Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
John Mattsson <john.mattsson@ericsson.com> Sat, 16 March 2024 14:44 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1B7C14F5E5 for <cfrg@ietfa.amsl.com>; Sat, 16 Mar 2024 07:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WIAknDk6U_Pe for <cfrg@ietfa.amsl.com>; Sat, 16 Mar 2024 07:44:46 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2100.outbound.protection.outlook.com [40.107.21.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BA65C14E515 for <cfrg@ietf.org>; Sat, 16 Mar 2024 07:44:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g0xXjDGZDetJe2bpJe+zUggN8Ba+lcxABnUSqyyLkoxuhfm5pIdqqIw90DkrIONqaSD7W2+y4LUNm+A5pi16DP8hyUS6jlATT1D4Rm7qCCdiWNMtY1M5i5f9R3Awft7L8fMQsqTNIGce7mdPgxS2Fhskw2smL9fpX7cm06j5s1YUGTLWRLdX78LT5MCBJa84FRwTcEV94yJLUKFBQOW5Pq75K4zeRwKXKUWJ3VhBW1n2sEM71/zpHJoZ7hxdDAmJ3q1ULUIL3dnDlEnTbVWeePO15RupmOxPY2ewJyootc7BTls1hC3QvqYtCzYw0gAnCiyPH0G9WNYQceQcysad5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5Hf22zVyNtNrQDj/D/1Bi3Y1arOxrCfonRSOlze/TZs=; b=HhuFkska/YyQGM7B5N0rOhch29ms0vOx0xjwth0C6GANt4RO7ll6lJDcLcyT8Jk4rOdPSRGwVVx2RQGU3JD56y6HdJyOr8OFtZN8FI7rUSUh0gmJAD2018erenJiN4qQGuUfv4khlM94inp7dB3Timd/AmR76+1Lxq3udOpHXaaR+jAyKpgWDQCITOTqkApiWCTBk0TXQk1VyhGTPh1asSUTz9stvbcScFZJgRjcVfw/M11m8g3iUjNONgE8gW1Y3yANmnGMT7CcbIuPHDbUBxpOl88jZcIPGN3Hq+y52KvBBhoONpr3LoakwYb0VbOfTCFcITVQW8fKWpw4dRdt6A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Hf22zVyNtNrQDj/D/1Bi3Y1arOxrCfonRSOlze/TZs=; b=MnkbspgPRuMuCqwGPW5813vSzA/O993Gh2bladvPuU152rUoUc2+RkCwdbbqRRF2ieU3dhiujkg9lgYxv8ln9CwbV/U4RFEVGXmDBiw/xB2O/9hD4NNMWb7Aiymg7S/dKd18db9VvV4FazAIh6KpToPh6uXwiCtHTWRHGz5p/E03AePWHezNvUiSNCF340Eh9+e416ol41adOWHZ+tXKaCLg8M/fRAaMCrdoBegvhQ6YPINt3yoXqpkJrDeUWXO1vlc/hJzLMLObINMdpUPigkEgNYXLBALRGkeBbjiu2eLoNnb8NXOSDPV/kwo42TXnOtVXIPj8MpBFGNDeiopKqA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DU2PR07MB9585.eurprd07.prod.outlook.com (2603:10a6:10:49e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.21; Sat, 16 Mar 2024 14:44:42 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::b0d0:9785:585a:9568]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::b0d0:9785:585a:9568%4]) with mapi id 15.20.7386.022; Sat, 16 Mar 2024 14:44:40 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
Thread-Index: AQHad62UcI0BWqYMTEKprNI8YqYG/bE6cQqp
Date: Sat, 16 Mar 2024 14:44:40 +0000
Message-ID: <GVXPR07MB9678799A86599695B7B31F41892F2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <171059902559.62439.16934208488045122879@ietfa.amsl.com>
In-Reply-To: <171059902559.62439.16934208488045122879@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DU2PR07MB9585:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Mw57jiq7c/EOJvzCatV2gMlcP7YReOVvfdHfNR1TSk/MZzGHOWsz2yUHrWB4Y1pru/56J+K4dR5SAd8vDMyYiC4fT2YPNlA7rVl01O95Q1LkKRJzPCFOOB+TTdwX2xyfkPIwEO4Fe8PSigPAkYnek3cDy1+3u+F950C3si74U7TH1K21pd4mUdM+P7Sd32AJxKYo9SCV4tYeVee5dTa8yTAEaxI4EwYuPYmBPcO6Q3UQQ1/qLTCmekTfGx0OohbOxzVTW+csjiwTx7zUHeN4VZ+Z0mNi5Y6setkM6NxPSwVvcwQsZ0aEy9G3Y0xmCNkneD3t1fRVn+jfca6sIy4Lm8TfTJ3jXfgkVOxRIMwvPhaCBUMQVtGTEHDZwtR9Jzn/5fO1mrpM1YF5kXJVB6+5euoyIyavQzWSyq09Wu4cgRK1KQ5KyWMoDXEuwifZ69/xk0HnRFgHh9N4PVyN+9WeaWyUDQOhOqtnuPLdKA55AU/ViQzCVYUPtquqVHd7xTErri2mhfJ51Q9XP/oJkloShtuptF2k5Zz7S/OcrMSIBnVUp/cTa02m9fBEgu8adY5vl9fHvrP7e55DX568BJUI/2uIZYH47Ta+/dEzIXO9jb8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vzEgo0rdPAbDIYuOR6DUEPLQB20HYiPAk2qyHq6ottGP5Q3hw+lW2gE0tnDU+JEX5qcbJ0JMQukzhzlSBWB1r7uL2SxX3khXSJhnqD6b6vyQTZIIOmH/5+D1vSq9p4Ns1y53num+4FzV4r6JxEO5MBSom+YWfmoZ6sC7oBMpmsGwkJcFHRF1q01sDt/N7gwjtfTcKJ3Tz8iHI1IMt9YzYuzjdJNYJrJug6CvBR5LIA5Rruvtn74fuX0LI1eoDSBSH+jW1HTrtPKsVePb5qUpEGVFbg1NJ0BABPBjAGN4V+f/0HP/CgEVhL2XnLK63cDVnvgN2pkRXmPr16o7++Il2uF7fOqFx08wVvdh867Au0C5hvSAGqvcIFfveXyUamFE+AlFojGdhwavu1Hm6zTm2z7UkzrC6NJUZ+XJoplxE/0D8duZAu+lwsqcm5K5oLp7L7nYMrJF+RbdNbgt6LLvvT+z+1WuDCawoX7llY1SFRhUvqyk4kIxiaRhcFacqn8O/+LqA6y0xQSbqXsOUkPavpyBl11dlgtkD/ESIs5JNawoha6BOjPxD+4MsztXMRJ2FiQ8wr3RehFtILxtqrOcCrgRt2dirYSDTeSwBg1nN2e2WRZBGg90kmRGuHp62XMnxPOU/PLn/QRtLlbbOw3xWe8R5tv6YACnTcL9/9L+6Rk/nSfxbFKzQ33kbDX5OpPV+LI4RjpiZIKxnIpaa5WKxNbbVI47xCDy3cSBPeOpaSI1NKdIOUzM9rLyoB3c1JRa7ziNDNSyRb0O+BFnzXYA+2+b9j954Y0tpU+FPfyvbtPFCtvomQscYh3VcHsRw080vJT/eAZ+h7fsO19Q5uQT7fSpbNNLSwLBYa6gpRdaE3V/T53lU+XcIukt2yRw6xO7OyoAgMODuYwcmeO+kiJsOvY65ERVb6MhUDtuTss7vCCXN6phwsyBOIbIP/qJoMVft3lpvbihlpiEY31Nixmm3tZGl/IV5wXYzaXm1iV/c9MRRnXQpSjrqYmPMpZzXggaJFWgBcG4KUKNwBniJ3Py60NaCHIHGit0w1IapQIdJiHW1TKDNAKRAwBVq18g9JvZp3tWU3HycVJlcBFBafYx1RAVMWptfoIRriGhTMeUsbsCm4xvKKeTjj8NwUXDg5TcJQcN2zYwk+W3vz97SpfNODVkPqL0/W6Oe/w69tLEMkMMZTl5QWT1bZ6Oyj0PgbGzGYdxLdw5RhuNVFlUhPs6js93AIV90tc9KBdKYhj0jwNQuQU11qYdpM+jzXM0zqQlcpQVktwWxe0AwDoXcAoP24asC9PNWYEVa1BKQd3jc8ZU+TsIXS3VBVeRNsEx+FWeH9W5WoKHtg62UXYjEjcKC+fSTt+qreFj+3vziRnvtdj2wcMyCvatKKVZdi7B45JoekBBNvld/S3Wr4p70E/GFJMm5Kso5fqSeF/NNECcrloQ0W9tls4gEUSNOBwkkANYbC/d6h26wawU7XYTOz0mhPK8v6a551cTEM8u+BHXRxNkfvYsO5kmdkO4KgyDDIfCBRgcBNEkBodMhfv2ITd4yfVTNTqajXVqq/fNMdOIsaDE2RZp3GPCfRl1xKKAzlB2iUO/koK3UBmPRWPI1KfAljCsAjp85Ae+1XMNpOU6tqs=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678799A86599695B7B31F41892F2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 51e4c397-d5bd-4e77-3bf8-08dc45c79c4a
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2024 14:44:40.2608 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: X5PUXcKfRN2aPEouJRlWSkI/EeXanGw+wkqkeHgoghj1H9ZInSo3h0p/8UQensuCWZJ+kFWYVpzBUG+Efo6jRGcUxqjz9bVRnseGAT6knB0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR07MB9585
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/LM38bHotrmDuie1I19msc_gqt_Q>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2024 14:44:51 -0000
Hi, We have just uploaded version -03 of Hedged ECDSA and EdDSA Signatures. - Several of the changes are due to Danny Niu who pointed out that different Zd and Zf are not compatible with HMAC_DRBG and that the output length recommendations for KMAC led to unecesary many iterations. Danny has also promised to provide test vectors. The plan is to provide test vectors on the form MESSAGE = { } SECRET KEY = { } RANDOM DATA = { } SIGNATURE = { } which allows testing implementations. This has been requested by several people. Changes from -02 to -03: * Same randomness Z in step d and f to align with HMAC_DRBG. * Changed Hedged EdDSA order to 0x00 || Z || dom2(F, C) instead of dom2(F, C) || Z. This avoids collisions with RFC 8032 and aligns with Bernstein's recommendation to put Z before the context. * Changed KMAC output length recommendations to avoid multiple invocations. * Updates some text to align with the hedged signatures/signing terminology. * Added more description about the construction. * Editorial changes. Changes from -01 to -02: * Different names Zd and Zf for the randomness in ECDSA. * Added empty test vector section as TODO. Cheers, John Preuß Mattsson From: CFRG <cfrg-bounces@irtf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Sunday, 17 March 2024 at 00:23 To: i-d-announce@ietf.org <i-d-announce@ietf.org> Cc: cfrg@ietf.org <cfrg@ietf.org> Subject: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt Internet-Draft draft-irtf-cfrg-det-sigs-with-noise-03.txt is now available. It is a work item of the Crypto Forum (CFRG) RG of the IRTF. Title: Hedged ECDSA and EdDSA Signatures Authors: John Preuß Mattsson Erik Thormarker Sini Ruohomaa Name: draft-irtf-cfrg-det-sigs-with-noise-03.txt Pages: 17 Dates: 2024-03-16 Abstract: Deterministic elliptic-curve signatures such as deterministic ECDSA and EdDSA have gained popularity over randomized ECDSA as their security does not depend on a source of high-quality randomness. Recent research, however, has found that implementations of these signature algorithms may be vulnerable to certain side-channel and fault injection attacks due to their deterministic nature. One countermeasure to such attacks is hedged signatures where the calculation of the per-message secret number includes both fresh randomness and the message. This document updates RFC 6979 and RFC 8032 to recommend hedged constructions in deployments where side- channel attacks and fault injection attacks are a concern. The updates are invisible to the validator of the signature and compatible with existing ECDSA and EdDSA validators. The IETF datatracker status page for this Internet-Draft is: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-irtf-cfrg-det-sigs-with-noise%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cbb03fcc1644148aee00108dc45c4b5cc%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638461958362723970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=2tEDHm7Hafaxxrtyl8dblJyOGhf6KhtXhpwL5cQVYT8%3D&reserved=0<https://datatracker.ietf.org/doc/draft-irtf-cfrg-det-sigs-with-noise/> There is also an HTML version available at: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-irtf-cfrg-det-sigs-with-noise-03.html&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cbb03fcc1644148aee00108dc45c4b5cc%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638461958362730819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=7gqRE%2Bq1rv62472ZbFWNNHkb9%2FYK7kWSLwgN473KzEA%3D&reserved=0<https://www.ietf.org/archive/id/draft-irtf-cfrg-det-sigs-with-noise-03.html> A diff from the previous version is available at: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-irtf-cfrg-det-sigs-with-noise-03&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cbb03fcc1644148aee00108dc45c4b5cc%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638461958362735971%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=iU9Ri9FU4jCWTu60%2BIJLtkrJVGioFI6tZP4%2BrXQSUjE%3D&reserved=0<https://author-tools.ietf.org/iddiff?url2=draft-irtf-cfrg-det-sigs-with-noise-03> Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ CFRG mailing list CFRG@irtf.org https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cbb03fcc1644148aee00108dc45c4b5cc%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638461958362740362%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Hv88eE2P%2Fbx8PDija6soUYgE%2Ft50POn2Oe3r3DzFpXA%3D&reserved=0<https://mailman.irtf.org/mailman/listinfo/cfrg>
- [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-… internet-drafts
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… John Mattsson
- [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… John Mattsson
- [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… Simon Josefsson
- [CFRG] 回复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… D. J. Bernstein
- [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny