RE: [pkcs11] Groups - EdDSA Using Additional Key Types uploaded

[Dieter Bong <Dieter.Bong@utimaco.com>]

Hi Darren,

 

Thank you for submitting the 3 draft proposals for support of Edwards curves.

 

Our position is the following:

·         Proposal 1) : re-using existing key types seems difficult, and doesn’t really make sense (except when using the Weierstrass form, which technically works (we implemented it, and it works fine) but is not intuitive for users/application developers).

·         Proposal 2) : is ok, but introduces a completely new scheme, algorithm and key type

·         Proposal 3) : this is our preferred proposal: on the one side, users/application developers will easily get familiar with it as uses the same approach they know from ECDSA/ECDH implementations; on the other side, the new key types allow for Edwards-/Montgomery-specific representation and handling at low-level, and thus avoid squeezing these curves into a corset as proposal 1) would do

 

I’ll be happy to hear/read other people’s opinion as well.

 

Thanks,

Dieter

 

From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Darren Johnson
Sent: Donnerstag, 21. September 2017 22:02
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] Groups - EdDSA Using Additional Key Types uploaded

 

Submitter's message
This submission is one of three proposal submissions. I am uploading three different proposals on how we can include RFC 8032 (Ed25519 and Ed448) and RFC 7748 (Curve25519 and Curve 448) in PKCS #11.

Note that all three proposals are incomplete at many levels, so keep that in minde. The purpose of uploading them is to get feed back on which approach makes the most sense.

Three proposals:
1) A proposal to add an RFC 8032 and RFC 7748 specific section to the existing “2.3 Elliptic Curve”. This proposal re-uses the existing EC key types and provides guidance on how these curves and algorithms can be used.
2) A proposal to adopt the CFRG concept of Octet Key Pairs (RFC 8037). OKP’s are defined as new key types completely separate from the existing “2.3 Elliptic Curve”.
3) A proposal that introduces two new EC key types that are based on the three EC curve representations in use today. The existing “2.3 Elliptic Curve” section is based on X9 which takes for granted that everything is using Weierstrass representation. This proposal defines an EC key type for Edwards Curves (RFC 8032) and an EC key type for Montgomery Curves (RFC 7748)

-- Mr. Darren Johnson

Document Name: EdDSA Using Additional Key Types

---

Description
3) A proposal that introduces two new EC key types that are based on the
three EC curve representations in use today. The existing “2.3 Elliptic
Curve” section is based on X9 which takes for granted that everything is
using Weierstrass representation. This proposal defines an EC key type for
Edwards Curves (RFC 8032) and an EC key type for Montgomery Curves (RFC
7748)
Download Latest Revision
Public Download Link

---

Submitter: Mr. Darren Johnson
Group: OASIS PKCS 11 TC
Folder: Documents
Date submitted: 2017-09-21 13:01:53

 

---

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/