[CFRG] draft-irtf-cfrg-vrf09: more comments/fixes
Christopher Peikert <christopher.peikert@algorand.com> Fri, 12 November 2021 17:57 UTC
Return-Path: <christopher.peikert@algorand.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD6213A0FB6 for <cfrg@ietfa.amsl.com>; Fri, 12 Nov 2021 09:57:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algorand.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9v46OhAd7Z8c for <cfrg@ietfa.amsl.com>; Fri, 12 Nov 2021 09:57:10 -0800 (PST)
Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 307083A0FC3 for <cfrg@irtf.org>; Fri, 12 Nov 2021 09:57:10 -0800 (PST)
Received: by mail-yb1-xb34.google.com with SMTP id u60so25714778ybi.9 for <cfrg@irtf.org>; Fri, 12 Nov 2021 09:57:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algorand.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=B9BtsletTGehwiGS4lX2Z94ZfMcFCsoEvT0sMV5fvtU=; b=l1aO6xbQbUXN6AMr/Q5J4hvkXfLR8n2m/z4DUQNbEzBDo1Z+7qeSSWxyadmzy2VkVh jHDVMJGYEHz6KR1YqZOlmZ87FiEdMQDR2GbTSt4jlraNhE4rZKMp+OOEzyMutsubJzjY k3jc9pWy7c3gwXlBDDRgxs2sYxN97ym83gvOzfaPU/q1J+4CiWHueX57U/QbR5uqNuQI fOXxNRn0VPeACCyYcpTqFicaudgqlrDvlysBXDxKfQpefP2+R1Fhvk+M05mBlOJHpBvH AhQj9btqOrRLvxLTWRHTib9gFi06eBqbyMy5Y4sX9VLNhSZUsmNIPG0WftLyWFcoFj1D 6zHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=B9BtsletTGehwiGS4lX2Z94ZfMcFCsoEvT0sMV5fvtU=; b=mFaTUCq4f3FZSYKbFKwfwEiPoOzWGIqBKWz3Lw3I0UFg1DlW/BaxJZUrW3UYgKRuHA t7vgJydT1X6ys7EsaN+bwB/HYLQsLvHaRMH6xrvaxOvde3KZRPfgBHSzMIQLK36xACT9 RQ/ehy9+P6SnpUuxvdhSConZ+iFzmmuMamrnmRupMuA90SOT8QYWiPNxoHYd89/Flm4v X3mAC/4NpJHtBzP/FEBy0Sq8csRX5yfza0z6Y2hHtQ0NlClrkcpcyVP6RrJLt5VjU8UQ PIaQhOT55kYOiJ4OEWBMGiOk0rYx+cMw9Z6lWcQEOgr1GZo0LFvchltk6gStG4McYTZI r09A==
X-Gm-Message-State: AOAM532IuG8jIT/GAM31XuxQE/kOuYNU6g9wu69OfjPgzh/BcQZggl+K xaMibhPHDh9p6M4nnoeyWOL+tM3Cs8o0rZ0FaKYLGtLIIZhZzzQX
X-Google-Smtp-Source: ABdhPJyFuHfRerMb5fgdCrLBuo0xlxhS02UfCvrb94fL5O1sB2BOYfkBzHahKZDCR+J2Rw1N81gxCEeQDQslkBk/aLg=
X-Received: by 2002:a25:ab66:: with SMTP id u93mr17653453ybi.337.1636739828401; Fri, 12 Nov 2021 09:57:08 -0800 (PST)
MIME-Version: 1.0
From: Christopher Peikert <christopher.peikert@algorand.com>
Date: Fri, 12 Nov 2021 12:56:57 -0500
Message-ID: <CAJ9ArpiBwtSYF19eyFj58rhxBRb_0pPh=Tr-HnT5riCfieEwXA@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000000fde3705d09b303b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Mk3rtEeKRDiHtcOrh9t6FV3W7uc>
Subject: [CFRG] draft-irtf-cfrg-vrf09: more comments/fixes
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 17:57:15 -0000
Hello, Jiayu Xu and I have noticed a few more subtle presentational issues (none serious) with the current VRF draft (draft-irtf-cfrg-vrf09). 1. ECVRF_hash_points (Section 5.4.3) is specified to take as input "P1...PM - EC points in G." However, this function is applied to EC points that may only be elements of the larger group E (of all EC points), and not elements of G. For example, ECVRF_verify (Section 5.3) calls ECVRF_hash_points(H, Gamma, U, V), where Gamma, U, V may only belong to E, not G. Suggested fix: drop "in G" from the input description. This appears to be the actual intent, since the definition of ECVRF_hash_points just applies point_to_string to the input points, and works for any EC points (not just ones in G). 2. Section 5.4.1 says: "The ECVRF_hash_to_curve algorithm takes in the VRF input alpha and converts it to H, an EC point in G." Suggested change: "... takes in a public key Y (an EC point) and the VRF input alpha ..." This matches the actual interfaces of the functions defined and used elsewhere. In addition, in Section 5.4.1.2 we suggest swapping the order of the documented inputs, to put Y first, as it is everywhere else. Sincerely yours in cryptography, Chris and Jiayu
- [CFRG] draft-irtf-cfrg-vrf09: more comments/fixes Christopher Peikert
- Re: [CFRG] draft-irtf-cfrg-vrf09: more comments/f… Leonid Reyzin