Re: [CFRG] [Errata Held for Document Update] RFC8032 (5759)
Rene Struik <rstruik.ext@gmail.com> Tue, 15 February 2022 20:53 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3CEB3A0596; Tue, 15 Feb 2022 12:53:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.812
X-Spam-Level:
X-Spam-Status: No, score=-2.812 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ITvojRZnwr1; Tue, 15 Feb 2022 12:53:41 -0800 (PST)
Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6C3A3A040A; Tue, 15 Feb 2022 12:53:41 -0800 (PST)
Received: by mail-qv1-xf2b.google.com with SMTP id d3so288768qvb.5; Tue, 15 Feb 2022 12:53:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=Y+0yUrGVgrMBs/0YoHe4g+Jtr0jS/udi/VobT5SJDV4=; b=Z8Cfy+35Dg0SRS8aGz6FzUodZ3/ou5dFae6sF35X8zyS160AcIhak50yyzqxNr+QOH S61Y9PuUAQUzj/gTeOxZh8XBzRcWN9XYBFCyXXi4wkxNDn/zT6EHcc4O35AVd9o4MOXf efLDLDldIDsWBUWl8DmdtMt2e1ZMdB2kEnaU+glZTvAzxlg/znmUrR51xlJbq7OGPHm3 jrE6ggkOW0wN7NmDhnNd2arP0gYngSdYFA/WdVWFWaCafdeTG7p4Z1w/HJ20rt82CHaB vRxq25Uw0Ay8zem4n9jddEtmqnKBnNbj1NGVqg7QXsMoE3RdvYWnJNMlOFLfRXAQx6sk R4ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=Y+0yUrGVgrMBs/0YoHe4g+Jtr0jS/udi/VobT5SJDV4=; b=X6ZswxhjnoQOLYP2vjICB24djPfQqdZn8mqrLAje8AvQWJbfNm0EQvWATFF0UuDb51 iMfCtyzIESVSm+GFjO6RqJCfbPmDmDxe3v9b1MfXZNpgnLDSS5n2dHmWW0VOAnuFkDDx ZcT2WRn9BM/ffJLnuWv0fofCtRrFTy45cSNh8XlHalclDas/tswJdpWemGg0XWohmTgE iNkeyYAH4NX9i2gsH5ApB7xnfWS7ldrAvPnZU2DPlvl7fiwvn9Kpx+xe1flBMxPptOhj Y0aAsgwqP6CxwhCUubSkGUYePiJek1sBGiGF1c4xcjKhZErOhhb63Pa1aaxal4sXBwU6 m6Mw==
X-Gm-Message-State: AOAM531RrwYrahj2EivwjhLqxT1Pk5v6VoL6H7jvQUx0x86gqD9t/GAm /d9HRkpqFZEExBK8yYx1qzY=
X-Google-Smtp-Source: ABdhPJwK9IfZqPse+WT4a3iZBMKpFGM1rbpzhOq29U7rKLdyEcaiXqjI9Uycdn8xFdE9GUSboH1Kvg==
X-Received: by 2002:ad4:5ece:: with SMTP id jm14mr716550qvb.121.1644958420043; Tue, 15 Feb 2022 12:53:40 -0800 (PST)
Received: from ?IPV6:2607:fea8:8a0:1397:b920:3bac:c83:f4e3? ([2607:fea8:8a0:1397:b920:3bac:c83:f4e3]) by smtp.gmail.com with ESMTPSA id h13sm4771206qkm.38.2022.02.15.12.53.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 15 Feb 2022 12:53:39 -0800 (PST)
Message-ID: <7aae2d0f-52a5-6c16-63cd-a15f398e7e83@gmail.com>
Date: Tue, 15 Feb 2022 15:53:38 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0
Content-Language: en-US
To: RFC Errata System <rfc-editor@rfc-editor.org>, franck.rondepierre@gmail.com, simon@josefsson.org, ilariliusvaara@welho.com
Cc: cfrg@irtf.org, irsg@irtf.org
References: <20220215054249.26A5F4C1D0@rfc-editor.org>
From: Rene Struik <rstruik.ext@gmail.com>
In-Reply-To: <20220215054249.26A5F4C1D0@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/LNx6oOVJXOlXEn0j0TmuzzfuKzs>
Subject: Re: [CFRG] [Errata Held for Document Update] RFC8032 (5759)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 20:53:47 -0000
Hi Stanislav: I do not agree: work products of CFRG should try and avoid the tendency to try and be the ultimate implementation guidance as well (which we should have learned by now). For CFRG to produce technically sound, well-written documents is hard enough. For it to also be a know-all on how to securely or efficiently implement things is a recipe for trouble (although it should of course not specify things that cannot reasonably be implemented securely). In this case, while the formulae in RFC 8032 are clumsy, these are correct, and the relative merit of changing these (~1% efficiency gain) is insufficient to warrant time and effort (including effort to find knowledgeable people to review this, explain this to be people who were not in the room while changing this, etc.). As I wrote in my email of Jan 31, 2022, 3.47pm EST: In my mind, one of the lessons to be learned here is that it would be highly recommended to stop the recent practice of CFRG to produce drafts that are a curious mix of specification and implementation details (which makes of this academic paper generators in the SCA space and, moreover, monolithic documents that are hard to maintain of, e.g., adapt to an instantiation with another hash function, say SHA-256). Rene On 2022-02-15 12:42 a.m., RFC Errata System wrote: > The following errata report has been held for document update > for RFC8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid5759 > > -------------------------------------- > Status: Held for Document Update > Type: Technical > > Reported by: Franck Rondepierre <franck.rondepierre@gmail.com> > Date Reported: 2019-06-21 > Held by: Stanislav Smyshlyaev (IRSG) > > Section: 5.2. > > Original Text > ------------- > (p+1)/4 3 (p-3)/4 > x = (u/v) = u v (u^5 v^3) (mod p) > > Corrected Text > -------------- > (p+1)/4 (p-3)/4 > x = (u/v) = u (u v) (mod p) > > Notes > ----- > --VERIFIER NOTES-- > The original text was correct (verified by Nick Sullivan). > 01/28/2022: RFC Editor changed status to Reported per discussion with Stanislav V. Smyshlyaev. > 02/15/2022: The status is changed to "Held for Document Update" by Stanislav Smyshlyaev. The proposed formulas are correct as well (for the specific case of the EdDSA parameters) and provide a slight efficiency gain. > > -------------------------------------- > RFC8032 (draft-irtf-cfrg-eddsa-08) > -------------------------------------- > Title : Edwards-Curve Digital Signature Algorithm (EdDSA) > Publication Date : January 2017 > Author(s) : S. Josefsson, I. Liusvaara > Category : INFORMATIONAL > Source : Crypto Forum Research Group > Area : N/A > Stream : IRTF > Verifying Party : IRSG > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [CFRG] [Errata Held for Document Update] RFC8032 … RFC Errata System
- Re: [CFRG] [Errata Held for Document Update] RFC8… Rene Struik
- [CFRG] (I don't agree) Re: [Errata Held for Docum… Rene Struik
- Re: [CFRG] (I don't agree) Re: [Errata Held for D… Blumenthal, Uri - 0553 - MITLL