQEhUCi for ; Wed, 7 Nov 2018 21:01:50 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D07D4130EBC for ; Wed, 7 Nov 2018 21:01:49 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 1B5BE205B8; Wed, 7 Nov 2018 23:53:28 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute7.internal (MEProxy); Wed, 07 Nov 2018 23:53:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= message-id:from:to:cc:mime-version:content-transfer-encoding :content-type:date:references:in-reply-to:subject; s=fm1; bh=WiY 5ujGuaquvz2jIUwiQzkmasthkeIOBbToUcGeeMuQ=; b=YF4zltPpyc7+ImvE64c 0nyxhHdaK5nDtsBH4KWXa3ifj6RqiRP65VzvIjZuI5nSO8UnjZTdx25KLKDuVZ1T uHnQ6eV9CVcT6aTlmQ0bhIc3cxGun3Zsg8FdolDzik3a90rtFG6ID8xJBhXGbiYy +axUFkT2LCko9zTZ7DN+wmEnQdt+615yxLyJsvj6g5T/3Uro2oVhyZtudD1+/Yez Q6bBh/b8Y2kcmj8aQsVPmkfCbfUdXIVLf5HxXb9pGesq1QGQp34KmmTUAdjxRt/F lZZj9SJvGbPeJz+Wp9VdP/U4V8HILQD1tRorhoQEQmYDuIiHx89Mx+eCIbf1bdPH 1eQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=WiY5ujGuaquvz2jIUwiQzkmasthkeIOBbToUcGeeM uQ=; b=x7E6pAaq4B0jRMjWdBMyZZvSgNS4hkLFj+iHV5Zm8lu+ec3fkmNu9Q2NM WgXfVNGwMboWHVZ8rSTcM8tYBT9oZCl71hSKuuI8gXaf7CqVjC8Hg7pgG1s1sCxn NBYTsn/q66OjXJuOCLlRmDMcEtNlXbnQvqrZTDMOy2Lq5tFtrWJEaziLTvckumZO VjNcH6s4fakiYJ/fEX+vKiui92nmV9RaIyUzGeKP4rnbUgJxcDnhAD6mX8J2vKeE Ch+skFoyfKkIMSoXM3ipltQ0OlmKTuMpquiKsvIQqCzrXyIVhhTpFpyHtUK+nHw3 y7zFeJZcCMDyYuENY/JaEe/cQI63w== X-ME-Sender: X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 99) id AB64A4173; Wed, 7 Nov 2018 23:53:27 -0500 (EST) Message-Id: <1541652807.3633750.1569631704.6A8B74ED@webmail.messagingengine.com> From: Alexey Melnikov To: "Stanislav V. Smyshlyaev" Cc: crypto-panel@irtf.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary="_----------=_154165280736337500" X-Mailer: MessagingEngine.com Webmail Interface - ajax-c0552f07 Date: Thu, 08 Nov 2018 04:53:27 +0000 References: <1541414516.2523052.1565873248.73FBDB9E@webmail.messagingengine.com> In-Reply-To: Archived-At: Subject: Re: [Crypto-panel] Fwd: Review of draft-ietf-lwig-curve-representations-00 by crypto review panel X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Nov 2018 05:01:57 -0000 This is a multi-part message in MIME format. --_----------=_154165280736337500 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On Tue, Nov 6, 2018, at 11:45 AM, Stanislav V. Smyshlyaev wrote: > Dear Alexey, >=20 > I=E2=80=99ll be happy to do it.=20 >=20 > Since there are many numbers to check, and since it=E2=80=99s much better= to > be done using independent implementations of elliptics, it will take > some time.>=20 > Will it be OK if I do it until the end of November? Thank you. I am sure this will not be a problem! >=20 > Best regards, > Stanislav >=20 > =D0=BF=D0=BD, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 17:42, Alex= ey Melnikov :>> Hi, >> Can one of Crypto Panel members review this document? >>=20 >> Thank you, >> Alexey >>=20 >> ----- Original message ----- >> From: Mohit Sethi M >> To: "aamelnikov@fastmail.fm" , Suresh >> Krishnan , Zhen Cao >> Subj= ect: Review of draft-ietf-lwig-curve-representations-00 by >> crypto review panel>> Date: Sun, 4 Nov 2018 08:26:08 +0000 >>=20 >> Hi Alexey, >>=20 >> We spoke today about the need for getting more reviews on a LWIG=20 >> document titled "Alternative Elliptic Curve Representations":=20 >> https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-00>>=20 >> The draft describes how to implement Ed25519, Curve25519 and >> NIST P-256>> with the same underlying implementation. Phillip Hallam-B= aker also>> recently requested this on the SAAG list:=20 >> https://mailarchive.ietf.org/arch/msg/saag/QM80DmA-3iEBxlh_VU5B5wOQnnA.>= >=20 >> It would be great if someone from the crypto review panel could >> provide>> feedback on this draft. The draft is currently hosted in the= LWIG=20 >> working group and Zhen (in CC) is my co-chair, while Suresh (in >> CC) is>> the responsible area director. >>=20 >> Rene will also present the draft on Wednesday in LWIG in room >> Meeting 2>> between 11:20-12:20. >>=20 >> --Mohit >>=20 >> _______________________________________________ >> Crypto-panel mailing list >> Crypto-panel@irtf.org >> https://www.irtf.org/mailman/listinfo/crypto-panel --_----------=_154165280736337500 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"
On Tue, Nov 6, 2018, at 11:45 AM, Stanislav V. Smyshlyaev wrote:=
Dear Alexey,

I=E2=80=99ll be happy to do it. 

Since there are many numbers to check, and since it=E2=80=99s much bet= ter to be done using independent implementations of elliptics, it will take= some time. 

Will it be OK if I do it until the end of November?
Thank you. I am sure this will not be a problem!


Best regards,
Stanislav

=D0=BF=D0=BD, 5 =D0=BD= =D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 17:42, Alexey Melnikov <aamelnikov@fastmail.fm>:
Hi,
Can one of Crypto Panel members review this document?

Thank you,
Alexey

----- Original message -----
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
Subject: Review of draft-ietf-lwig-curve-representations-00 by crypto= review panel
Date: Sun, 4 Nov 2018 08:26:08 +0000

Hi Alexey,

We spoke today about the need for getting more reviews on a LWIG
=
document titled "Alternative Elliptic Curve Representations":

The draft describes how to implement Ed25519, Curve25519 and NIST P-2= 56
with the same underlying implementation. Phillip Hallam-Baker also
recently requested this on the SAAG list:

It would be great if someone from the crypto review panel could provi= de
feedback on this draft. The draft is currently hosted in the LWIG
working group and Zhen (in CC) is my co-chair, while Suresh (in CC) i= s
the responsible area director.

Rene will also present the draft on Wednesday in LWIG in room Meeting= 2
between 11:20-12:20.

--Mohit

_______________________________________________
Crypto-panel mailing list

--_----------=_154165280736337500-- From nobody Mon Nov 26 03:46:52 2018 Return-Path: X-Original-To: crypto-panel@ietfa.amsl.com Delivered-To: crypto-panel@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEADF124BAA for ; Mon, 26 Nov 2018 03:46:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XzcF8fOSKe_s for ; Mon, 26 Nov 2018 03:46:45 -0800 (PST) Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 696A8128A6E for ; Mon, 26 Nov 2018 03:46:45 -0800 (PST) Received: by mail-qt1-x82d.google.com with SMTP id r14so17111158qtp.1 for ; Mon, 26 Nov 2018 03:46:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=x5LXCWAqG32k2XQ5sF+tnZ/uA5X5waA4SAWJNnAvgmw=; b=R9LONV6O/Mc5jPWNx2zJPVWJJLssXN1SS4luCEalkrGhivFbTRpsT0dKRRmRUKr8d2 aD7wvMORA2xd2Fmf/JUNRDdcI+5DoGSM1EQXcGX0kB3ku6hwCoj6oqLjNf4W3+88Bna1 KUXg4gahnBNHYX49JAd3Bnt3lNl00MfjC8LHIfmGvZ/NKebPUgWJJtsepk0sWDVOnZ9P KT+WCwdex2JdobdIiiDfbnQTgde7vmOtX3QhA4EnHh38HFNm+0yyr8htvR7cv2juMUTg aLHqaWVmKh7/O153NuRDxrpLM8wLmRPGYO1fgDG4f0ZyGcmj9byQVOHfv7Ar7DiuA8DG o5nA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x5LXCWAqG32k2XQ5sF+tnZ/uA5X5waA4SAWJNnAvgmw=; b=L2zWFLNZpGPGk/M8QgjCObIhspQKOdcZx6og1a9ikQzZGhrh9OPtsifr9XNmhCiNa4 DOIp9gj/q3pycG6hnQuXC0B+MCv5FGeLc9o8hmQLWXsw2U0t1bX8RbBZGqqi5nWImd+V W8+a9RbAklMLnK87l/5+p0lIUcuoJFrrd0ie++y+skVvWCHQAw7gq9BC+yCQCrkAwDe/ z9g1X8U3+OSaacwUgueFCPepUBWKXFzcf0apFwnvjXYCfYNfF04xJHHWV5HXx+DdRK+R 7CgHDXoqq51aYK/86n5wrgSNKyfIGS4/B3Gh7lrwiRdPzE2CS6PuC59cF5xBkIvCjSn3 WuYQ== X-Gm-Message-State: AA+aEWYT8614UoF34hyg6FcECR82VjqeTH5XqiFC86OAXlnaH5qYYUdC 2X6Au2wVI0Bd5YJiJiu4/B4zlnd6Z3F7wWnlIoPi8JDl X-Google-Smtp-Source: AFSGD/WeqfsbY/3TeFrSs1UGIr7m1SYvgDMz3LUBBvXR0kunLnzRTUZG5w1SDL6W76r4p44RoVkov9U0D/N212sjIS8= X-Received: by 2002:ad4:510f:: with SMTP id g15mr25909972qvp.46.1543232804251; Mon, 26 Nov 2018 03:46:44 -0800 (PST) MIME-Version: 1.0 References: <1541414516.2523052.1565873248.73FBDB9E@webmail.messagingengine.com> <1541652807.3633750.1569631704.6A8B74ED@webmail.messagingengine.com> In-Reply-To: <1541652807.3633750.1569631704.6A8B74ED@webmail.messagingengine.com> From: "Stanislav V. Smyshlyaev" Date: Mon, 26 Nov 2018 14:47:18 +0300 Message-ID: To: crypto-panel@irtf.org Cc: Alexey Melnikov , Alexey Melnikov , "Paterson, Kenny" Content-Type: multipart/alternative; boundary="0000000000001a6d68057b8fe3ac" Archived-At: Subject: Re: [Crypto-panel] Fwd: Review of draft-ietf-lwig-curve-representations-00 by crypto review panel X-BeenThere: crypto-panel@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2018 11:46:50 -0000 --0000000000001a6d68057b8fe3ac Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Good afternoon, Please find below the review of the document. Of course, I'll be happy to discuss all questions raised in the review directly via e-mail: smyshsv@gmail.com Document: draft-ietf-lwig-curve-representations-00 Reviewer: Stanislav Smyshlyaev Review Date: 2018-11-26 Summary: Revision needed The document =E2=80=9CAlternative Elliptic Curve Representations=E2=80=9D c= ontains procedures and formulae of representing Montgomery curves and (twisted) Edwards curves in short Weierstrass form. The reviewer believes that the document is very helpful and can be used by developers implementing ECC operations in real-world applications. The reviewer has verified all decimal numbers (and hexadecimal numbers, where they are provided in the draft) and does not have any concerns besides the following ones. Since some of the concerns seem to be important enough for the overall document, the reviewer recommends to send an updated version of the draft to Crypto Review Panel for a new review. The review was made for draft-ietf-lwig-curve-representations-00. During the review process an updated version draft-ietf-lwig-curve-representations-01 was published =E2=80=93 some comme= nts about the -01 version can be found in the end of the current review. Comments: 1) Section C.2: The mapping from Weierstrass curves to Montgomery curves is not defined in the current version. The mapping from Weierstrass to Montgomery cannot usually be described as shortly as others, but maybe it could still be useful here. For example, the root of x^3+ax+b in Fp could be provided explicitly. 2) It would be better to stress in Appendix C.1 that formulae provided there do not allow to get parameter a of the twisted Edwards curve equal to 1 or -1. In Appendix D.2 additional constant c is used that helps to obtain the curve with a equal to -1 (this fact by the way implies that the phrase =E2=80=9CHere, we used the mapping of Appendix C.1=E2=80=9D is inaccurate). 2a) Section D.2: The formulae (u,v) -> (c*u/v, (u-1)/(u+1)) lead to an error. It is not clear why it is needed to multiply by the constant c. 2b) Section D.3: The Montgomery curve Curve25519 doesn=E2=80=99t correspond= to Twisted Edwards curve Edwards25519 because of (A+2)/B =3D (486662+2)/1 !=3D= -1. 2c) If one uses the formula from C.1 for Montgomery to Edwards mapping (a:=3D(A+2)/B and d:=3D(A-2)/B), she obtains that d for Edwards25519 is equ= al to 486660 but not the value of d which is provided in D.3. 3) Section E.1: The isomorphic mapping between W_{a,b} and W_{a',b'} should be defined as a=E2=80=99:=3Da*s^4 and b=E2=80=99:=3Db*s^6, instead of a:=3D= a'*s^4 and b:=3Db'*s^6. Otherwise the mapping is defined incorrectly and the test vectors from F.3 are incorrect. 4) It seems that the formula for lambda in case Q:=3D2P for Montgomery curv= e is wrong. According to http://hyperelliptic.org/EFD/g1p/auto-montgom.html and to https://eprint.iacr.org/2017/212.pdf (page 4) it should be: lambda = =3D (3*x1^2 + 2*A*x1 + 1)/(2*B*y1). So you need to add =E2=80=9CB=E2=80=9D as a= factor in the denominator. 5) in Appendix D.2 it would be better to stress explicitly that we work with projective coordinates, otherwise the formulae do not have to be correct. Editorial comments: a) It seems that the text will be easier to read if the formulae for group law are provided in the following form (for example, for Weierstrass): x =3D lambda^2 =E2=80=93 x1 =E2=80=93 x2 y =3D lambda * ... (at a new line, but with =E2=80=9Cand=E2=80=9D) lambda =3D ... (again at a new line) b) In reviewer=E2=80=99s opinion, the text will be easier to read if differ= ent symbols for coordinates of different forms of a curve are used. For example, (x,y) for Weierstrass, (X,Y) for Montgomery and (u,v) for Edwards. And it would be better to use the same symbols in different parts of the document (now (u,v) is used for Montgomery in A.2 and (x,y) for Montgomery in B.2). c) The term =E2=80=9Cshort Weierstrass form=E2=80=9D is widely used in publ= ications as is. The draft, however, has two variants of it =E2=80=93 =E2=80=9Cshort=E2=80= =9D Weierstrass form and short-Weierstrass form. It seems that one (commonly used) variant would be better to use. d) The reviewer recommends to use only =E2=80=9CGF(p)=E2=80=9D everywhere i= n document instead of =E2=80=9CGF(q)=E2=80=9D together with =E2=80=9CGF(p)=E2=80=9D. F= or example, now in C.1 =E2=80=93 GF(q) and GF(p) in D.1. Additional clarifications might be useful: Also the reviewer believes that it will be useful to write additional clarifications in D.2 on =E2=80=9Ccan be implemented via integer-only arith= metic as a shift of (p+A)/3 for the isomorphic mapping and a shift of -(p+A)/3 for its inverse=E2=80=9D regarding the need of using the mod operation for transformation. ###### draft-ietf-lwig-curve-representations-01: The concerns 1, 2, 2a, 2b, 2c, 4 and 5 for 00 version are still valid for version -01. The concern 3 has been addressed. Additional question for draft-ietf-lwig-curve-representations-01: appendices C.1 and C.2 contain information about properties that help to recover y-coordinates of a multiple point if one uses Montgomery ladder. This information may not be needed in the draft, since the ladder itself is not described there. Best regards, Stanislav Smyshlyaev =D1=87=D1=82, 8 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 07:53, Alexey= Melnikov : > On Tue, Nov 6, 2018, at 11:45 AM, Stanislav V. Smyshlyaev wrote: > > Dear Alexey, > > I=E2=80=99ll be happy to do it. > > Since there are many numbers to check, and since it=E2=80=99s much better= to be > done using independent implementations of elliptics, it will take some > time. > > Will it be OK if I do it until the end of November? > > Thank you. I am sure this will not be a problem! > > > Best regards, > Stanislav > > =D0=BF=D0=BD, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 17:42, Alex= ey Melnikov : > > Hi, > Can one of Crypto Panel members review this document? > > Thank you, > Alexey > > ----- Original message ----- > From: Mohit Sethi M > To: "aamelnikov@fastmail.fm" , Suresh Krishnan < > Suresh@kaloom.com>, Zhen Cao > Subject: Review of draft-ietf-lwig-curve-representations-00 by crypto > review panel > Date: Sun, 4 Nov 2018 08:26:08 +0000 > > Hi Alexey, > > We spoke today about the need for getting more reviews on a LWIG > document titled "Alternative Elliptic Curve Representations": > https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-00 > > The draft describes how to implement Ed25519, Curve25519 and NIST P-256 > with the same underlying implementation. Phillip Hallam-Baker also > recently requested this on the SAAG list: > https://mailarchive.ietf.org/arch/msg/saag/QM80DmA-3iEBxlh_VU5B5wOQnnA. > > It would be great if someone from the crypto review panel could provide > feedback on this draft. The draft is currently hosted in the LWIG > working group and Zhen (in CC) is my co-chair, while Suresh (in CC) is > the responsible area director. > > Rene will also present the draft on Wednesday in LWIG in room Meeting 2 > between 11:20-12:20. > > --Mohit > > _______________________________________________ > Crypto-panel mailing list > Crypto-panel@irtf.org > https://www.irtf.org/mailman/listinfo/crypto-panel > > > --0000000000001a6d68057b8fe3ac Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Good afternoon,

=
Please find below the review of the document.

Of course, I'll be happy to discuss all questions raised in the review= directly via e-mail:=C2=A0smyshsv@gmail.com=C2=A0
=C2=A0

Document: draft-ietf-lwig-curve-representations-00
Reviewer= : Stanislav Smyshlyaev
Review Date: 2018-11-26
Summary:= Revision needed

The document =E2=80=9CAlternative= Elliptic Curve Representations=E2=80=9D contains procedures and formulae o= f representing Montgomery curves and (twisted) Edwards curves in short Weie= rstrass form.
The reviewer believes that the document is very hel= pful and can be used by developers implementing ECC operations in real-worl= d applications.=C2=A0
The reviewer has verified all decimal numbe= rs (and hexadecimal numbers, where they are provided in the draft) and does= not have any concerns besides the following ones.

Since some of the concerns seem to be important enough for the overall doc= ument, the reviewer recommends to send an updated version of the draft to C= rypto Review Panel for a new review.

The review wa= s made for draft-ietf-lwig-curve-representations-00. During the review proc= ess an updated version draft-ietf-lwig-curve-representations-01 was publish= ed =E2=80=93 some comments about the -01 version can be found in the end of= the current review.

Comments:
1) Sectio= n C.2: The mapping from Weierstrass curves to Montgomery curves is not defi= ned in the current version. The mapping from Weierstrass to Montgomery cann= ot usually be described as shortly as others, but maybe it could still be u= seful here. For example, the root of x^3+ax+b in Fp could be provided expli= citly.
2) It would be better to stress in Appendix C.1 that formu= lae provided there do not allow to get parameter a of the twisted Edwards c= urve equal to 1 or -1. In Appendix D.2 additional constant c is used that h= elps to obtain the curve with a equal to -1 (this fact by the way implies t= hat the phrase =E2=80=9CHere, we used the mapping of Appendix C.1=E2=80=9D = is inaccurate).
2a) Section D.2: The formulae (u,v) -> (c*u/v,= (u-1)/(u+1)) lead to an error. It is not clear why it is needed to multipl= y by the constant c.
2b) Section D.3: The Montgomery curve Curve2= 5519 doesn=E2=80=99t correspond to Twisted Edwards curve Edwards25519 becau= se of (A+2)/B =3D (486662+2)/1 !=3D -1.
2c) If one uses the formu= la from C.1 for Montgomery to Edwards mapping (a:=3D(A+2)/B and d:=3D(A-2)/= B), she obtains that d for Edwards25519 is equal to 486660 but not the valu= e of d which is provided in D.3.
3) Section E.1: The isomorphic m= apping between W_{a,b} and W_{a',b'} should be defined as a=E2=80= =99:=3Da*s^4 and b=E2=80=99:=3Db*s^6, instead of a:=3Da'*s^4 and b:=3Db= '*s^6. Otherwise the mapping is defined incorrectly and the test vector= s from F.3 are incorrect.
4) It seems that the formula for lambda= in case Q:=3D2P for Montgomery curve is wrong. According to http://h= yperelliptic.org/EFD/g1p/auto-montgom.html and to https://eprint.iacr.org/2017/= 212.pdf (page 4) it should be: lambda =3D (3*x1^2 + 2*A*x1 + 1)/(2*B*y1= ). So you need to add =E2=80=9CB=E2=80=9D as a factor in the denominator.
5) in Appendix D.2 it would be better to stress explicitly that we= work with projective coordinates, otherwise the formulae do not have to be= correct.

Editorial comments:
a) It seem= s that the text will be easier to read if the formulae for group law are pr= ovided in the following form (for example, for Weierstrass):
=C2= =A0 =C2=A0x =3D lambda^2 =E2=80=93 x1 =E2=80=93 x2
=C2=A0 =C2=A0y= =3D lambda * ... (at a new line, but with =E2=80=9Cand=E2=80=9D)
=C2=A0 =C2=A0lambda =3D ... (again at a new line)
b) In reviewer= =E2=80=99s opinion, the text will be easier to read if different symbols fo= r coordinates of different forms of a curve are used. For example, (x,y) fo= r Weierstrass, (X,Y) for Montgomery and (u,v) for Edwards. And it would be = better to use the same symbols in different parts of the document (now (u,v= ) is used for Montgomery in A.2 and (x,y) for Montgomery in B.2).
c) The term =E2=80=9Cshort Weierstrass form=E2=80=9D is widely used in pub= lications as is. The draft, however, has two variants of it =E2=80=93 =E2= =80=9Cshort=E2=80=9D Weierstrass form and short-Weierstrass form. It seems = that one (commonly used) variant would be better to use.
d) The r= eviewer recommends to use only =E2=80=9CGF(p)=E2=80=9D everywhere in docume= nt instead of =E2=80=9CGF(q)=E2=80=9D together with =E2=80=9CGF(p)=E2=80=9D= . For example, now in C.1 =E2=80=93 GF(q) and GF(p) in D.1.

<= /div>
Additional clarifications might be useful:=C2=A0
Also t= he reviewer believes that it will be useful to write additional clarificati= ons in D.2 on =E2=80=9Ccan be implemented via integer-only arithmetic as a = shift of (p+A)/3 for the isomorphic mapping and a shift of -(p+A)/3 for its= inverse=E2=80=9D regarding the need of using the mod operation for transfo= rmation.=C2=A0

###### draft-ietf-lwig-curve-repres= entations-01:

The concerns 1, 2, 2a, 2b, 2c, 4 and= 5 for 00 version are still valid for version -01. The concern 3 has been a= ddressed.
Additional question for draft-ietf-lwig-curve-represent= ations-01: appendices C.1 and C.2 contain information about properties that= help to recover y-coordinates of a multiple point if one uses Montgomery l= adder. This information may not be needed in the draft, since the ladder it= self is not described there.





Best regards,
Stanislav Sm= yshlyaev


=D1=87=D1=82, 8 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3. =D0=B2 07:53, Alex= ey Melnikov <aamelnikov@fastmail.fm>:
On Tue, Nov 6, 2018, at 11:45 AM, Stanislav V. Smyshlyaev wrote:<= br>
Dear Alexey,

I=E2=80=99ll be happy to do it.=C2=A0

Since there are many numbers to check, and since it=E2=80=99s much bet= ter to be done using independent implementations of elliptics, it will take= some time.=C2=A0

Will it be OK if I do it until the end of November?
Thank you. I am sure this will not be a problem!


Best regards,
Stanislav

=D0=BF=D0=BD, 5 =D0=BD=D0=BE=D1=8F=D0=B1. 2018 =D0=B3= . =D0=B2 17:42, Alexey Melnikov <aamelnikov@fastmail.fm>:
Hi,
Can one of Crypto Panel members review this document?

Thank you,
Alexey

----- Original message -----
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
Subject: Review of draft-ietf-lwig-curve-representations-00 by crypto= review panel
Date: Sun, 4 Nov 2018 08:26:08 +0000

Hi Alexey,

We spoke today about the need for getting more reviews on a LWIG
=
document titled "Alternative Elliptic Curve Representations"= ;:

The draft describes how to implement Ed25519, Curve25519 and NIST P-2= 56
with the same underlying implementation. Phillip Hallam-Baker also
recently requested this on the SAAG list:

It would be great if someone from the crypto review panel could provi= de
feedback on this draft. The draft is currently hosted in the LWIG
working group and Zhen (in CC) is my co-chair, while Suresh (in CC) i= s
the responsible area director.

Rene will also present the draft on Wednesday in LWIG in room Meeting= 2
between 11:20-12:20.

--Mohit

_______________________________________________
Crypto-panel mailing list

--0000000000001a6d68057b8fe3ac--