[Cfrg] Summary of the poll: Elliptic Curves - signature scheme: randomised or not
Alexey Melnikov <alexey.melnikov@isode.com> Mon, 18 May 2015 18:17 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BF461AD350 for <cfrg@ietfa.amsl.com>; Mon, 18 May 2015 11:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.69
X-Spam-Level:
X-Spam-Status: No, score=0.69 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zyq_qfjGVcar for <cfrg@ietfa.amsl.com>; Mon, 18 May 2015 11:17:06 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [217.34.220.150]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8D21A88C1 for <cfrg@irtf.org>; Mon, 18 May 2015 11:17:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1431973021; d=isode.com; s=selector; i=@isode.com; bh=4et/fkW9vTaZiP5qOBSApM+uEKCsouDNXv2XbVFm/AU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=TzHQ3SZTToiOQ3dAAlnU/IRjCVlh49HScgbgykSPXocrpianhzobtCYLWpIfmpyKdWYnA5 SQjj3+G7agysJmChcP/7OfArb1kEDhsKfHSPxrrkmdmEgO9Feib2oo+d2kF//XXpg6hnhS wdQCEyp5enb9/DnPdHZENz2xUSTsEro=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VVosmgAZW2Kt@waldorf.isode.com>; Mon, 18 May 2015 19:17:01 +0100
Message-ID: <555A2C95.2020106@isode.com>
Date: Mon, 18 May 2015 19:16:53 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
To: "cfrg@irtf.org" <cfrg@irtf.org>
References: <5546032D.5070208@isode.com>
In-Reply-To: <5546032D.5070208@isode.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------000401020709020802090809"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/QI6-EXVWtcAwBc6WakKl5YmZZlA>
Subject: [Cfrg] Summary of the poll: Elliptic Curves - signature scheme: randomised or not
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2015 18:17:08 -0000
On 03/05/2015 12:14, Alexey Melnikov wrote: > CFRG chairs are starting discussion of the next topic. > > The consensus view of the mailing list was that NIST compliance of our > selected > signature scheme is not necessary, opening up the opportunity for us to > consider a rich class of signature schemes beyond ECDSA. > > Most if not all signature schemes defined over elliptic curves can be > de-randomised by generating the "random" value used during signing in a > pseudorandom manner from the message to be signed. This ameliorates some > catastrophic failure modes for these schemes. The generation could involve > using a PRF such as HMAC with a key designed solely for this purpose > (resulting in an augmented private (signing) key). An alternative could be > to hash a string consisting of a concatenation of the private (signing) > key with the message to be signed. There are other possibilities too. > Several methods are described in detail in RFC 6979 > (http://tools.ietf.org/html/rfc6979). > > To determine the way forward, we are going to conduct a poll to determine > how we should tackle the question of de-randomisation. Please pick one > of the > options specified below: > > 1. CFRG should stick to randomised signature schemes only. > > 2. CFRG should adopt deterministic signature scheme only. > > 3. De-randomisation should be an optional feature for implementers to > decide upon (i.e. both choices 1 and 2 allowed). While some people were supportive of doing #3 (and some suggested that this might be a future topic after the main recommendation to the TLS WG is done), the vast majority of people preferred option #2. Nobody support the option #1.
- [Cfrg] Elliptic Curves - signature scheme: random… Alexey Melnikov
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Stephen Farrell
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Salz, Rich
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Paul Hoffman
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Andy Lutomirski
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… David Jacobson
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Watson Ladd
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Tony Arcieri
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Alyssa Rowan
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Yoav Nir
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… James Cloos
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… David Jacobson
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Nico Williams
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Damien Miller
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… David Jacobson
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Michael Hamburg
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Adam Langley
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Daniel Kahn Gillmor
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Dan Brown
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Parkinson, Sean
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Simon Josefsson
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… D. J. Bernstein
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Paul Lambert
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Olafur Gudmundsson
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Ilari Liusvaara
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Dan Brown
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Watson Ladd
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Dan Brown
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Russ Housley
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Watson Ladd
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Nico Williams
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Brian Smith
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Sean Turner
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Watson Ladd
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Nico Williams
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… D. J. Bernstein
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Nico Williams
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Andrey Jivsov
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… Nico Williams
- Re: [Cfrg] Elliptic Curves - signature scheme: ra… David Leon Gil
- [Cfrg] Summary of the poll: Elliptic Curves - sig… Alexey Melnikov