[Cfrg] FW: New Version Notification for draft-mattsson-cfrg-det-sigs-with-noise-02.txt

John Mattsson <john.mattsson@ericsson.com> Wed, 11 March 2020 16:14 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4343A0C88 for <cfrg@ietfa.amsl.com>; Wed, 11 Mar 2020 09:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fmuh9JO-LOvE for <cfrg@ietfa.amsl.com>; Wed, 11 Mar 2020 09:14:56 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2043.outbound.protection.outlook.com [40.107.21.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DA883A0C8B for <cfrg@irtf.org>; Wed, 11 Mar 2020 09:14:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DZrW71J08njSm4ofgrio4mDUoB9wHuuBKvS0jbzwTBwKKTQtamqnv5VtCuEgUx?= =?utf-8?q?ZQGH4YoeCM2C/6rkUFFDwFUq/QwR/cfive+at2rORg34nkiJtqw2KZWfB1KfBNRiS?= =?utf-8?q?Tbr8fVWxtL05UOX3qitNaRmbbspSgeoeFFt49H3fVOzjrHQXN4jsB7cXMF9VTQNBB?= =?utf-8?q?pSKXJm+8poQQZbIGDTbeXA+8Ifo4kd/f9b/TcBm+mGzQT2QbmrMGSNe7/2B7zn5DD?= =?utf-8?q?FnmfxpBGtPPCl7+bSAXq96pY5/jjXnbuzQIZSPxEeASIFycEYWFW9MYPxs9SMZnv6?= =?utf-8?q?Ac3Hw66AnPGi9eHjgOvlQ=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DY+Cdx7F2QgyhseaFHFRgclUdfhojD3AvEzXrHzdDrx4=3D=3B_b=3DHiht/9?= =?utf-8?q?JrWQMzzxMQk34finCREX3GvbLlaRsgPyczQRIIL4CmE8fG7yd4VEUxDCBVC6MJUyU?= =?utf-8?q?im+/TLlxot3fUo+iqqg2Kbh/jDC4cWkY3y+itQX6TW0yk4S8JgzjK1eYxbZS4WHxt?= =?utf-8?q?cqvepvDLgn4tUwnmWG2+ORqmc5u7a/O0oElbxH9U+9rJa7/KTg7U2C34omPkWH1nT?= =?utf-8?q?/TBdoAIUWLPSQ9FMUB/+htoaqTuO+Y4HmuD8N+GTx7BgQBE3+8t44bZFzdL+E8CJK?= =?utf-8?q?bWYnBUt8K3E3YyFqOu8keRmDTNa+unyrhv74FLyS1CfJ5SvafEhvF5OeDm1oBbmIx?= =?utf-8?q?JceVoTgvTrw=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3AContent-Typ?= =?utf-8?q?e=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DY+Cdx7F2QgyhseaFHFRgclUdfhojD3AvEzXrHzdDrx4=3D=3B_b=3DCNTDpW?= =?utf-8?q?e4vZti9UbrHep6V5p1xGv9x+t1gfLOruAyeDPpcis8uT7oVun5Yo2JB0XqJxIqclC?= =?utf-8?q?mW9TVLVvLuRn56i7cDgbpRVgCye1vyrofbE3avECbRG20qvAFiisyhTJ5kZlDgP6F?= =?utf-8?q?aPL108wdw0KcafbvZtGAk8qY+fccw2ok+VU=3D?=
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com (52.134.114.155) by AM6PR07MB4566.eurprd07.prod.outlook.com (20.177.39.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.9; Wed, 11 Mar 2020 16:14:54 +0000
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71]) by AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71%7]) with mapi id 15.20.2814.007; Wed, 11 Mar 2020 16:14:54 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: New Version Notification for draft-mattsson-cfrg-det-sigs-with-noise-02.txt
Thread-Index: AQHV97ddMasrYqBBJ0aC6HhpQIAZP6hDobmA
Date: Wed, 11 Mar 2020 16:14:53 +0000
Message-ID: <BE104C3E-FFC8-452B-A95E-C4BC36E59FF2@ericsson.com>
References: <158393949440.1432.4404194738419487467@ietfa.amsl.com>
In-Reply-To: <158393949440.1432.4404194738419487467@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.85]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d15d468f-fe5b-4351-5f0b-08d7c5d7558e
x-ms-traffictypediagnostic: AM6PR07MB4566:
x-microsoft-antispam-prvs: =?utf-8?q?=3CAM6PR07MB4566082FA5E2A23D0F7F4E6789F?= =?utf-8?q?C0=40AM6PR07MB4566=2Eeurprd07=2Eprod=2Eoutlook=2Ecom=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0339F89554
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020=29=284636?= =?utf-8?b?MDA5KSgzNzYwMDIpKDEzNjAwMykoMzk4NjA0MDAwMDIpKDM0NjAwMikoMzY2?= =?utf-8?b?MDA0KSgzOTYwMDMpKDE5OTAwNCkoMjkwNjAwMikoMzM2NTYwMDIpKDE1NjUw?= =?utf-8?b?NTAwMDAxKSg5NjYwMDUpKDQ0ODMyMDExKSg4NjM2MjAwMSkoNjUxMjAwNyko?= =?utf-8?q?6916009=29=2866574012=29=28478600001=29=282616005=29=28316002=29?= =?utf-8?q?=2881156014=29=2871200400001=29=2836756003=29=2876116006=29=28811?= =?utf-8?q?66006=29=288676002=29=2891956017=29=2866446008=29=2866476007=29?= =?utf-8?q?=2866946007=29=2864756008=29=288936002=29=2866556008=29=286506007?= =?utf-8?b?KSg2NDg2MDAyKSgyNjAwNSkoNTY2MDMwMDAwMikoNTM1NDYwMTEpKDE4NjAwMyk7?= DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB4566; H:AM6PR07MB4134.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?C7HrIz+bsvIaufk3n0mPFGRtjsT3Zj0?= =?utf-8?q?D4pgWEW9ASwsXR9JCQc2o6z7QXCL3vwehF2KnPfs0McGJVBOC4VsJlOgc1HtBqRtY?= =?utf-8?q?I947nRFW1Bt1O6zXk+RSiSOFtLNWMOq8J4u71BX9jy0xExLoTZozETLa57ViHX12p?= =?utf-8?q?Vx0rJTycUU+vbqLD476Is1djQGR718J3518kQE9ENZf7fPSXEXf73SJfsWogYPoyZ?= =?utf-8?q?PSsKgAR3jL95EFUIr5gSUAUms0BuXtIP2j4Qw5Zr035uRG+xUHRy6kzvs6yIfaWQT?= =?utf-8?q?loYThW+WNj5WIsNVbxOkHo7xECpxabcfela1ntxo6/yqmVj94IQeIyP+Quk6rfiKj?= =?utf-8?q?AET7AkyTh2PDRWpE/3XlujfA20SzfdHIqRbnZ8NTOaU3N76kyKo0BWRnHkkfL7zQC?= =?utf-8?q?0cpoUAY+6xq5n+rSQaiiVJpMWEKrpJxNc5kpnAFnFUAq8x/NcxPvhWpHWQV9yLca6?= =?utf-8?q?5g/A4in0gVH+ixgqs1SPMyyi1oAhWZOmmTZWW/sCb+wYUEdA=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?zMmM2QidSIRcudmM5THI2f2I+/0eNK?= =?utf-8?q?o+2rfBtRpvRO1b5DtoPMy7jx8UVHVlWT9W2c0cZuDeY7A49o1blhDTpfshneiAf75?= =?utf-8?q?ETOlxNQ/CanM+HvD2lmd+tCxlQir/9FhmhfnJjMNP+SDQAZc/bRFlTQ=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <AD1E13D83C1B5549955E70A2670B0C5F@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d15d468f-fe5b-4351-5f0b-08d7c5d7558e
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2020 16:14:53.9469 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?eL0ZDZQL8D1+0oY8KJk+N?= =?utf-8?q?BH63CV0o14pEY0ZIH+C5Y52QvrTBKJMtdCJ01KtWOnp4V+AeDA4QA10O5a0WZ60yU?= =?utf-8?q?9vDTEUhC3BA3cAw2f6QmI=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4566
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/PmSXO1Si9dE54J5jrYe1Du3Oj5I>
Subject: [Cfrg] FW: New Version Notification for draft-mattsson-cfrg-det-sigs-with-noise-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 16:15:07 -0000

Dear CFRG,

After the comments on the list I submitted a new version. The changes since -00 are

- As suggested Quynh Dang and Uri Blumenthal, the new version replaces the XOR construction with concatenation and places the random value before the message.
- As suggested [SBBDS17] and Uri Blumenthal, the new version implements the additional countermeasure to pad with zeroes so that so that the first block is composed only of the hashed private key and the random value, but not the message.
- As suggested by Tony Arcieri, the terminology "noise" could be confusing and has been changes to "additional randomness"
- Some more text on the construction and benefits with the construction.
- Reduced and slightly rewritten discussion section (to be removed in the future)

Cheers,
John

-----Original Message-----
From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
Date: Wednesday, 11 March 2020 at 16:11
To: John Mattsson <john.mattsson@ericsson.com>om>, John Mattsson <john.mattsson@ericsson.com>om>, Sini Ruohomaa <sini.ruohomaa@ericsson.com>om>, Erik Thormarker <erik.thormarker@ericsson.com>
Subject: New Version Notification for draft-mattsson-cfrg-det-sigs-with-noise-02.txt

    
    A new version of I-D, draft-mattsson-cfrg-det-sigs-with-noise-02.txt
    has been successfully submitted by =?utf-8?q?John_Preu=C3=9F_Mattsson?= and posted to the
    IETF repository.
    
    Name:		draft-mattsson-cfrg-det-sigs-with-noise
    Revision:	02
    Title:		Deterministic ECDSA and EdDSA Signatures with Additional Randomness
    Document date:	2020-03-11
    Group:		Individual Submission
    Pages:		13
    URL:            https://www.ietf.org/internet-drafts/draft-mattsson-cfrg-det-sigs-with-noise-02.txt
    Status:         https://datatracker.ietf.org/doc/draft-mattsson-cfrg-det-sigs-with-noise/
    Htmlized:       https://tools.ietf.org/html/draft-mattsson-cfrg-det-sigs-with-noise-02
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-mattsson-cfrg-det-sigs-with-noise
    Diff:           https://www.ietf.org/rfcdiff?url2=draft-mattsson-cfrg-det-sigs-with-noise-02
    
    Abstract:
       Deterministic elliptic-curve signatures such as deterministic ECDSA
       and EdDSA have gained popularity over randomized ECDSA as their
       security do not depend on a source of high-quality randomness.
       Recent research has however found that implementations of these
       signature algorithms may be vulnerable to certain side-channel and
       fault injection attacks due to their determinism.  One countermeasure
       to such attacks is to re-add randomness to the otherwise
       deterministic calculation of the per-message secret number.  This
       document updates RFC 6979 and RFC 8032 to recommend constructions
       with additional randomness for deployments where side-channel attacks
       and fault injection attacks are a concern.
    
                                                                                      
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    The IETF Secretariat