[CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
Niu Danny <dannyniu@hotmail.com> Sat, 23 March 2024 05:19 UTC
Return-Path: <dannyniu@hotmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30293C14F684 for <cfrg@ietfa.amsl.com>; Fri, 22 Mar 2024 22:19:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5wNXYxphnvo for <cfrg@ietfa.amsl.com>; Fri, 22 Mar 2024 22:19:41 -0700 (PDT)
Received: from JPN01-OS0-obe.outbound.protection.outlook.com (mail-os0jpn01olkn20801.outbound.protection.outlook.com [IPv6:2a01:111:f403:2815::801]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59DFAC14F68C for <cfrg@irtf.org>; Fri, 22 Mar 2024 22:19:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UNxBrwtBRTpv6Qyn1/0eCuHmj9ctmSxCbjQd+B7ylbP/p/+SwahwoTSHf1jjaIul00cFsClOp9Hm346zSPLOVKVnJLPPHSkVnruMXxS33NRhhimCyCaFjoXimW+SnqA0sxlGfW9xJ6Re/5Kg/nbwcT2HI7DClgbn7/eCIr6HFAzIHs3yDM+DJsJAQpM/ACz4V0qjj/Ujd7yErB8wQrMqqyVucJNtRoGG5D4rtfHLZB8mntnJbkF3KNpBQd82iv8tN9Lov21dhU3sHQ2cIZO0Hx/qtW7dX1inEGYqjXjtDcVjzFoOAd8g4FUMeaoYzfTF5lRkVXJBnZa19yKFsgSu2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pl+cwzFra2fkm6LtLKlSJ9eny5tEYnYwwZQuJhEpvns=; b=dXxN67pU+66vfRUF1DZw8cuXBWChIeS8EWSjHyK4K/S0hTFz2plQqa37Yjy/2Bn/CC5uYVj9/4ehOZtJ5Hxz13MwNeOEHc1YSYjHyM7SGle65GdZXxWcgay4jhhFFxwtbZN5n4x5iMr+9LDMZwdBiorVpddZHP9Plp/fWnF/bA1StjY4EMgGC2lkc2HNQGE8stCtt1uORTSr6mAZMKB0942ud5HnHJi8XmNpu/GJKuHHx5SnCr4b0u/un37U0PbF52M7ZoPBdH8ikdcaB+ZFFwTxuxTKHBofHKlzc29gdy8RVoUmTzxc2S2xCd1OBo5XJiDA2X2R0Auzg8NrvKagKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pl+cwzFra2fkm6LtLKlSJ9eny5tEYnYwwZQuJhEpvns=; b=aSNvPRiH9VPREAZsn+iEvNB1iQeOZPVl+9xwOWpqd9gycSM3jCjQAqCyVosSDgeo2S3qh74V2kZ0MCOXQgzt30QxsJ9JY5gZ3TSNqRds0D4ax+tgfddhM5oXxUDJlN00/gDC/WX9uW9XL+N3XcGL1kAgR4AXBdYYSwTS7Ro/NS6guccb1Z2HnsNRWU5LWmxfcIz0/Ho6Q17DPcm6ZktcAg12moCBct2L7fSi84bCeKAoj5+aMMQqETbhiwSrz0ANbOoK7dyGjF6XL1fk4wz/4Jkl91JlPYOMMIXfG1u+Pb3HlxITPkxJRX18ArFXZ3CxjYLc+tYoQwctyiIFOl4VBA==
Received: from OS3P286MB1920.JPNP286.PROD.OUTLOOK.COM (2603:1096:604:172::14) by OS3P286MB1640.JPNP286.PROD.OUTLOOK.COM (2603:1096:604:161::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.26; Sat, 23 Mar 2024 05:19:37 +0000
Received: from OS3P286MB1920.JPNP286.PROD.OUTLOOK.COM ([fe80::f606:8757:993d:6001]) by OS3P286MB1920.JPNP286.PROD.OUTLOOK.COM ([fe80::f606:8757:993d:6001%3]) with mapi id 15.20.7409.010; Sat, 23 Mar 2024 05:19:37 +0000
From: Niu Danny <dannyniu@hotmail.com>
To: "D. J. Bernstein" <djb@cr.yp.to>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
Thread-Index: AQHad62ZdG54XWhYDkiFkDSuQ+ISzLE6cZgAgAjuhYCAAXJkBw==
Date: Sat, 23 Mar 2024 05:19:37 +0000
Message-ID: <OS3P286MB19204E10FABE372D06FFC86EC1302@OS3P286MB1920.JPNP286.PROD.OUTLOOK.COM>
References: <GVXPR07MB9678799A86599695B7B31F41892F2@GVXPR07MB9678.eurprd07.prod.outlook.com> <20240322070827.738849.qmail@cr.yp.to>
In-Reply-To: <20240322070827.738849.qmail@cr.yp.to>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [bHMQjXAF4hPYMpGhp8cRu0FY6Es/Vo+J073aAdB1pNhRECHm8VwOiWMGUuXzNxAX]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: OS3P286MB1920:EE_|OS3P286MB1640:EE_
x-ms-office365-filtering-correlation-id: 9a6129d3-1513-4914-65d2-08dc4af8d595
x-ms-exchange-slblob-mailprops: obhAqMD0nT+fOumjEr14LLf5rJqn3YltFyYrYJPTdAQgOYT1tYO1Wit5Ke8RwVUAfzBrVV/iLPDJf61gyapRZ2AEndecHWNDMceusVE5b/9MgH/nn2/O1kG7eFvceB+NEYyzti1j6ZQL/c5Il1RLSo8AwJvpp13/tlzUFH9orPBEfxMtCQr2zPKyCrzV1cljlD4NcNetFlNi4wa/GlIADq/GYRwoexo0b4JxZb3Huj3Fk2FmW6TQuUl+lT9rBFGRSO8BaBVqx4wazoDPHEbe0qr3cBzuzOUB4TgFZxH7X4k2Z0n4EH1f8SVaLizCalEQFVJo/YaVwUQtUAceuoIEIBEr3y8E3mMCi4QiNDxfI73xkYcg45jwTm01zXB7JlJ+iUUmpASKaoj4jCbLmAo8wiyGyStSXU4J8EYzphcq1nOUkqxhf5u3Df5BGyYnoWxNJhyn2RX1RsatdnmVjKF17kcRviNbmRmVr4mjZeQBZSQWVWYAZUkE31MFZhG+YvN9swfUgSnWCKwxLv9UAyZX8alY8By7ES/7SF9rCAr3o/o7/dIf3j8rinvJhheHyXdKzRUxxWGe7p12SDE8E4dL6cl7YOb5mNgFuJuXAeAn6cx93Ic6JnG3JK5BOKHFBThOozxrU/g3NuXeBSxPTSvLSgmyG8vLYEFMwhmnHWsB4MHq6blfQDK++abE45LltpAaa4mx+38YLBUxO2VvOg7uTl9+1gxNRP7D43HFnhxJMMphQEVqFufnyra2uLL9gx3mtSI9ONhhwKvcw8fVUGkTefkH0sov/vrzhhbQMDDtrwuTmc94fXxZS4tjcb6ec4lA
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iHoFUQRAhaqaopS22zjJ2HZm1iVBmYy9NCfCLicJNDWczFCdBg/KqpUVHM/WoxLT9CMNZH/75JP5NAx9DxiXF31Ab4jsVpk8KFQV2MI0jb7TX4S7yBuL2xC5ZBT9VuzdLjWq10Xp60Bgxz5hXixITqO9deOYOkqUaSmCOKiAHrXXvjuDuR/bgYFf7LWSsoR26741uOjWivAv0+Dpi3CCkjLS4iDbp/zmC8cnnc8s0Qww/hSSYx7EAHqD9pF9/JUjkRs2tCcg1vjOXzOhve8eyMgqv3PK60kA7Fi0yZboRfk1cSxxqLcXrpIqBt6jz94qmaPT0TZ/Eeov6MOkkLe0GWLJQdXhG9nH6BPwRBUMQ9cBaxwe+THbhBsqkvaShFNpq3lSzCU850MqoSFYKb4DwJtp+/IJ848NVZa1J4x08V/SWHuqHwbyhVmaizDRTBNYyqB5/a5UuftDy3gPVQA59QnZWDgCNnBOOvvjh7S8FUaOUOFUUNzSvKOwExdIttjK+qCGL8lsM4fHN0CfMXvtZoN+bA6tHHXoKB01vwmWY8Ft5l/CmKQFcbl2jJG3zCKAz3HXTzu+d07t+N/hWInGoGW5yqAevAUeUQwfzSQmXB94cgbkztM+WXTpULhqjutJjOSloOeB49z0Zpyes78sX5GhSv4nrjouW7DVH/6NoiqaaRI6HRgivgEs68vp8tBs
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zTmlWQCgwADrgFyN9wMN+CdmikFjUesMErPXWQH0VGNS4GThJ8AKBxieEuT50VQbw92FwVRpti7pvaaeyR/1O3qCA2cJjqe4EqqKJSc33d9qGst0YpVfexQjYZcv3Z+XCILmsoHNYJc5nT84PX3WxYgk01lf2A+8BjF/06lDhUHRGk47KCJvCXfVK/h5xcLQqGMsg5MITtTlmn7s+29iADnURx0qI6oD9C0zm8gn5hGW2fwy/ehcl1HUc3Wlkx2sycR1jutYvs8qkD8vzknymIlN055szvx+/oCYgw+RofbEPOpf0Y5yk5gYO9dmk7mTpfBtR+CRj20nCEkdmtORSyyiDw8rGVuex0YF2RM3Py1TZaL2iZFfFtSwvJ8NNyrfWL5yvkMfF5yKVy9EkGiRkgrfSF7U98VuAyAkvo6mNZJB1pTng+5ukbGGIZIdv/JcC2PFr1wu2ltZVfAAIdbnC7w1zgrQ/AHPBOh4t08r3lDAkHExBWwkf1gp1M72rviOjbqc8P31jUQcdQupQJPFiFK7k3dmEwC5s7wOzpiMQKOyiR5xP/nwgiy1OYXYEOLbnlBSoFfT5WgXWuIYLdgeNYSDylXENiTLYfveJbuCAqmR67J2Caokl9bwJMT/US/o8Ovh3wqqr7XCNtm3sYRCJlaQg8cTL0HeTlHuIE1xhesEGexG0K090KPxzxVc33NErhMryDkq6ynzXO5QsfWtnkAVfU+zpiat/uC28vMBaUphK6N+5x8KAfEPwuWZSAhTIkFTsdfh0gaitinsX45bvsRjHkfRXXpxB7Iu5uVjT45MUlEL0UkVgZFND2Nwt85kysyfwLfMhHSLLqvxKoQLxLhPZjm7EoBIy32PqlvRezPLI0k1Gn6ixDcu06aHRDAmUw26EjrWi9e6huJe9fGaDk6jdnP7FuLogzHpfAWu0o2gvmZoJfmlN/SHn0gM4XroqzrUMdpxk4GKDy82zP88vSbqY2UZBwXVoHC2Fw73l3a53U/v5qqtSYIfufP9y/0tkqA3bBqvcO7Mp+jJ5Itq4MlbQqK0gGyYoMknHygmFPYHaI8sMWv4GWZm3iSNZyZafB5kcgg+Z6P/356je6Mnb6Wm54NYSZ9xTq8Qnf9ZRAnS3JNlhwhQ4wzrrnCCkWfBc2R67HvrhdfnapDGrk4iE4BrhlkTL3pysurvOJDeSJ6wC4Pv7T/uwu/Mm/oDiwBEdMqZaQfHmruLNI34q+wQMbFlvP2NTi/W5nW0ZFiFMVmSiPNmiN2f1UTL3P1NtkSqbdGRJQCgTWfDJgi9i9/7Hs6OWcprrMTWre1VlJkAWfB9nKSwgFf8if/A55MD630c
Content-Type: multipart/alternative; boundary="_000_OS3P286MB19204E10FABE372D06FFC86EC1302OS3P286MB1920JPNP_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-05f45.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: OS3P286MB1920.JPNP286.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 9a6129d3-1513-4914-65d2-08dc4af8d595
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2024 05:19:37.5157 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS3P286MB1640
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/QZ0bsov4vR_wH7DqPStvhkTKPKk>
Subject: [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 05:19:45 -0000
From the perspective of the context string feature, I think it’s good - previously I implemented context string using un-finalized hashing context copying, where I feed context string into the hashing context without finalizing it, and copying it for use when signing; draft-03 made me change the way I implement it. If you can provide a discussion of performance of hashing call counts and compatibility with pre-hash variants, I think it’ll be convincing enough to adopt that in the next draft(s). 发件人: CFRG <cfrg-bounces@irtf.org> 代表 D. J. Bernstein <djb@cr.yp.to> 日期: 星期五, 2024年3月22日 15:08 收件人: cfrg@irtf.org <cfrg@irtf.org> 主题: Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt I think the best way to convert deterministic Ed25519 signing software into randomized Ed25519 signing software is to overwrite noncekey with H(noncekey,randomness) right after the usual derivation of noncekey from the secret key, i.e., before computing nonce = H(noncekey,message). This makes the code changes as simple as possible: for example, the relevant changes from earlier code to lib25519 replaced unsigned char secret[64]; crypto_hash_sha512(secret,sk,32); with unsigned char secret[96]; crypto_hash_sha512(secret,sk,32); randombytes(secret+64,32); crypto_hash_sha512(secret+32,secret+32,64); and left everything else unchanged. The main security risk from randomization comes from typical test frameworks not being able to test randomized functions: basically, the entire signing function ends up being tested merely for "yes, signatures verify", so bugs in how nonces are generated won't be caught. Randomized functions are tested in the lib25519 test framework, and aligning the randomization details has the secondary advantage of allowing reuse of test inputs and test outputs from lib25519. ---D. J. Bernstein _______________________________________________ CFRG mailing list CFRG@irtf.org https://mailman.irtf.org/mailman/listinfo/cfrg
- [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-… internet-drafts
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… John Mattsson
- [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… John Mattsson
- [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… Simon Josefsson
- [CFRG] 回复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny
- Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-w… D. J. Bernstein
- [CFRG] 答复: I-D Action: draft-irtf-cfrg-det-sigs-w… Niu Danny