Re: [Cfrg] Security proofs v DH backdoors
Watson Ladd <watsonbladd@gmail.com> Mon, 31 October 2016 00:56 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65D2F1293D8 for <cfrg@ietfa.amsl.com>; Sun, 30 Oct 2016 17:56:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuV0UHshOlOj for <cfrg@ietfa.amsl.com>; Sun, 30 Oct 2016 17:56:07 -0700 (PDT)
Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF19212940A for <cfrg@irtf.org>; Sun, 30 Oct 2016 17:56:06 -0700 (PDT)
Received: by mail-ua0-x232.google.com with SMTP id b35so21906969uaa.3 for <cfrg@irtf.org>; Sun, 30 Oct 2016 17:56:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pVN1xsdc1GhvBeniFL/NLceL6bU+R1A9cXLMhOXqAfo=; b=K1lN1SoBXTOjk+9E/Q/vFE0w3istknURSILlLQemK+Hnbg4L0Xekk8RliKHQdM0FTW BjiBB4JH7H4cpY/Dz6eqT+UZ7HEmN1KmM6mUWpkLKJFggTYKfqFWpYxdVtcv/3jNeRDg bYP+IPDUynWyx+LVRSfu+ucmvlu1cnjOTYSLxJ0dwvNPrQizGA/o09H8Z9cuZZQZ2/lk g93Lk2zx+eEAgjw5petKjUBTGPpsRxIfBwK7aBN9nLZ9jlYi+B83qXhABpika+LVA2cP yzXTrNpgpvXgLAjPCKTbg9/1O2k8HERBpEH7VWSBqVZYaHl0MFSLQBDC1z5Yu1UaUqYb cpIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pVN1xsdc1GhvBeniFL/NLceL6bU+R1A9cXLMhOXqAfo=; b=m38lQ7kTvQWK64Cg+v7imkLa/wd7hUVGwEBhMCDelZhtD+rwb7xnNvqtBymg6Wy2Uk UY0ErgOFKrJ+jJBBUz0QWHjLW5gI70lxTJVL6RCGnh0aixduI6YAQ3q0jkmrca3bpDJm ZFgGpaEeJpaEKAYIhOGCiFjCYBRTKTu1cekq58iCcIOtBmkdpzeZnUX8Owjl6kM+4vhi dm3kEY++PVM7Bg6GsXDpC9m8am+I8wQ4ae82iNhN7zle9QOlaWeqUcJtMVIUiP/cEJY1 SlWlF9ctr9whxv9oT+Ma63DMs0PlGT7D8zbO4Uamc4QN6tfE6lm7Y87veq57X5nl55cP IhkQ==
X-Gm-Message-State: ABUngvfIpTDI/pJDQ42DJZl177MFdS9SbZ95NCDMtw9xfVoEiKd+rWGVx2uC7LkJVhk1K6f864Fab2q65TU1pg==
X-Received: by 10.176.65.33 with SMTP id j30mr945284uad.94.1477875365958; Sun, 30 Oct 2016 17:56:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.68.135 with HTTP; Sun, 30 Oct 2016 17:56:05 -0700 (PDT)
Received: by 10.176.68.135 with HTTP; Sun, 30 Oct 2016 17:56:05 -0700 (PDT)
In-Reply-To: <1477825903078.89540@cs.auckland.ac.nz>
References: <20161025131014.5709905.2866.6563@blackberry.com> <20161025133016.GA9081@LK-Perkele-V2.elisa-laajakaista.fi> <1477456366629.49872@cs.auckland.ac.nz> <44595.1477524032@eng-mail01.juniper.net> <20161027103214.5709905.11728.6650@blackberry.com> <20161027125120.4d260334@pc1> <1477647359860.49982@cs.auckland.ac.nz> <20161028114758.6a361db1@pc1> <1477648689042.85039@cs.auckland.ac.nz> <20161028124319.082acf90@pc1> <1477825903078.89540@cs.auckland.ac.nz>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 31 Oct 2016 01:56:05 +0100
Message-ID: <CACsn0ckDevVdS+1JKfBWps7znFpkXxGAeF6C8+ygtSZBUwdy5w@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="94eb2c12464435d91605401eac89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/C5peNebA7kcdRMPgZxdSbV0u9O8>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Security proofs v DH backdoors
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 00:56:08 -0000
On Oct 30, 2016 4:12 AM, "Peter Gutmann" <pgut001@cs.auckland.ac.nz> wrote: > > Hanno Böck <hanno@hboeck.de> writes: > > >I'm really interested what you mean here, can you point to concrete examples > >of such attacks? > > There's so much I don't really know where to start... I've just done a quick > google of "fault attack ecdsa" and got 29,700 hits (OK, lots will be dups :-), > but the first few (de-dup'd) papers are: > > A Fault Attack on ECDSA > Fault Attacks on Elliptic Curve Cryptosystems > A Novel Fault Attack Against ECDSA > Synthesis of Fault Attacks on Cryptographic Implementations > Fault Attack to the Elliptic Curve Digital Signature Algorithm > [...] > > Real-world attacks would be, for example, the recovery of the PS3 master > signing key due to bad RNG use in ECDSA, equivalent to an RNG fault. How many of those papers would apply to DSA? What about the vulnerability of RSA signatures to faults? > > Peter. > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Mark D. Baushke
- Re: [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Daniel Bleichenbacher
- Re: [Cfrg] Security proofs v DH backdoors John Mattsson
- Re: [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Michael Scott
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Salz, Rich
- Re: [Cfrg] Security proofs v DH backdoors Michael Scott
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors David Adrian
- Re: [Cfrg] Security proofs v DH backdoors Watson Ladd
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Antonio Sanso
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Watson Ladd
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Paterson, Kenny
- Re: [Cfrg] Security proofs v DH backdoors Paterson, Kenny