[Cfrg] Message Digest Algorithm Choice for CMS with Ed448

Russ Housley <housley@vigilsec.com> Sun, 13 November 2016 03:55 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64AD81295FB for <cfrg@ietfa.amsl.com>; Sat, 12 Nov 2016 19:55:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hk8El-FTfNg2 for <cfrg@ietfa.amsl.com>; Sat, 12 Nov 2016 19:55:27 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 021E11293FC for <cfrg@irtf.org>; Sat, 12 Nov 2016 19:55:27 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 2E588300AA5 for <cfrg@irtf.org>; Sat, 12 Nov 2016 22:55:26 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qUw9BPf8SwoT for <cfrg@irtf.org>; Sat, 12 Nov 2016 22:55:25 -0500 (EST)
Received: from dhcp-8c4e.meeting.ietf.org (dhcp-8c4e.meeting.ietf.org [31.133.140.78]) by mail.smeinc.net (Postfix) with ESMTPSA id 6C26330044D for <cfrg@irtf.org>; Sat, 12 Nov 2016 22:55:23 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <7DDD1353-96FC-4E70-8427-AA9C6F499232@vigilsec.com>
Date: Sat, 12 Nov 2016 22:55:21 -0500
To: IRTF CFRG <cfrg@irtf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/B24Wiv2SLUe9abD_N3QwzLehK68>
Subject: [Cfrg] Message Digest Algorithm Choice for CMS with Ed448
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2016 03:55:28 -0000

The CURDLE WG is working on a document that specifies the
conventions for using EdDSA with CMS [RFC5652].  See
draft-ietf-curdle-cms-eddsa-signatures.

The most common case involves these steps:

   1.  Compute a message digest on the content.

   2.  Create a message-digest attribute that include the 
       result from 1.

   3.  Gather all of the attributes that will be signed, which
       includes the attribute from 2.

   4.  Digitally sign the set of attributes.

For Ed448 (EdDSA with Curve448), step 4 uses SHAKE256.

SHAKE256 uses SHA3-512 internally.

What message digest algorithm should be used in step 1?

It seems that SHA3-512 would be a good choice to avoid
having to implement more that one message digest algorithm
to generate the signature or validate it.

Russ