Re: [Cfrg] Adoption of threshold drafts by RG
Chelsea Komlo <ckomlo@uwaterloo.ca> Tue, 22 September 2020 04:39 UTC
Return-Path: <ckomlo@uwaterloo.ca>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB5743A12EB for <cfrg@ietfa.amsl.com>; Mon, 21 Sep 2020 21:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.818
X-Spam-Level:
X-Spam-Status: No, score=-2.818 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uwaterloo.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ObONWEWGuccg for <cfrg@ietfa.amsl.com>; Mon, 21 Sep 2020 21:39:43 -0700 (PDT)
Received: from phage7.uwaterloo.ca (phage7.uwaterloo.ca [129.97.128.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD5BF3A11E0 for <cfrg@irtf.org>; Mon, 21 Sep 2020 21:39:42 -0700 (PDT)
Received: from pps.filterd (phage7.uwaterloo.ca [127.0.0.1]) by phage7.uwaterloo.ca (8.16.0.42/8.16.0.42) with SMTP id 08M4c28c011002; Tue, 22 Sep 2020 00:39:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwaterloo.ca; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=default; bh=6t0wmDnjJHzkxyseV3cM8S5y0AaEtl63kBhWRZfIqMI=; b=GiS1+LMlY0RHySUfhgM0GvuQyoIaYEvdoriqMgaPzj+SDCMcuC7h/OXHxObdDtSda07x dmpnVGmRhD0Rzf+eUdsZiaaTqg52EpT4Jyx209Ucg6YYxRaQ2UMTm5YLbsEU0+RT1h7a Ewr+ZSf3XbGo5JjZZ04RgMTiJy0BfO7Xxo8=
Received: from connhm01.connect.uwaterloo.ca (connhm01.connect.uwaterloo.ca [172.16.137.65]) by phage7.uwaterloo.ca with ESMTP id 33neygskkr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Tue, 22 Sep 2020 00:39:38 -0400
Received: from connhm02.connect.uwaterloo.ca (172.16.137.66) by connhm01.connect.uwaterloo.ca (172.16.137.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2044.4; Tue, 22 Sep 2020 00:39:37 -0400
Received: from connhm02.connect.uwaterloo.ca ([fe80::c509:52cf:5893:c3fa]) by connhm02.connect.uwaterloo.ca ([fe80::c509:52cf:5893:c3fa%18]) with mapi id 15.01.2044.004; Tue, 22 Sep 2020 00:39:37 -0400
From: Chelsea Komlo <ckomlo@uwaterloo.ca>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Watson Ladd <watsonbladd@gmail.com>
CC: IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Adoption of threshold drafts by RG
Thread-Index: AQHWkDO8jAIE8QI0b0+nx8IzpD1x2alz+L8AgABPpYD//8gftw==
Date: Tue, 22 Sep 2020 04:39:37 +0000
Message-ID: <a7ff6f80e5c54ac6960d2b6fc383086c@uwaterloo.ca>
References: <CAMm+Lwj8z0i56G7iTh-z7fZM5z5=B7-x63rVJjuWT7mC1x6x3w@mail.gmail.com> <CACsn0c=9SwWsJ=D_gAStP+gnbfmZkTEokESa0wunpBxaJPvn3g@mail.gmail.com>, <CAMm+LwhYouVZtEGa54WgZ=VN_fpM+1XX8N5+o_yE2JZkiigzaQ@mail.gmail.com>
In-Reply-To: <CAMm+LwhYouVZtEGa54WgZ=VN_fpM+1XX8N5+o_yE2JZkiigzaQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [69.144.4.56]
Content-Type: multipart/alternative; boundary="_000_a7ff6f80e5c54ac6960d2b6fc383086cuwaterlooca_"
MIME-Version: 1.0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 impostorscore=0 phishscore=0 priorityscore=1501 mlxscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 suspectscore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009220038
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4QuRQmKwXZgmwtee4TrsJ_tDgDc>
Subject: Re: [Cfrg] Adoption of threshold drafts by RG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 04:39:45 -0000
Hi Phillip, We spoke before the last draft of FROST was published in July [1]. Since then, our work has undergone peer review and has been accepted. While we will be making minor changes to [1] based on comments from reviewers and implementors that are interested in using FROST, the core contributions of the scheme are stable. Chelsea [1] https://eprint.iacr.org/2020/852 ________________________________ From: Cfrg <cfrg-bounces@irtf.org> on behalf of Phillip Hallam-Baker <phill@hallambaker.com> Sent: Monday, September 21, 2020 3:45:53 PM To: Watson Ladd Cc: IRTF CFRG Subject: Re: [Cfrg] Adoption of threshold drafts by RG On Mon, Sep 21, 2020 at 7:01 PM Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>> wrote: On Mon, Sep 21, 2020 at 12:25 PM Phillip Hallam-Baker <phill@hallambaker.com<mailto:phill@hallambaker.com>> wrote: > > Could the chairs please start the discussion of adoption of my threshold crypto drafts as was promised six months ago and on numerous occasions since? > > https://tools.ietf.org/id/draft-hallambaker-threshold-sigs-04.html#draft-hallambaker-threshold > https://tools.ietf.org/id/draft-hallambaker-threshold-sigs-04.html My understanding is NIST is carrying out a standardization activity https://csrc.nist.gov/projects/threshold-cryptography . While that's by no means a barrier to our adoption, I think alignment with the results of that activity are valuable. I am aware of that work and provided feedback on their draft report. I would note the schemes described are insecure in the presence of concurrency, as well. https://eprint.iacr.org/2018/417.pdf explains some of the issues well, and it's really quite subtle and difficult. The design of FROST https://eprint.iacr.org/2020/852.pdf solves these issues, and I don't see any discussion in the draft of them. Where do you see concurrency in the nested signature approach? The issue is elided by enforcing a sequential order on the operations. I have reviewed FROST. However the authors keep telling me they are not yet ready to have it considered so I am not. >From a practical point of view, the most common use I have found for threshold signatures has t=2 with an application level share holder calling an HSM (which may be local or remote) to perform a part of the signature and then completing the process.
- [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Watson Ladd
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Chelsea Komlo
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Ian Goldberg
- Re: [Cfrg] Adoption of threshold drafts by RG Chelsea Komlo
- Re: [Cfrg] Adoption of threshold drafts by RG Jeff Burdges
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Jeff Burdges
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Ian Goldberg