IETF Logo Mail Archive

Re: [Cfrg] Deterministic signatures, revisit?

Dan Brown <danibrown@blackberry.com> Tue, 10 October 2017 10:23 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE89A134C47 for <cfrg@ietfa.amsl.com>; Tue, 10 Oct 2017 03:23:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.101
X-Spam-Level:
X-Spam-Status: No, score=0.101 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3k_VyUwWia8h for <cfrg@ietfa.amsl.com>; Tue, 10 Oct 2017 03:23:34 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DCC9134C71 for <cfrg@irtf.org>; Tue, 10 Oct 2017 03:23:34 -0700 (PDT)
X-Spoof:
Received: from xct106cnc.rim.net ([10.65.161.206]) by mhs212cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Oct 2017 06:23:33 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT106CNC.rim.net ([fe80::d824:6c98:60dc:3918%16]) with mapi id 14.03.0319.002; Tue, 10 Oct 2017 06:23:32 -0400
From: Dan Brown <danibrown@blackberry.com>
To: Cfrg <cfrg@irtf.org>
Thread-Topic: [Cfrg] Deterministic signatures, revisit?
Thread-Index: AQHTQbHSfrJSeH1XP06gGlOqYlV79A==
Date: Tue, 10 Oct 2017 10:23:31 +0000
Message-ID: <20171010102330.8609877.85759.18061@blackberry.com>
References: <20171009165655.8609877.65333.18037@blackberry.com>
In-Reply-To: <20171009165655.8609877.65333.18037@blackberry.com>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_2017101010233086098778575918061blackberrycom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/T3NznvoMENUrKSsIlicCQ62w-kA>
Subject: Re: [Cfrg] Deterministic signatures, revisit?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 10:23:37 -0000

‎http://ia.cr/2017/890 gives a theoretical reason to prefer deterministic signatures: some proofs work better. So, my question goes to side channels (and subversion too, but less so) which is better at resisting them, deterministic or one of these tweaks in the 2 eprints below?

From: Dan Brown
Sent: Monday, October 9, 2017 12:57 PM
To: Cfrg
Subject: [Cfrg] Deterministic signatures, revisit?


Hi CFRG,

ia.cr/2017/975 and ia.cr/2017/985 suggest tweaks to deterministic signing, eg EdDSA, due to side channels, etc. Do these tweaks merit consideration in CFRG?‎ (I'm not sure how important side channels are to CFRG or how strong the tweaks are.)

Best regards,

Dan

v2.23.0 | Report a Bug | By Email