[Cfrg] Comments on draft-mattsson-cfrg-det-sigs-with-noise-02

Ruggero SUSELLA <ruggero.susella@st.com> Wed, 06 May 2020 11:58 UTC

Return-Path: <ruggero.susella@st.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA133A0A11 for <cfrg@ietfa.amsl.com>; Wed, 6 May 2020 04:58:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=st.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HMGAsCUDKoDY for <cfrg@ietfa.amsl.com>; Wed, 6 May 2020 04:58:32 -0700 (PDT)
Received: from mx07-00178001.pphosted.com (mx07-00178001.pphosted.com [62.209.51.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C983A09EA for <cfrg@irtf.org>; Wed, 6 May 2020 04:58:31 -0700 (PDT)
Received: from pps.filterd (m0046037.ppops.net [127.0.0.1]) by mx07-00178001.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 046BvPdv005859 for <cfrg@irtf.org>; Wed, 6 May 2020 13:58:28 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=st.com; h=from : to : subject : date : message-id : content-type : mime-version; s=STMicroelectronics; bh=2ExrY1KmEQ1htmCcdDDMy0gJxz/mgfSenQlADs9LNfY=; b=H/KWM4O1wWQkRNhQ9gYs/0LHoGCDTbz9jUvQXsLKYYVRMDX4zkucEkZleWK0ES1EcZ1I D6+k0QkAKJU/FqQpyNkdFbM0AFFaeT74Fn45Ma+20cjWaviJTae324wT5TVQjrTX+G8l 0Vnb4S/yU2n80PIL0sjwIVrg9D94fMB4gCfD7QKsEIEnb87Q+SYhV316yM9rDR+jQpTY HCOlHxKlCacBHMY8FGZocx79EzTA4aaLeixZa4Dr8+YLaV284OnHCutH9EIqwOR0ZNBk pyU0QVpnXyMDP1o4aLi/gsYyxCQ2B/AmBnC+/Ofd9yB5NjP7XG7cNGwOI5dE1d0Dapt0 xg==
Received: from eur04-vi1-obe.outbound.protection.outlook.com (mail-vi1eur04lp2056.outbound.protection.outlook.com [104.47.14.56]) by mx07-00178001.pphosted.com with ESMTP id 30rxmvnxfg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <cfrg@irtf.org>; Wed, 06 May 2020 13:58:28 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DuYXgvXa60PbDlTlSptLe5gFhfyHhqYLc0c5HmEVJWaZdisoBGdgiVCFKtGZscfrZ63v33NMeO16UGND+rag/6kB1vaHSVZ94ZCjtzOOVblhne/4I7LYOuWAIez/vpE0D48eiXP1yhB+6o0TJtMC8Q/e/VMmv8K61sQBaq0mib7RG73x+EAhJWhyMLZzHhVWw6V+Xnk5GCoOZqZPButoLhVL1XigRppXqEfMRPt5qI7ikeUKCnN4vq0CPNYjxQAOmWCFLsrzfV8EMtVGdCsSehkYcI0wTmc/By26SwgtvsLzZpq9OYa9rfkBhRVro5KyAqUPQliYvXViXCIFFvcBTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2ExrY1KmEQ1htmCcdDDMy0gJxz/mgfSenQlADs9LNfY=; b=BUJBhSoQ/am66W963lHgffL5KHrJwcFb8koTk6xI42pLaAOdDcAUDMrPzQzW2BdWWCWaAvzC5oqnIT31WZSSAkDXNiG2vjGmrmdM2j+sgINniMh1JWje5pTNfYXrLVc6b4bbs/qYe3IjVka8Gwip9WkptuVXnsEQAwvCW+ZcwDN8w66aYdLEnicUdX1ecktPowa/U60DW4bhd+YTEWxeE5m8mTw1AcynwbIpg3h2kihGuoiOhZT25pcaQX/FwAXzhnIV3lEr6Q30F+BLLuMPfSaCYFB7gUyE243q0QVpg7Gf9S2FmBZ1GNW2VdWOlaoKRZqhgiMr4dxNyrKVFa8cyw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=st.com; dmarc=pass action=none header.from=st.com; dkim=pass header.d=st.com; arc=none
Received: from DB7PR10MB2251.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:4d::25) by DB7PR10MB2123.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:5:d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19; Wed, 6 May 2020 11:58:27 +0000
Received: from DB7PR10MB2251.EURPRD10.PROD.OUTLOOK.COM ([fe80::84c3:33f8:adbc:dc99]) by DB7PR10MB2251.EURPRD10.PROD.OUTLOOK.COM ([fe80::84c3:33f8:adbc:dc99%5]) with mapi id 15.20.2958.030; Wed, 6 May 2020 11:58:27 +0000
From: Ruggero SUSELLA <ruggero.susella@st.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Comments on draft-mattsson-cfrg-det-sigs-with-noise-02
Thread-Index: AdYjnEm4G2AM3X0gR4qCG9MZ6erHsg==
Date: Wed, 6 May 2020 11:58:27 +0000
Message-ID: <DB7PR10MB2251F85A850EF17461D4DF1392A40@DB7PR10MB2251.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=st.com;
x-originating-ip: [93.146.148.242]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 94387ada-28a4-43cc-ea8f-08d7f1b4c986
x-ms-traffictypediagnostic: DB7PR10MB2123:
x-microsoft-antispam-prvs: <DB7PR10MB21235EB72EE350D71DD0D4C292A40@DB7PR10MB2123.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 03950F25EC
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HQ3g3PMN6xAUf4K0CHEkbyNDgB2G69AuyZolqrgzFiPBqbpESkKrAX/lY6VMZidVcRxahMfnbGYYBcmsQdwOmZ9+U9qJ2uv/vNVXGsU2aKK6/SLQbZBFGB1kZtELvkVVNyQ3Bdivx86x86XCtv75mBrwGoc0HHb6zrBs1v6avYMx8C67IUbMJNjumVWe1zaPruNrdFVCOkS8TNns/rLf6mFe/v1JC5K7omXCHoDRE4BySS/QZ8N8cpCNkgKSo/MLZYP9a9bWLM4Jeo8grscpAshOGkKd7jzpJcS6UpoDJttkbJZQ0Lv7FalV2Olc/XyId8PkIKIzhg0j/B0VtVEuRbARdMTrTVL0Mclcp60awNsSE/wi8em7yhSkwDnPFqTPdxYdiQ21du7JxY69oX0NtR/ntSt0ZM8tzKH6oFDRpvuQTB3glbPwSJsZbhshZ72PDzTVi233nHL+d4H9nCuDf2f+zPG+6dxWzekpzD/XK5EuKFSToZmTTugbyrrQyrzYK9vtimb9pjGLQZ8NWAXUKVITZiTXwhYIG6sOCC6O5CoKCo0MtSKuI18blZ8dkRlHYJIw6TdANZWkbxE4I/WXOUgJsUf7v2MuSYmBD+ESUPs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR10MB2251.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(366004)(39860400002)(136003)(396003)(376002)(33430700001)(6916009)(8676002)(7696005)(186003)(5660300002)(33440700001)(166002)(71200400001)(9686003)(55016002)(86362001)(26005)(52536014)(8936002)(33656002)(4744005)(6506007)(66556008)(66476007)(478600001)(64756008)(2906002)(66946007)(76116006)(66446008)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ui4KuvbgX83Fbk5eQ3borBRvYYeCXdFGbT5OODIPY8qtrz5aGY0Y6QGyoEWUkrtoNKMwwBPr7u/nzNhWFi48+xkCY+CkOUV901IjkXtk4U2FDpOeHZ7ecRlJ8ixpVF6KQ6HJq9Ydxr8Bj23zjyxS6jjcrMcBL6qOLMPXWpGKN802jPoLaumNpcAw+fGoDC6WiDSzGBInkc0LFgIfaMcXz3PoVx71wNDP9HuOc3zzIpjc4TyqIusJW1/3QSbjZU90cjWtb2iLBLl8Cu6AGkoVpB8O30R5/ID+6Kl+y+xFEyMFoMPh1qEXixS4zbHpa/AFSirJmiqz5yVGhQI+S4U94eMxBt2K/KaiU26pkto2Xb+BPVMtU9qHs7nWO4442lDk2QoufsPJ8pm47EPGW7M1CeQjC4D/zzxPgLCytCcU9LDT5YG2YNJ+WCELB1OvdG8weY46dpieXnJLRavT55QmNfCiaB8SQwzGP2PJ+B/iSrX1b46zncp+/nTF2+JW1hnqUWO1onPrZ5dbKth9G1ohKLZurSorIrJIIjUy3lxTrQmF5chLYupgZevS1ngl8+RuA60OGc09/rZZ3AC5KGuOZ16GFJ0apf8fKZBYY2LHI4P8ZUhQt9J+CcAU7zEWfGQ4FsuMwo1r60bmtdc5PzY1CETpTe/YqEqzMkxDwobhb9o7mVGLmwoICZoevNcbfktFvGlClkjVpiSMIv1DqFnJsUkwUECefHspzvO155Em9147rKJ5HyE2abtmybvXVUAG0KxSIWL67zhXgPPGwNjf4qDULYRUexcqKzxgPXTbVPc=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB7PR10MB2251F85A850EF17461D4DF1392A40DB7PR10MB2251EURP_"
MIME-Version: 1.0
X-OriginatorOrg: ST.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 94387ada-28a4-43cc-ea8f-08d7f1b4c986
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 May 2020 11:58:27.2045 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 75e027c9-20d5-47d5-b82f-77d7cd041e8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zGJaSA/6LH/quNn1PnjRftRf0jLxw55jcLNvPu3JWrOMwiqBWykKdDVPN9X0hvjzseD3NgFHOksZlor+6AJIkw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR10MB2123
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-05-06_05:2020-05-05, 2020-05-06 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 mlxlogscore=965 bulkscore=0 lowpriorityscore=0 adultscore=0 impostorscore=0 spamscore=0 suspectscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2005060095
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-seX9sEMmM-zcSET0gSKeanLstc>
Subject: [Cfrg] Comments on draft-mattsson-cfrg-det-sigs-with-noise-02
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 11:58:41 -0000

Dear All,

Disclosure: I'm coauthor of the reference [SBBDS17].

There is an inconsistency between the bit/bytes in the text.


Specifically in Section 4

"[SBBDS17<https://tools.ietf.org/html/draft-mattsson-cfrg-det-sigs-with-noise-02#ref-SBBDS17>] suggest a construction where the randomness is padded with zeroes so that the first 1024-bit SHA-512 block is composed only of the hashed private key and the random vale, but not the message.  The construction in this document follows this recommendation and pads with zeroes so that the first block is composed only of the hashed private key and the random value, but not the message."



But the description of the signature generation in section 2 reads "so that the length of (dom2(F, C) || Z || prefix || 000...)  is 1024 bytes" and, for ed448, "is chosen so that the length of (dom4(F, C) || Z || prefix || 000...)  is 1088 bytes."



These should be 1024 and 1088  bits respectively.



Best Regards,

Ruggero