IETF Logo Mail Archive

Re: [CFRG] Psychic Signatures

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 23 April 2022 10:58 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FE173A1446 for <cfrg@ietfa.amsl.com>; Sat, 23 Apr 2022 03:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oh5fUDUP3ANq for <cfrg@ietfa.amsl.com>; Sat, 23 Apr 2022 03:58:27 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD68A3A135E for <cfrg@irtf.org>; Sat, 23 Apr 2022 03:58:07 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2237.outbound.protection.outlook.com [104.47.71.237]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-36-aktSqif0MNua-fxtGfR25w-1; Sat, 23 Apr 2022 20:58:03 +1000
X-MC-Unique: aktSqif0MNua-fxtGfR25w-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by MEAPR01MB3975.ausprd01.prod.outlook.com (2603:10c6:220:1::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.18; Sat, 23 Apr 2022 10:58:01 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b1ff:c012:f28a:c1a0]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b1ff:c012:f28a:c1a0%9]) with mapi id 15.20.5186.019; Sat, 23 Apr 2022 10:58:01 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Mike Hamburg <mike@shiftleft.org>, Mehmet Adalier <madalier@antarateknik.com>
CC: IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] Psychic Signatures
Thread-Index: AQHYVNnTrRXxz2Yo1UGZx8lZbXvhuaz55yCOgAAJFQCAAEecDYAAuaaAgABVGwCAAGC+KoAAcCMAgAAFogCAATr7Pg==
Date: Sat, 23 Apr 2022 10:58:01 +0000
Message-ID: <SY4PR01MB62511432E8453A12BC15F472EEF69@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <SY4PR01MB62519FEA53D39AABAF0BD0F4EEF49@SY4PR01MB6251.ausprd01.prod.outlook.com> <2CBA5AE5-DF84-4E9C-85DA-4DC38464710A@ericlagergren.com> <SY4PR01MB6251CA4D5F7C83FA564FD204EEF49@SY4PR01MB6251.ausprd01.prod.outlook.com> <2438a7cd-e0f7-685b-ad47-e9ba5995a5a0@mail.muni.cz> <87FFD633-DAF5-44B8-A2BF-55B547616560@dmjacobson.com> <SY4PR01MB62519B1EE1177740A9FE4C22EEF79@SY4PR01MB6251.ausprd01.prod.outlook.com> <3690036F-3BBD-4B73-A5B1-0007DFBD5346@antarateknik.com> <8AD748B7-8C0F-4254-8A15-78E36C524E12@shiftleft.org>
In-Reply-To: <8AD748B7-8C0F-4254-8A15-78E36C524E12@shiftleft.org>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2e912613-7377-4ad0-a50f-08da25182274
x-ms-traffictypediagnostic: MEAPR01MB3975:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <MEAPR01MB397580935A25836AE2C789C7EEF69@MEAPR01MB3975.ausprd01.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: lD5RqAGH7M8bP5xN3dXpwPjuOiQnl7KtDk/EjsiiLfuQmsYzB2MhY0FftQkgR064UgNNJ5qYVK6f8XsE7aRU35l2F+3/auDJ942cTquBcokmhJqulR0v3GfhPb8/9+Y1VmWthFU33BvWGYWcsNVksG8AM03mN86NHZDAEEw+4TcaECyd7cj1RNKKmRsu+YH1DaHMAHNdkgxwJD0mLjHh586rWnbEBDK0h7HrR9fV6vMj7riy5Kx+9c9XLlT5wPjgPNWe/ajIvpO2qC4e4mQ26BzVqg6NPJfDBHtTMKujRHhq96pynUCDjw9dHLh0G/UMy0q8fY16X8BYcm4fTk7+hOIEZ2ox38tU0PqOWZnLOAX7nd01rxnyug/Xv0l3Qskf8MYnIL6GtIJ04oIWUj/bq/NebEYZxe7FQQdm2D2r2GY0uIpWS14c9R3I05QoPYdPvCjRu0KZVch5DI4Cupt8z5EEGRqTmGekSSPxsl6zF4bz+didY+xPsRB3H6TCG0vVIJRy9uirLt9PFGJcKdhfedrFMFFw6YHQa7YpsmT+fhqqtTLLyftB8GFX3TIQRzeatTTtugH4wHDM4poWjFbV3n6Moo7xkDJ9G8zyjvWTHfel+Wys96/ROC3f7cUXEuovPu9UwxL1i3pImUsklWI0bzuV3axgu9ITM+Z4czo2b4cA9vnwPsPdySJuxEpXsTtjZA1Kn1WbcaqH7IGHHsYBnw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(4326008)(66946007)(66476007)(66446008)(64756008)(8676002)(66556008)(52536014)(5660300002)(8936002)(38100700002)(55016003)(122000001)(38070700005)(9686003)(71200400001)(26005)(508600001)(6506007)(7696005)(83380400001)(76116006)(186003)(110136005)(316002)(786003)(33656002)(86362001)(2906002); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BMWsravRdRZMWGbH8f656Tuly6L1ImB0EJYA3Q4+mrTvn6uap5AMV1FcbAuClW777eHu/ZSJyiwRZmvF7nSYL99QYTV2IW/fe0Cx5yW7skDSy7Lywn9RdBeER9waWOlGDC4NYV/1SmkDDLswkaRMOQdeaG4emeimNUOMqGQ9WrKEzJzuzZtScllcYYcgNOBoHECsb50TEkEg/WNEmJX0vmAuNNK8sVRJIcQtqZLGCMoHkKndSYgf32ubvm5SLMCVnrxciOUPAmhoJoQC7tA6TPEJTu0YMdYMZsJgkL8EOyGMBZ1BizIYxRPqOMEuXnfEnDTCg6QNyyzGLugal+7U4Ioke+NovTl5bXyy9yRCtAPHYP56vIv+F/09Pp+VAtBMdemZkwBgpX46Ec7gkDNfehYq0ceu+KsPmar7gOEB9M4By/SEJW7cwqhLqXvfOi09bmEtusxIC5wAql/e4VyN4to+D2Paz49J1yZtsgANqZ6/YiNWsxKcQu/IFkd65uWbctcvEt7hg92+dK3D46iji0bdD5KKPXEq9Sz4gMY7pnXzjy9IU+5RDco/GdI73W+LjXE1Q25L/rgVBHIM9VoHYE+x716mZMnpKc7xECfIToEl+PSylXZBATpKHAAYQXJ323LDIHdeHXueZH0w3XmDnYe+MQm6VYnpLLUIltpzGX7dIjjHKxj9iPn7JPYf0ZiaCf12Y4rm1FOtXWrMK7gFDbBQD/G95Yr4/EgQAk3LUWvkxyOGQfV39uP7k0kM2tvjVp+RynIazQ+Z8JbUPFrPyS3ikGGoa/lt4HvthsUt7WByijTOBVERDoNJfnIQ8TulkXMcVi+vhSVVQqrNn5oS+TcCXYFumCiDk1mQ2sK06jml+nNR4plOGVp39sBMe8i6rkH9TXVRdSrZ1J8IeEkYMAmT4no4P5LrRFsi3mtPRF9T50MhJCxCXoDrblCRQiB65EFjLnryYZMUgV+WdFhgSjBzGlJMg3DEdqmuAMp/1j0R44RISwV+3UhhIBL7o2Ig/XtMDs4p2DjUttxLXc4ZE7mPgrsSo/hl9xoRY7XMGVz5Wj+yTm/YWfMPLllhHfI+nRCKRDYkNRR1mkLwUhLo4HcwKU9K/YqqBJ53DgoGlg27vU264tP39oLiiFCgGjPxhmjQGcMVPYoV0WYilqzcV6414lboXSN/ijUL1sciJQ5zjDzuCrgnMBv5r6ru4U/Ii46t6SQA8/gkM9Lh2DU8lZ4Oxyg57AlcuDsEZVS4Fk74xUA/nM7ElhS85Po9NrzKVkyB/q1bRNpu7SXDLNBnNbyVzd4ehpqX7IBfm9uNh+BxQdnyLY5/HpiVb5RGZrz8c4utaCJibz1dSkXDQXq5QdH0vWGP3ER47Tl5lLf31hsLsjyRJeh79SAQWJ1A1I5qyN1cM9khvznk+qrokQlRGJLSvtI4YWIlSRd5qtKs/DDGs2BKYUqXAG7H275GzhJ5XmQdD7s0PwnvW1SyPJxSBdkFwjhk/z3fg294bKSwBXt3AvUqk8l+DvzksB8dgsItoUAd36FfyXI9yA6haRdh2VKKHq9qgXdijA5U7ElUrlfvjRJDyc7ImJVrpQiisPrxpip4ggP+StVQEKCOp0HuIx/tRqfeUkiQDh8/EK+9nmNej4LpwFZn7Nxz0dQ9950wKB4/TvfRa4vRoVpwPiNQCHxfwYPeRZVh7pf237of1Nzky0nWfmBVbYI80fIqGMtmxi2ZJkOKFgt8B+mJL3/KlonLbZiok5fybcdoC39ACpY=
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2e912613-7377-4ad0-a50f-08da25182274
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2022 10:58:01.3702 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: moWVIsaIv7jiO6977JM1CPTyYElBs3TjAGuEwrdeqtPvakm1xfjpI+ylFAueJ5vl2Spf2PT67eCRQCqHYng7J/lrFmk90765y4pK7VYa0Ws=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB3975
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/MycgYqDKmRJK8kdt80-PZATTUxw>
Subject: Re: [CFRG] Psychic Signatures
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2022 10:58:33 -0000

Mike Hamburg <mike@shiftleft.org> writes:

>As someone with experience in ECC implementation, this doesn’t make sense to
>me, at least not in a typical deployment (prime-order curves with (x,y) both
>given).

It doesn't surprise me too much.  Many years ago I did an informal poll of a
number of embedded systems crypto users asking if they wanted RSA blinding, a
fairly cheap operation compared to the rest of the RSA op, enabled by default
rather than as something that had to be explicitly enabled by users,
explaining the security impact (considerable) and the performance impact
(relatively low).  The results are shown in the following bar graph:

  Should blinding be enabled by default?

  No: ##############################################################
  Yes:

From the few people who responded to followup questions the thinking seemed to
be "this causes overhead, overhead is bad, it's unlikely someone will try an
attack like that anyway, so we'd rather not have it".

So yeah, skipping the validity checks doesn't surprise me.  OTOH if you just
put them in there and don't tell anyone, no-one will complain.  Or even
notice (so far).

Peter.

v2.23.0 | Report a Bug | By Email