Dear colleagues:
I updated the draft, mostly reconsidering iana-related sections. I may
update once more, depending on what I hear back from expert review.
Small updates:
- added cautionary note re use of signature schemes with message
encoding/decoding scheme (Section 10.2.1 - ECDSA25519/ECDSA448 with COSE);
- added cautionary language to reflect this in security consideration
section;
- added step in in Example 4.1, where shared key (curve point) is
converted to shared secret (octet string). Note: this was already
spelled out in the COSE/JOSE sections, but thought to add this for
clarity/avoiding confusion throughout also in specification of ECDH25519
(Section 4.1);
other:
- added definition of quadratic twist (in curve nomenclature section
Appendix B.1, with cross-reference to Annex A (added one-liner for each
of three curve models);
- added one more sentence re twisted curves being a group only under
certain conditions (triggered by dispelling myths in other standards
groups) (end of Appendix A.3);
- added informative note on how co-factor DH relates to X25519 and X448
(end of Section 4.1, resp. Section 4.4), so that readers better
appreciate differences and similarities;
- tiny word-smything ("i.e.", vs. "e.g." use; "type" vs. "case" language).
{this is all just simple service to community, so that others can
reuse definitions in future without much ado}
Rene
On 2020-12-11 11:14 a.m., [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Light-Weight Implementation Guidance WG of the
IETF.
Title : Alternative Elliptic Curve Representations
Author : Rene Struik
Filename : draft-ietf-lwig-curve-representations-17.txt
Pages : 136
Date : 2020-12-11
Abstract:
This document specifies how to represent Montgomery curves and
(twisted) Edwards curves as curves in short-Weierstrass form and
illustrates how this can be used to carry out elliptic curve
computations using existing implementations of, e.g., ECDSA and ECDH
using NIST prime curves. We also provide extensive background
material that may be useful for implementers of elliptic curve
cryptography.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-lwig-curve-representations-17
https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations-17
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lwig-curve-representations-17
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip
--
email: [email protected] | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip
