Hi, Apologies for cross-posting LWIG and COSE. I had a brief look at draft-ietf-lwig-curve-representations-13 and noticed it registers a lot of new COSE (and JOSE, PKIX, and CMS) algorithms. Has this draft been discussed in COSE (JOSE/CURDLE)? If not, perhaps it should be before being progressed?
* The draft needs to manage the overlap with NIST SP 800-186, which should be referenced and mappings, name of curves, etc. aligned. The draft defines Wei25519 and Wei448. It is unclear if these are identical to W-25519, W-448 as defined in NIST SP 800-186. We probably would not want two slightly different definitions and/or names, multiple COSE code points, etc. * The draft registers the COSE algorithm "ECDSA25519" as "ECDSA with SHA-256 and curve Wei25519". That is not how the other COSE signature algorithms work. They work like PKIX where the curve is given by the public key. Also, why cannot W-25519 be used with the existing ES256 signature algorithm? * The draft registers the COSE algorithm "ECDH25519". There are no COSE ECDH algorithms for P-256, why is an ECDH algorithm for W-25519 be needed? Other questions. I may have missed it, but * is it described what are the expected security properties of ECDSA25519 (including mapping) compared to Ed25519? For example w.r.t. side channel attacks? * has any performance measurements been made comparing ECDSA25519 (including mapping) and Ed25519? * similar questions on security and performance with Wei25519.-3 instead of Wei25519. If I understand right, the former mapping is not reversible, but could benefit from optimized code with hardcoded domain parameters. * ANSI X9.62-2005 was withdrawn in 2015 and is behind a paywall, is this reference necessary? Göran
_______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
