Re: [Cfrg] request for comments: ZSS Short Signature Scheme for SS and BN Curves

Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp> Thu, 25 July 2013 09:38 UTC

Return-Path: <kasamatsu.kohei@po.ntts.co.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5511421F9A96 for <cfrg@ietfa.amsl.com>; Thu, 25 Jul 2013 02:38:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.324
X-Spam-Level: **
X-Spam-Status: No, score=2.324 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axQPvzsQ1Mc5 for <cfrg@ietfa.amsl.com>; Thu, 25 Jul 2013 02:38:42 -0700 (PDT)
Received: from mail12.ics.ntts.co.jp (mail12.ics.ntts.co.jp [210.232.35.65]) by ietfa.amsl.com (Postfix) with ESMTP id 1189B21F9A87 for <cfrg@irtf.org>; Thu, 25 Jul 2013 02:38:41 -0700 (PDT)
Received: from sadoku34.silk.ntts.co.jp (sadoku34 [10.7.18.34]) by mail12.ics.ntts.co.jp (8.14.4/8.14.4/NTTSOFT) with ESMTP id r6P9cYkl010698; Thu, 25 Jul 2013 18:38:34 +0900 (JST)
Received: (from root@localhost) by sadoku34.silk.ntts.co.jp (8.13.8/NTTSOFT) id r6P9cYYt024734; Thu, 25 Jul 2013 18:38:34 +0900 (JST)
Received: from ccmds32.silk.ntts.co.jp [10.107.0.32] by sadoku34.silk.ntts.co.jp with SMTP id UAA24733; Thu, 25 Jul 2013 18:38:34 +0900
Received: from mail147.silk.ntts.co.jp (ccmds32.silk.ntts.co.jp [127.0.0.1]) by ccmds32.silk.ntts.co.jp (8.14.3/8.14.3) with ESMTP id r6P9cWjT010469; Thu, 25 Jul 2013 18:38:33 +0900
Received: from mail147.silk.ntts.co.jp (localhost.localdomain [127.0.0.1]) by mail147.silk.ntts.co.jp (8.14.5/8.14.5/NTTSOFT) with ESMTP id r6P9cStx025105; Thu, 25 Jul 2013 18:38:28 +0900
Received: from ccmds32 (mail145.silk.ntts.co.jp [10.107.0.145]) by mail147.silk.ntts.co.jp (8.14.5/8.14.5/NTTSOFT) with SMTP id r6P9cSVc025102; Thu, 25 Jul 2013 18:38:28 +0900
Message-ID: <51F0F1E6.5080505@po.ntts.co.jp>
Date: Thu, 25 Jul 2013 18:37:42 +0900
From: Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Laura Hitt <lhitt@21ct.com>
References: <04920BD67C651C469D0387704CD7692A74B0844B94@21ct-exg07.21technologies.com>
In-Reply-To: <04920BD67C651C469D0387704CD7692A74B0844B94@21ct-exg07.21technologies.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
X-CC-Mail-RelayStamp: CC-Mail-V4.3-Client
X-CC-Mail-RelayStamp: CC-Mail-V4.3-Server
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by ccmds32.silk.ntts.co.jp id r6P9cWjT010469
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] request for comments: ZSS Short Signature Scheme for SS and BN Curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2013 09:38:46 -0000

Dear L. Hitt


I have a comment.

The security of ZSS-signature depends on k+1 Exponent Problem.
The problem more efficiently can be computed by cheon algorithm [1,2] 
than Pollard's method. (cheon algorithm is not probabilistic polynomial 
time algorithm) Hence I think that it is needed that you analyze 
security against the algorithm.


[1] J.H. Cheon, Security Analysis of the Strong Diffie-Hellman Problem, 
EUROCRYPT 2006, LNCS 4004, pp. 1-11, Springer, 2006
[2] Y. Sakemi, G. Hanaoka, T. Izu, M. Takenaka, and M. Yasuda, “Solving 
a discrete logarithm problem with auxiliary input on a 160-bit elliptic 
curve”, PKC 2012, LNCS 7293 pp. 595-608, Springer, 2012.

Best regards,
Kohei Kasamatsu




(2013/03/23 2:27), Laura Hitt wrote:
> <my apologies if this was sent twice, I saw strange behavior on my end, so thought I'd try again.>
>
> I have recently submitted (as an Individual) two I-Ds and would greatly appreciate any comments you are able to offer.  They pertain to the ZSS short signature scheme from bilinear pairings on supersingular elliptic curves and on Barreto-Naerhig elliptic curves.
>
> http://www.ietf.org/internet-drafts/draft-irtf-cfrg-zss-00.txt
> http://www.ietf.org/internet-drafts/draft-irtf-cfrg-zssbn-00.txt
>
> Thank you!
> Laura Hitt
>
>
>
>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>


-- 
Kohei Kasamatsu

NTT Software Corporation
E-mail: kasamatsu.kohei@po.ntts.co.jp