[CFRG] [Errata Rejected] RFC9497 (7925)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 20 May 2024 22:51 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: cfrg@irtf.org
Delivered-To: cfrg@ietfa.amsl.com
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB753C14F5E5; Mon, 20 May 2024 15:51:25 -0700 (PDT)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id 146831DEB87; Mon, 20 May 2024 15:51:25 -0700 (PDT)
To: stefan@aaa-sec.com, alex.davidson92@gmail.com, armfazh@cloudflare.com, nicholas.sullivan+ietf@gmail.com, caw@heapingbits.net
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240520225125.146831DEB87@rfcpa.rfc-editor.org>
Date: Mon, 20 May 2024 15:51:25 -0700
Message-ID-Hash: YTTWG4HVKBZ6HG3AQZBJRYC2OQTFRBEX
X-Message-ID-Hash: YTTWG4HVKBZ6HG3AQZBJRYC2OQTFRBEX
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: csp@csperkins.org, irsg@irtf.org, cfrg@irtf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] [Errata Rejected] RFC9497 (7925)
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Qe7ZJuBfWhIKwHkFr0nlO9knUaQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
The following errata report has been rejected for RFC9497, "Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7925 -------------------------------------- Status: Rejected Type: Technical Reported by: Stefan Santesson <stefan@aaa-sec.com> Date Reported: 2024-05-07 Rejected by: Colin Perkins (IRSG) Section: 4.3 Original Text ------------- HashToScalar(): Use hash_to_field from [RFC9380] using L = 48, expand_message_xmd with SHA-256, DST = "HashToScalar-" || contextString, and a prime modulus equal to Group.Order(). Corrected Text -------------- HashToScalar(): Compute uniform_bytes using expand_message = expand_message_xmd, DST = "HashToScalar-" || contextString, and an output length of 48 bytes, interpret uniform_bytes as a 384-bit integer in little-endian order, and reduce the integer modulo Group.Order(). Notes ----- It is incorrect to refer to the hash_to_filed operation of RFC 9380 because the implementation of hash_to_field, as described in section 5.2 of RFC 9380 reduces the result integer mod Field order (not Group order). 7. e_j = OS2IP(tv) mod p Where p is the characteristic of field F. The current text imply that the existing hash_to_field implementation for P-256 can be used. But using this will cause a false result due to the mod field order operation. The a better, and accurate way to describe this is by using the same explanation as for other curve types and specify the use of expand_message_xmd directly modulus Group.Order(). --VERIFIER NOTES-- Discussed on CFRG list. The original text is correct, see https://mailarchive.ietf.org/arch/msg/cfrg/YLqRy76LFlVzeOofGyQiYeDhAuM/ -------------------------------------- RFC9497 (draft-irtf-cfrg-voprf-21) -------------------------------------- Title : Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups Publication Date : December 2023 Author(s) : A. Davidson, A. Faz-Hernandez, N. Sullivan, C. A. Wood Category : INFORMATIONAL Source : Crypto Forum Research Group Stream : IRTF Verifying Party : IRSG
- [CFRG] [Errata Rejected] RFC9497 (7925) RFC Errata System