Re: [Cfrg] RFC 8032: Question on Side-Channel Leaks
Jerry Zhu <jezhu@nvidia.com> Thu, 20 July 2017 08:34 UTC
Return-Path: <jezhu@nvidia.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C208131B09 for <cfrg@ietfa.amsl.com>; Thu, 20 Jul 2017 01:34:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yt2zS_bEzmSf for <cfrg@ietfa.amsl.com>; Thu, 20 Jul 2017 01:34:15 -0700 (PDT)
Received: from nat-hk.nvidia.com (nat-hk.nvidia.com [203.18.50.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FA4213157A for <cfrg@irtf.org>; Thu, 20 Jul 2017 01:34:15 -0700 (PDT)
Received: from hkpgpgate101.nvidia.com (Not Verified[10.18.92.9]) by nat-hk.nvidia.com id <B59706b020000>; Thu, 20 Jul 2017 16:34:10 +0800
Received: from HKMAIL101.nvidia.com ([10.18.16.10]) by hkpgpgate101.nvidia.com (PGP Universal service); Thu, 20 Jul 2017 01:34:13 -0700
X-PGP-Universal: processed; by hkpgpgate101.nvidia.com on Thu, 20 Jul 2017 01:34:13 -0700
Received: from HKMAIL103.nvidia.com (10.18.16.12) by HKMAIL101.nvidia.com (10.18.16.10) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 20 Jul 2017 08:34:11 +0000
Received: from HKMAIL103.nvidia.com ([fe80::f5ae:f43f:ff37:8c85]) by HKMAIL103.nvidia.com ([fe80::f5ae:f43f:ff37:8c85%19]) with mapi id 15.00.1263.000; Thu, 20 Jul 2017 08:34:11 +0000
From: Jerry Zhu <jezhu@nvidia.com>
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] RFC 8032: Question on Side-Channel Leaks
Thread-Index: AdMAahSpyutm7k8jSgmJRdRK3qusBgADApWAACrHtzAAA4OgAAAA9BDg
Date: Thu, 20 Jul 2017 08:34:11 +0000
Message-ID: <b3b7e6ee153f4ece822e17140a36878d@HKMAIL103.nvidia.com>
References: <6fa65bd5e4ce454ba871ddec56a87d9c@HKMAIL103.nvidia.com> <20170719100225.wwaazm7f3mxz3aca@LK-Perkele-VII> <ef5c39e7ac904c0f806eb2a3be1f0384@HKMAIL103.nvidia.com> <20170720080758.hp6mps4q5u2m54e7@LK-Perkele-VII>
In-Reply-To: <20170720080758.hp6mps4q5u2m54e7@LK-Perkele-VII>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.18.19.222]
MIME-Version: 1.0
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/03AYe9CtFAve0DPBEcdY18wYcWc>
Subject: Re: [Cfrg] RFC 8032: Question on Side-Channel Leaks
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 08:34:17 -0000
Learned new knowledge. Thank you. Thanks -Jerry Zhu (Ext. 41218) -----Original Message----- From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] Sent: Thursday, July 20, 2017 4:08 PM To: Jerry Zhu <jezhu@nvidia.com> Cc: cfrg@irtf.org Subject: Re: [Cfrg] RFC 8032: Question on Side-Channel Leaks On Thu, Jul 20, 2017 at 06:28:16AM +0000, Jerry Zhu wrote: > Hi Ilari, > > Appreciate your response and sample implementation. > Isn't there repudiation risk if k is leaked to adversary? k is computable from context[1], message, signature and the public key. And in fact, k is reconstructed in signature verification. [1] Contexts turn out to be pretty much useless except for generating time-wasting discussion... -Ilari ----------------------------------------------------------------------------------- This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -----------------------------------------------------------------------------------
- [Cfrg] RFC 8032: Question on Side-Channel Leaks Jerry Zhu
- Re: [Cfrg] RFC 8032: Question on Side-Channel Lea… Ilari Liusvaara
- Re: [Cfrg] RFC 8032: Question on Side-Channel Lea… Jerry Zhu
- Re: [Cfrg] RFC 8032: Question on Side-Channel Lea… Ilari Liusvaara
- Re: [Cfrg] RFC 8032: Question on Side-Channel Lea… Jerry Zhu