IETF Logo Mail Archive

Re: [Cfrg] Recent SM2 and SM3 drafts update

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Wed, 19 February 2014 13:07 UTC

Return-Path: <prvs=71278c4eaf=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B85A1A04AD for <cfrg@ietfa.amsl.com>; Wed, 19 Feb 2014 05:07:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.249
X-Spam-Level:
X-Spam-Status: No, score=-4.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_MID=0.497, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9mQ3qIzo2NxL for <cfrg@ietfa.amsl.com>; Wed, 19 Feb 2014 05:07:38 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 465A41A0489 for <cfrg@irtf.org>; Wed, 19 Feb 2014 05:07:37 -0800 (PST)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id s1JD7TXk014172; Wed, 19 Feb 2014 08:07:29 -0500
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: "'shenshuo@cnnic.cn'" <shenshuo@cnnic.cn>, "'cfrg@irtf.org'" <cfrg@irtf.org>
Date: Wed, 19 Feb 2014 08:07:28 -0500
Thread-Topic: [Cfrg] Recent SM2 and SM3 drafts update
Thread-Index: Ac8tEkbyzDYSw081T1yKwnXLGpDORAAArSRwABejsB8=
In-Reply-To: <010601cf2d1b$5b4cf210$11e6d630$@cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-02-19_03:2014-02-18, 2014-02-19, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=10 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1402190049
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/GmyT822vVKTN7JoCT45v7vrI_uo
Subject: Re: [Cfrg] Recent SM2 and SM3 drafts update
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 13:07:42 -0000
X-Message-ID:
Message-ID: <20140418010543.2560.77771.ARCHIVE@ietfa.amsl.com>

Sean,

Are there (free :) reference implementations available?

TNX!

P.S. I wonder why China and Russia went with their own ECC digital signature standards rather than embracing ECDSA :).
--
Regards,
Uri Blumenthal                            Voice: (781) 981-1638
Cyber Systems and Technology   Fax:   (781) 981-0186
MIT Lincoln Laboratory                Cell:  (339) 223-5363
244 Wood Street                        Email: <uri@ll.mit.edu>
Lexington, MA  02420-9185       

Web:  http://www.ll.mit.edu/CST/

 

MIT LL Root CA: 

 <https://www.ll.mit.edu/labcertificateauthority.html>


DSN:   478-5980 ask Lincoln ext.1638

----- Original Message -----
From: Sean Shen 沈烁 [mailto:shenshuo@cnnic.cn]
Sent: Tuesday, February 18, 2014 09:36 PM
To: cfrg@irtf.org <cfrg@irtf.org>
Subject: Re: [Cfrg] Recent SM2 and SM3 drafts update

These are the documents describing algorithms themselves, trying to stick to the original standards. I discussed with the security directors, they also think CFRG is the proper place for algorithms regarding clarity and correctness of the text.
As for implementations, hope the algorithms will be options for applications, IPSEC and TLS definitely are definitely widely used ones, maybe also DNSSEC although DNSEXT WG is concluded currently. So far I haven't discussed with guys in those area regarding adopting SM2 and SM3 in those application, I plan to have the algorithms documents ready for the IETF reference first. 

Regarding the SM3 Hash function. It is based on the Merkle-Damgård design and very similar to SHA-2 but includes some additional strengthening features, it was designed by Xiaoyun Wang et al. I am not the designer and did not crypto analysis myself, but I collected some related arypto analysis paper in the webpage I mentioned, you can especially check: http://218.241.108.63/wiki/en/index.php/SM3%27s_related_papers   


-----邮件原件-----
发件人: Watson Ladd [mailto:watsonbladd@gmail.com] 
发送时间: 2014年2月19日 9:31
收件人: Sean Shen 沈烁
抄送: cfrg@irtf.org
主题: Re: [Cfrg] Recent SM2 and SM3 drafts update

If this is a valid transcription of the standard, it should be fine.
But the place you want to go is the IPSEC and TLS WGs to get it into implementations.

Note that this is not a recommendation for usage: I haven't validated parameters or the algorithms, and SM3 in particular looks sketchy.
(It's an MD-style hash, in a world where many have fallen). Has there been a lot of analytical attention devoted to it that I've missed hearing about?

Sincerely,
Watson Ladd

On Tue, Feb 18, 2014 at 5:00 PM, Sean Shen 沈烁 <shenshuo@cnnic.cn> wrote:
> Dear cryptographers in CFRG,
>
> I have been working on writing a few cryptographic algorithms 
> documents: SM2 elliptic curve digital signature algorithm and SM3 hash 
> function. The two algorithms are published in China for years and 
> required to be used in IT systems like electronic authentication service system.
>
> It was my pleasure to provide the IETF documents to make these 
> algorithms public to IETF community and hence the whole Internet 
> industry. The two documents have been in published for quite a while 
> and I updated a few versions. I also have given presentations in IETF 
> meetings a few times to security guys in CFRG. Audience has been very interested in them.
>
> I think these works are valuable to both IETF community and vendors in 
> Chinese market. So I hope the two documents on the track to be IETF RFCs.
>
> Also I prepared a simple webpage to give information (related 
> documents and
> implementations) of a few crypto algorithms used in China, including 
> SM2 and SM3. I will keep updating the draft and webpage , hope they 
> are helpful to the community. Please check:
>
> http://218.241.108.63/wiki/en/index.php/Main_Page
>
> I will appreciate and reviews and suggestions.
>
>
>
> Sean Shen
>
> CNNIC
>
>
>
>
>
>
>
>
>
>
>
> A new version of I-D, draft-shen-sm2-ecdsa-02.txt has been 
> successfully submitted by Sean Shen and posted to the IETF repository.
>
>
>
> Name:               draft-shen-sm2-ecdsa
>
> Revision:  02
>
> Title:                  SM2 Digital Signature Algorithm
>
> Document date:       2014-02-14
>
> Group:               Individual Submission
>
> Pages:               40
>
> URL:
> http://www.ietf.org/internet-drafts/draft-shen-sm2-ecdsa-02.txt
>
> Status:         https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
>
> Htmlized:       http://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
>
> Diff:           http://www.ietf.org/rfcdiff?url2=draft-shen-sm2-ecdsa-02
>
>
>
> Abstract:
>
>    This document discribles a set of public key cryptographic 
> algorithms
>
>    based on elliptic curves which is invented by Xiaoyun Wang et al.
>
>    These algorithms and recommended parameters are published by 
> Chinese
>
>    Commercial Cryptography Administration Office ([SM2 Algorithms] and
>
>    [SM2 Algorithms Parameters]) for the use of electronic 
> authentication
>
>    service system.  This document gives IETF standard description of 
> the
>
>    algorithms and parameters in [SM2 Algorithms] and [SM2 Algorithms
>
>    Parameters].
>
>
>
>    The document [SM2 Algorithms] published by Chinese Commercial
>
>    Cryptography Administration Office includes four parts: general
>
>    introdocution, Digital Signature Algorithm, Key Exchange Protocol 
> and
>
>    Public Key Encryption Algorithm.
>
>
>
>    The document [SM2 Algorithms Parameters] gives a set of recommended
>
>    parameters.
>
>
>
>
>
>
>
> A new version of I-D, draft-shen-sm3-hash-01.txt has been successfully 
> submitted by Sean Shen and posted to the IETF repository.
>
>
>
> Name:               draft-shen-sm3-hash
>
> Revision:  01
>
> Title:                  SM3 Hash function
>
> Document date:       2014-02-14
>
> Group:               Individual Submission
>
> Pages:               13
>
> URL:
> http://www.ietf.org/internet-drafts/draft-shen-sm3-hash-01.txt
>
> Status:         https://datatracker.ietf.org/doc/draft-shen-sm3-hash/
>
> Htmlized:       http://tools.ietf.org/html/draft-shen-sm3-hash-01
>
> Diff:           http://www.ietf.org/rfcdiff?url2=draft-shen-sm3-hash-01
>
>
>
> Abstract:
>
>    This document discribles a hash function which is invented by 
> Xiaoyun
>
>    Wang et al.  This algorithm is published by Chinese Commercial
>
>    Cryptography Administration Office ([SM3]) for the use of 
> electronic
>
>    authentication service system.  This document gives IETF standard
>
>    description of the algorithm.
>
>
>
>
>
>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>



--
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email