Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.txt
Mike Hamburg <mike@shiftleft.org> Wed, 02 March 2016 00:25 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1FA61B4405 for <cfrg@ietfa.amsl.com>; Tue, 1 Mar 2016 16:25:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3edP-pPuGVy2 for <cfrg@ietfa.amsl.com>; Tue, 1 Mar 2016 16:25:55 -0800 (PST)
Received: from astral.shiftleft.org (192-195-80-246.PUBLIC.monkeybrains.net [192.195.80.246]) by ietfa.amsl.com (Postfix) with ESMTP id 52D541B440D for <cfrg@ietf.org>; Tue, 1 Mar 2016 16:25:42 -0800 (PST)
Received: from [10.184.148.249] (unknown [209.36.6.242]) (Authenticated sender: mike) by astral.shiftleft.org (Postfix) with ESMTPSA id EEB24A0CED; Tue, 1 Mar 2016 16:25:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shiftleft.org; s=sldo; t=1456878342; bh=mO32bd1j89V8VFSQiMXR9AjzcvuoNi61nq55KSbJJos=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Xa7ZMc2D7Da7FnVMxEchQ0J1V5BM13dCVZa0nQp5jhOUjq3sDU6Jnk4Ws7+DDOUjf Pu+puhhABX92X6FKOqpEuIEAFWLQMKg+NcGENy3xBpXrg3DoBm7o8sS3/af9d35ujh UHtwmaFukd3taShrVG6liUdqBnX5MWrF4Ja5X9Ac=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Mike Hamburg <mike@shiftleft.org>
In-Reply-To: <D2FBAE74.64C1C%kenny.paterson@rhul.ac.uk>
Date: Tue, 01 Mar 2016 16:25:41 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <60F50611-03D1-4FD5-9A03-8D4C658B0DEC@shiftleft.org>
References: <20160301203045.7965.96931.idtracker@ietfa.amsl.com> <20160301203537.GA9591@LK-Perkele-V2.elisa-laajakaista.fi> <D2FBAE74.64C1C%kenny.paterson@rhul.ac.uk>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
X-Mailer: Apple Mail (2.3112)
X-Virus-Scanned: clamav-milter 0.98.7 at astral
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/BmKpotkpi4DNmX00iqy3S1CZCoQ>
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 00:25:56 -0000
Hi Simon and Ilari, I’m working to implement the draft, and I’m curious about the Ed448ph test vectors. They set the private key to 32 bytes: 833fe62409237b9d62ec77587520911e 9a759cec1d19755b7da901b96dca3d42 However, the spec says that "The secret key is 57 octets (456 bits, corresponding to b) of cryptographically-secure random data." It would of course be secure to use a key length other than 57 bytes for Ed448, prehashed or otherwise. It’s only the seed to an expansion hash, and could be set at 32 octets without losing meaningful security (or even 28 octets in the single-key setting, but this loses security against multi-key attacks). However, the spec seems to require 57 bytes. Is the test vector missing some bytes, or are Ed448 keys allowed to be other lengths? Thanks, — Mike > On Mar 1, 2016, at 12:41 PM, Paterson, Kenny <Kenny.Paterson@rhul.ac.uk> wrote: > > Hi Ilari, > > Many thanks to you and Simon for your efforts in moving this ID forwards. > > Folks reading on the list: we are very keen to get your input on this > draft as we close out our work on signatures. If you have the expertise, > please read carefully and let us know about any nits or other issues you > find. > > Thanks > > Kenny > > On 01/03/2016 20:35, "Cfrg on behalf of Ilari Liusvaara" > <cfrg-bounces@irtf.org on behalf of ilariliusvaara@welho.com> wrote: > >> On Tue, Mar 01, 2016 at 12:30:45PM -0800, internet-drafts@ietf.org wrote: >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. >>> This draft is a work item of the Crypto Forum of the IETF. >>> >>> Title : Edwards-curve Digital Signature Algorithm >>> (EdDSA) >>> Authors : Simon Josefsson >>> Ilari Liusvaara >>> Filename : draft-irtf-cfrg-eddsa-03.txt >>> Pages : 52 >>> Date : 2016-03-01 >>> >>> Abstract: >>> The elliptic curve signature scheme Edwards-curve Digital Signature >>> Algorithm (EdDSA) is described. The algorithm is instantiated with >>> recommended parameters for the edwards25519 and edwards448 curves. >>> An example implementation and test vectors are provided. >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-irtf-cfrg-eddsa/ >>> >>> There's also a htmlized version available at: >>> https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-03 >>> >>> A diff from the previous version is available at: >>> https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-eddsa-03 >>> >> >> Posted a new version that tries to address the RGLC comments and also >> refrormats the parameter tables to be hopefully clearer. >> >> >> (Had to work around some issues with the XML... Hopefully the result >> looks sane). >> >> >> >> -Ilari >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> https://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.t… Ilari Liusvaara
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.t… Paterson, Kenny
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.t… Mike Hamburg
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-eddsa-03.t… Ilari Liusvaara