Re: [Cfrg] RFC 8032: Question on Side-Channel Leaks

Jerry Zhu <jezhu@nvidia.com> Thu, 20 July 2017 08:34 UTC

Return-Path: <jezhu@nvidia.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C208131B09 for <cfrg@ietfa.amsl.com>; Thu, 20 Jul 2017 01:34:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yt2zS_bEzmSf for <cfrg@ietfa.amsl.com>; Thu, 20 Jul 2017 01:34:15 -0700 (PDT)
Received: from nat-hk.nvidia.com (nat-hk.nvidia.com [203.18.50.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FA4213157A for <cfrg@irtf.org>; Thu, 20 Jul 2017 01:34:15 -0700 (PDT)
Received: from hkpgpgate101.nvidia.com (Not Verified[10.18.92.9]) by nat-hk.nvidia.com id <B59706b020000>; Thu, 20 Jul 2017 16:34:10 +0800
Received: from HKMAIL101.nvidia.com ([10.18.16.10]) by hkpgpgate101.nvidia.com (PGP Universal service); Thu, 20 Jul 2017 01:34:13 -0700
X-PGP-Universal: processed; by hkpgpgate101.nvidia.com on Thu, 20 Jul 2017 01:34:13 -0700
Received: from HKMAIL103.nvidia.com (10.18.16.12) by HKMAIL101.nvidia.com (10.18.16.10) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 20 Jul 2017 08:34:11 +0000
Received: from HKMAIL103.nvidia.com ([fe80::f5ae:f43f:ff37:8c85]) by HKMAIL103.nvidia.com ([fe80::f5ae:f43f:ff37:8c85%19]) with mapi id 15.00.1263.000; Thu, 20 Jul 2017 08:34:11 +0000
From: Jerry Zhu <jezhu@nvidia.com>
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] RFC 8032: Question on Side-Channel Leaks
Thread-Index: AdMAahSpyutm7k8jSgmJRdRK3qusBgADApWAACrHtzAAA4OgAAAA9BDg
Date: Thu, 20 Jul 2017 08:34:11 +0000
Message-ID: <b3b7e6ee153f4ece822e17140a36878d@HKMAIL103.nvidia.com>
References: <6fa65bd5e4ce454ba871ddec56a87d9c@HKMAIL103.nvidia.com> <20170719100225.wwaazm7f3mxz3aca@LK-Perkele-VII> <ef5c39e7ac904c0f806eb2a3be1f0384@HKMAIL103.nvidia.com> <20170720080758.hp6mps4q5u2m54e7@LK-Perkele-VII>
In-Reply-To: <20170720080758.hp6mps4q5u2m54e7@LK-Perkele-VII>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.18.19.222]
MIME-Version: 1.0
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/03AYe9CtFAve0DPBEcdY18wYcWc>
Subject: Re: [Cfrg] RFC 8032: Question on Side-Channel Leaks
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 08:34:17 -0000

Learned new knowledge. Thank you. 

Thanks
-Jerry Zhu (Ext. 41218)

-----Original Message-----
From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] 
Sent: Thursday, July 20, 2017 4:08 PM
To: Jerry Zhu <jezhu@nvidia.com>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] RFC 8032: Question on Side-Channel Leaks

On Thu, Jul 20, 2017 at 06:28:16AM +0000, Jerry Zhu wrote:
> Hi Ilari,
> 
> Appreciate your response and sample implementation. 
> Isn't there repudiation risk if k is leaked to adversary?

k is computable from context[1], message, signature and the public key. And in fact, k is reconstructed in signature verification.


[1] Contexts turn out to be pretty much useless except for generating time-wasting discussion...


-Ilari

-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------