Re: [Cfrg] My thoughts on randomized signature generation

Sofía Celi <cherenkov@riseup.net> Fri, 08 May 2020 14:32 UTC

Return-Path: <cherenkov@riseup.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C35DD3A0B15 for <cfrg@ietfa.amsl.com>; Fri, 8 May 2020 07:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1MsQ6mMeGAHI for <cfrg@ietfa.amsl.com>; Fri, 8 May 2020 07:32:37 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C0E53A0B1B for <cfrg@irtf.org>; Fri, 8 May 2020 07:32:37 -0700 (PDT)
Received: from capuchin.riseup.net (unknown [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49JXq81xgwzFfVk for <cfrg@irtf.org>; Fri, 8 May 2020 07:32:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1588948356; bh=+rLj77qrBUaO6Q+ty4tqztKuRA5mjJJAvEZSTKc7vlU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=UibkB55J1edZGoOSMp37djftFMSgwbkBOBRGZdc/PrZFvjpnJ4+UKe+pzS5Gz7AxR V0owKBlsoinAHT+hFXM2C6DFEpsCYCHdtt45cBUidqVSBBO6pLRu/B1WUep/ubfLu1 /8UzuGEOVTt2a7e2jxkw4N5EQsWnF4SQ7Dmg5D0A=
X-Riseup-User-ID: 62061E1CF57E32C6C5F40A6785968ADE8643C272330F53E9D6CA6F2BE4F2EEC7
Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id 49JXq72yKrz8w8V for <cfrg@irtf.org>; Fri, 8 May 2020 07:32:35 -0700 (PDT)
To: cfrg@irtf.org
References: <CACsn0c=8TTmh=_Zbf170sSxDHkSyzeTsvp2g=KZm4U19LCb7eQ@mail.gmail.com>
From: =?UTF-8?Q?Sof=c3=ada_Celi?= <cherenkov@riseup.net>
Autocrypt: addr=cherenkov@riseup.net; keydata= mQINBF2PpxoBEADAIhbOpA23OBsXzg/aQakv88vaLv8Dxt2oR92Rz9cfxca736HKDeO19IFC F1Anu6ylQsJfoT4UUgbGIjJpHtQB3OVIcgvsMagfZ0lEHd1eG8H8K9wqSjwSphUJl9ra+tMW MEbSDVmeV6qvHeO63vrazXrgUKBf0jDae0HcK++AYiSeSpbTmN+zTsY3ZXy9H1sdNhMUlkGt jcpROrna2NaSL3YG8YNJHsN+zGPoaBbPo9gQALUvuxtg0yS/ecly2xomWIeH6qJ4yJonO/Ys WqAAC96n423BeC1cAyYjij8ydygnR3csTibUI/iPkoH8xstnTyrv3djyiunVuw1BQUNqmtLV v7meRZfIFbfnNatuuPYp7S5NnL58vUwY/BwlMb5OhyzdCckRcITAXiz8sp4LANx1lxIdbaQA 9NsYv32vem9Pd0wtdN5JTW3dajgJtPAC1yfR86rw9u/+BSW9KhRqNF0/a+hX/+Njdni9fkl9 EheZiFHNO+nXeGLy0kikhUXr5iLg8626fG9I8QYuNj05WIEntegvAW65YjGTYSCdVgLx2bvv oGwC/4/jWxNm8MTzv38f/9YAZ5u5DSG3dFKYAjwOhf1IgEMTEWj+bKDFvgpv5fdTFumLxNey M/v3viwuNjS1hscRbi6IO36v4sFce4K1C5GU93YIgao2j01M8QARAQABtB1yaXNldXAgPGNo ZXJlbmtvdkByaXNldXAubmV0PokCVAQTAQgAPhYhBPq5Ptx83RGY3P1FWJG7a0VvRC0CBQJd j6caAhsDBQkHhh+ABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJG7a0VvRC0CEV0P/2UN rjx8LYmz/ydk2XO/uNWyobCtj/y9XBhZG9dpB8R43VC8OS5gv4Nw2ZLDrrpLQmaQ2dXjAeLL +9eCM++QT//VP2j2QS3YKbIcRreXSnl7DI6bMpD+Pu3JwiYHSyBs1zZT+VGm4nTS6QH588XJ VrslKyDYJFfzaHgkIGtxAWgqaHWAZHtjqh6PNEWMe2t571YYcVlk29cWsJ5ITsSPb+0Y0xJn u5HKQOc4TOdraedpLSFb5CZRlusNgWvhqmL4VyIcfjSEY0B8JVOgVpUeNTy0sZcDflYJ6uSN 9B1m79kb8STnVOtFS9gjnWbVwjAunqkkb/joRZhYfjeANVyYC4skh0uqJLFtqJw4r8s9+MrE p4lBy30lQ7mYYyqvRcwyEgoRRLHUvzV6cIHau/HV1pw0lwcbiXk3jP+TMf6OKOzg6lGJ/zX0 ZD+s0OAvHh8GM+5TDlgEM4Dwp6Q+9Jr1m9sp1QDQVbU7xrXXndXDd8RLEkiMDLovyyDtN6Jn HsW9PVMtu6sXvmbn0AHeHzHU/+bwB1LF4sx8O82tWKCgZlm270p+Bk6mjYmrlO4eQ11/AOF6 3ZlVoeXSaM4X0yoKa3ltdWaRoy9L0a4p7JuQYhBYIzjARbVjp9CmxctuQqW2qNSCJfagsUl8 mpcrs7xdhzfhzZHf8kQYWQcPYPPWLWqIuQINBF2PpxoBEACow9T4wPaQvKNG2LBnXeuLkDxf VGrZ/fDk0yfhG0174SjWXvDMIAgdNmfn2F4CM4F2FfPI32NZT34Td89fyWEWvP5/2I9HywyI QI/ubQvbqvm0l+DyzsdZNj4MBmNLy34Rg3K8uScgG7YbakzUplalbQKuzHrSW5OL5aBeKOG2 NGKJK7VZ4MzbdxhCLnXYvQwgnSkJ6B3AoBGv0LsLYzGUixzlMbNmYEhlQcK2scqprmFoX9rQ ymStV8b4Z37gkVmYeWGG2D9zl8gLj0u5Xw/KlF45JNxtMFBSL+Px7E1c+GJTWJxIENBhxRAu fxvbvduyJdXTObI51bqgV57510RjoLdzvVVqUpevmIdaMnavyUnDZOb8sBg3JG6NozZVzlXf S3FAvvK82zRShpd06ZNUbxPtNkruH/dT+6QV8gW3jX15gKGp2CtvhxLbi8ysV6zwtqxPkba2 03J0RAq2lVzxE/CSAP2qGPttElzHOPqhdmL6XjdmTw/WpF+qT8acB6Te8HZF+DriR/xG6EA1 MSdIK0vX4r5+U5bd0r7sh1ysSaYk/RI8hqxZZ4VGdPbVhFCOdT8AVcEXRoLsv+oN4x5WYJ9g 8G8Xw9+DvCNjFLxaGcL0ATHc8u8TyeegGRF3ZQNsRCqfVOLEYclYX+DqIly4ebCawAoIeWg2 GvN9cJAnFwARAQABiQI8BBgBCAAmFiEE+rk+3HzdEZjc/UVYkbtrRW9ELQIFAl2PpxoCGwwF CQeGH4AACgkQkbtrRW9ELQJX3g/8DAxtZTUJAlbKkluY30zITfcUwH4h9Rppxx/RvibZ1R4k 960OlvwyoRZ5rv2XiQA5VxOaVlh1tJErZnAyqgYwHr5CGQBjPEgkmRWBzme4W62uvCXOahxJ 4lNpr0TrVGRNOu223zYQcaN5S4Q5H2U9XNUFx8UF5leZIL6/Z6/bSGEW27vSuCxY6v8MkhQC 6l8T5RJqDsJmhwcVg9KDm8eGLkiu+kXS8iKl/Bw4o9257BI8hswBVRhN8kpHsecP2MGzKwn9 ccXWnOfM75qiq566UI26MY5priaGz5i+eCo26Rc0edm0IXxNs6rUZKVQUoxfMb/A/buJknYZ lUYXAgG2eDHEjlXvqNxQWHgfhIGqKFXDWuMt0sKP7Ta/lvGVPx9IHCTvkRZn9mtIN2/F9Lt5 sK3kezAlFw3BK6AIbD2v+g8TZnvKWSBidJHyhh7OEmKg3gXA3DxBpb7TU6iVUfG5e10RJUvQ qQNTSxv6mxJOgE3mEXizzj+tC6aEG/BzBwDsQpKquzUIKGCF2EGX9C7CZBhlsng/zmL3TFH6 EnY1tqV/lEg2/+gCLy/OE2dlE+EDZEtAiV183lzZNBs5Bg9NIz0Gq6a4ZkA8zDOFuxL2BFH2 EqrT33ladX2AIyKPMF50IwY4TMxGRlKhAjb4++pb55vBwVBLaTC09mvA+CuupPU=
Message-ID: <ef01dadc-0f06-d833-e37e-08cf74c3134d@riseup.net>
Date: Fri, 8 May 2020 09:32:10 -0500
MIME-Version: 1.0
In-Reply-To: <CACsn0c=8TTmh=_Zbf170sSxDHkSyzeTsvp2g=KZm4U19LCb7eQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/9Ehgl-Q0KKw_gY5iu6XZ-eB9M0U>
Subject: Re: [Cfrg] My thoughts on randomized signature generation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2020 14:32:41 -0000

Hi, Watson and list,

Thanks so much for sending this.

I agree with Watson on the problems that this will introduce, and that
this have to be taken into account carefully.

I'll also like to raise some doubts around introducing this for RFC8032.
That RFC specifies already certain security recommendations for
side-channel leaks and as well as randomness considerations in what
seems to concern the RFC. The RFC seems also to concern only about the
algorithm itself, and just expects the private key to be
cryptographically secure random data, following RFC4086. I haven't
correctly reviewed RFC4086, but maybe this can be the place to correctly
define the requirements for randomness, specifically for IoT deployments.

Apologies if this wasn't the place to send this, but I found no other place.

Thanks!



-- 
Sofía Celi
@claucece
Cryptographic research and implementation at many places
FAB9 3EDC 7CDD 1198 DCFD  4558 91BB 6B45 6F44 2D02