Re: [Cfrg] New Version Notification for draft-irtf-cfrg-xmss-hash-based-signatures-03.txt
"A. Huelsing" <ietf@huelsing.net> Wed, 17 February 2016 13:04 UTC
Return-Path: <ietf@huelsing.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1087F1B39DA for <cfrg@ietfa.amsl.com>; Wed, 17 Feb 2016 05:04:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Level:
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7psGbY1fHHk for <cfrg@ietfa.amsl.com>; Wed, 17 Feb 2016 05:04:38 -0800 (PST)
Received: from www363.your-server.de (www363.your-server.de [78.46.179.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E9671B39D4 for <cfrg@irtf.org>; Wed, 17 Feb 2016 05:04:37 -0800 (PST)
Received: from [88.198.220.130] (helo=sslproxy01.your-server.de) by www363.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.85) (envelope-from <ietf@huelsing.net>) id 1aW1mU-000526-RN for cfrg@irtf.org; Wed, 17 Feb 2016 14:04:34 +0100
Received: from [62.194.203.76] (helo=[192.168.0.17]) by sslproxy01.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-SHA:256) (Exim 4.84) (envelope-from <ietf@huelsing.net>) id 1aW1mU-0005DY-ID for cfrg@irtf.org; Wed, 17 Feb 2016 14:04:34 +0100
To: cfrg@irtf.org
References: <56C1BCB1.5070907@huelsing.net>
From: "A. Huelsing" <ietf@huelsing.net>
Message-ID: <56C46FE2.80607@huelsing.net>
Date: Wed, 17 Feb 2016 14:04:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56C1BCB1.5070907@huelsing.net>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: ietf@huelsing.net
X-Virus-Scanned: Clear (ClamAV 0.98.7/21380/Wed Feb 17 06:36:57 2016)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/4nkwzdLa_xjE9cWF-FeSri1We2Y>
Subject: Re: [Cfrg] New Version Notification for draft-irtf-cfrg-xmss-hash-based-signatures-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2016 13:04:40 -0000
Hi, after publishing the new version of the draft we now also adapted our references implementations. There are two independent reference implementations (both C) available: - Reference implementation by Stefan and Denis, available from http://www.square-up.org/index/publications.html. This code implements all algorithms following the draft as close as possible. - Reference implementation by Joost Rijneveld and Andreas, available from https://huelsing.wordpress.com/code/. This package contains two implementations. One that implements the simplest but also least efficient algorithms and one that is efficient but also more complicated to follow as it implements advanced tree traversal algorithms. The implementations are tested against each other, so you can choose the one that you find most accessible. Cheers, Stefan, Denis & Andreas On 02/15/16 12:55, A. Huelsing wrote: > Hi, > > we pushed a new version of the XMSS draft for hash-based signatures. The > two main changes are > 1. We incorporate the index of a signature to compute the message > representative: M' = H(idx || R || M). This allows to mitigate speed-ups > for attacks that collect many signatures and then try to forge a new > signature, finding a colliding (M,R) pair. > 2. We changed the address format to be more implementation friendly, > i.e., fields do not cross byte or word boundaries anymore (one exception > is a 40 bit field that simply does not fit a single word). > Besides we did some minor remaining fixes. A complete change log can be > found at the end of the draft. > > >From our side, the content of the draft is done with this update. We are > only considering to publish one more update with test vectors. However, > we are not entirely sure if this makes sense for such a scheme as it > would easily become 50 - 100 pages (we would have to add all signatures > for a key pair...). We would instead prefer to accompany the draft with > a reference implementation that can be used to validate implementations. > > We currently got two independent reference implementations of the last > version of the draft that were tested against each other. We will update > them during the coming days to meet this version. > > Cheers, > > Stefan, Denis & Andreas > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] New Version Notification for draft-irt… A. Huelsing
- Re: [Cfrg] New Version Notification for draft-irt… A. Huelsing
- Re: [Cfrg] [MASSMAIL] Re: New Version Notificatio… Grigory Marshalko
- Re: [Cfrg] [MASSMAIL] Re: New Version Notificatio… A. Huelsing