IETF Logo Mail Archive

Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-frost-12

Christopher Wood <caw@heapingbits.net> Mon, 08 May 2023 20:40 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C00C15C528; Mon, 8 May 2023 13:40:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="mN4ccAMD"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="PehFvIwG"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fIj_X2Q6N6m3; Mon, 8 May 2023 13:40:00 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C433FC16952F; Mon, 8 May 2023 13:38:54 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 0268332009AA; Mon, 8 May 2023 16:38:53 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Mon, 08 May 2023 16:38:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm3; t=1683578333; x=1683664733; bh=qSgCGh5QWmK3sUsccLPgurctt tfKV9RTFdiXw/eoits=; b=mN4ccAMDo4GcMUXrRLUsDhYAuOdfGsFz2lKAVdD1e 2TcA692zLHt1yBlCQEG4EThCeApBEPoe5/XT/q646YTffXAvm5gPV1YLUX4uspM5 iuYZ753/GWMv0+HoGjBgZNDkIFv7lEtGcRvYHYYkM+B8eZ3lnpASGGwiK/fr8GBJ xRp3SOiMv+g7qODdXhtouRy5G3ZlvHenf2CWzeV/ERHb6KfXHYXxznkyiSt8rn3a QRRgs7iXoyR2rDFMNZdDdRR3XTaVEUz7fsUEJdyu8IXR3OYGVFu4Ux8/SVPyNyxd c9MTdj7E6GO0rVlG6PcoTnxZDl2vBX5f94yEY08emx6kw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1683578333; x=1683664733; bh=qSgCGh5QWmK3sUsccLPgurctttfKV9RTFdi Xw/eoits=; b=PehFvIwG7UoDAsy8ujI57N46ZKbIzP6FZOKc0XbqlhFmZ+vPDCc TwxqutIncxDuNyKKqxK3SM4E8X2iMbnjDpfZRFoDymw/8IX9XhFmXz3aodJWkIXM LY3n0PF4SX7MI4df5wucOm0v3QkbjWYb4QXnneLHya1CmSURnl/21cdRHd+n1pgs qufiTrP0HqZR5pjb281U2RIO0FhS6azmxCS59Mrm9v8rWQ6dlsJV1jqKQYoodKvl yDr+ZY063HkjtCrPHOboMvqni9lhD2G3HoobXkwBCS4fUI2PMebLA4Wk7CNS59o5 aCaAze2GroJrPA8AA/z/742d10xorTxavbA==
X-ME-Sender: <xms:3V1ZZCLiDWDFm0PbdfmLZK__4J7Y7mzDG28dVb34xVagfc3_XsXGrA> <xme:3V1ZZKLwYZpZZB1kFHGpAftTsrncFgwvLITdu1-bcxo9gQvzgsVhZB5D2pjztr9yR n2ukA9zRkKSWxWiV3g>
X-ME-Received: <xmr:3V1ZZCtZnQLRIKiEYbCSE-hrwQnXdx7nGqS5jx5D3o8OnR_hh87tXO5qpzHGeP_sOEVPwlYeg8ZMb7fXUtkgm1xlzl16juZfXZsnfs6YlPOTk87DuEN9jg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeefkedgudehvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffvefgkfhfvffose htqhhmtdhhtdejnecuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeefveelvdeugf fhheekgfetiefgheeuhedvteeuteeuvdejueffteehveelkeetueenucffohhmrghinhep ihhrthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:3V1ZZHYFoz1yshVCNDFXzZOw6-f1BapP3sAfiDRlFDdaafH-GW02Vg> <xmx:3V1ZZJYbXU6zK-iyAAQ_EMLPfJ_BbZLRKgDn5gNd_GQS3X9QVzzwMw> <xmx:3V1ZZDAfnAdityfVlAY448RR2WiD8-oyTfqeiy7NYfnbrO0G-kwSEw> <xmx:3V1ZZInFm9EwGhEdVk67qV_vWSlB4f9M2s2svNkL0ukjLec7yJWmeA>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 8 May 2023 16:38:53 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Christopher Wood <caw@heapingbits.net>
In-Reply-To: <E8F9831C-04F5-4364-BF59-DC0895DFAFEC@csperkins.org>
Date: Mon, 08 May 2023 16:38:49 -0400
Cc: cfrg@ietf.org, draft-irtf-cfrg-frost@ietf.org, cfrg-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <98E88F76-3691-4E0A-9196-9AD60F373A01@heapingbits.net>
References: <E8F9831C-04F5-4364-BF59-DC0895DFAFEC@csperkins.org>
To: Colin Perkins <csp@csperkins.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/98V2h7Q2WZxT6JYTNpx3NYMFzo8>
Subject: Re: [CFRG] IRTF Chair review of draft-irtf-cfrg-frost-12
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2023 20:40:05 -0000

Hi Colin,

All IPR disclosures have been made. I just forwarded you the individual messages that have them; sorry for the burst of email! We also just cut a new version of the draft that should address your comments.

Please let us know if anything else is required to move this forward in the process.

Best,
Chris

> On Apr 13, 2023, at 2:06 PM, Colin Perkins <csp@csperkins.org> wrote:
> 
> The CFRG chairs have requested that draft-irtf-cfrg-frost-12 be published as an RFC on the IRTF stream. The IRTF publication process is described in RFC 5743, and comprises a review by the IRSG to ensure technical and editorial quality, followed by a check by the IESG to ensure the work does not conflict with IETF standards activities.
> 
> As IRTF Chair, I perform an initial review of all drafts submitted for publication on the IRTF stream before sending them for detailed review by the IRSG. This note provides my review comments, for discussion.
> 
> Authors, please can you also respond to this message to confirm that all necessary IPR disclosures, as described on https://irtf.org/policies/ipr, have been made? (Or if the chairs have already confirmed this, please send details)
> 
> Result:
> * Ready with nits
> 
> RFC 5743 compliance:
> * The draft follows the guidelines in RFC 5743
> 
> Comments:
> 
> Thank you for this well written draft. I have some nits below that I would ask the authors to consider. Otherwise, this looks good to progress once we have confirmation about the IPR.
> 
> 	• The formatting of the function definitions is inconsistent. Some of the early definitions, for example in Section 4.1 nonce_generate(secret) are written with a function signature, the Inputs, the Outputs, then def nonce_generate(secret):. In the later sections, the initial function signature is missing. The draft would be improved if the formatting of these definitions was consistent.
> 
> 	• Section 5.1: the description of the output “(nonce, comm), a tuple of nonce and nonce commitment pairs” is confusing since it looks like a single tuple is returned, rather than a tuple of tuples. Maybe “((hiding_none, binding_none), (hiding_nonce_comm, binding_nonce_comm))”?
> 
> 	• Section 6: there are a large number of numeric parameters in this section. I trust that the values in the draft have been carefully compared against a reference implementation?
> 
> 	• Section 6.6: “All hash functions MUST be domain separated with a per-suite context string” but FROST(Ed25519, SHA-512) does not, for compatibility. Can you clarify why this is not problematic (presumably it’s okay provided all other hash functions are domain separated)
> 
> Regards,
> Colin
>

v2.23.0 | Report a Bug | By Email