Re: [Cfrg] Ed25519 - X25519 keypair equivalences
chris - <chrispatton@gmail.com> Fri, 05 June 2020 18:35 UTC
Return-Path: <chrispatton@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB2A3A0E4A for <cfrg@ietfa.amsl.com>; Fri, 5 Jun 2020 11:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vB2n_m9AjEdI for <cfrg@ietfa.amsl.com>; Fri, 5 Jun 2020 11:35:29 -0700 (PDT)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4B4C3A0E3D for <cfrg@ietf.org>; Fri, 5 Jun 2020 11:35:29 -0700 (PDT)
Received: by mail-ot1-x32c.google.com with SMTP id k15so8403257otp.8 for <cfrg@ietf.org>; Fri, 05 Jun 2020 11:35:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4RBOt6ss/bkaLJnFkx6fiEnKl/gywj3ptCPd/RmbvlM=; b=JCMQDMrR4Sgo8jHAVKrqsA5iWVjnJll/EYVufiB5o6miGjYfgpjw3WcA5F3GgBNIoa +mIS5E5tdvbkIAQ32CxV7eBaq3jDbFzs8guddH6C6c5PGfXchltxA9NxaMRdddvllW55 zs45XzzZo1e2kInEK5ktEyUpBM4zAmqH66qYZBJ1ZO/Apzn5VWTcxACz+oJplKJIq0Q1 oQqF1kbisG9owVDIklTkDRS4H70dV9X01SpA2t25W0EXGaDNWUMdPi2BxnYpF7RWzlFz KKbN7Y1ATDU8zTId6IsWUrJe0epfRsgwHv68eIA9SrDqsC5diptUzcYaKpKFjLowoaAj b5Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4RBOt6ss/bkaLJnFkx6fiEnKl/gywj3ptCPd/RmbvlM=; b=hrRvtuIbqFeUMQV8taAHEu7MGpzx3+FK1wTkRWhxkmx2oaLre9hIAqLjJwao2pK220 l0I+I9/4RpB9pbcRR7NC341F9aLwIUHh2Er1rQpL/+tUmBjbGJjy50kta5hTTFYOl+4P yrHoiauKM3Dv7NY0yoeurBOrSxywMRGHGUDhBLvvRz9KAS0pxWwXlU962fIVM1pCFI1V VpB8ejFS9dSFBWQW6uhwmQt9l2s/DfcPKkX1wngH3ycN+/WItv5zt7QfjyVpbl/VZ3r3 doYv+UqAYdQTUtgdeMrwDlzlr5/BJ72hY2tY/UvO8X9RSyplRmrQVOPVKAReikFe7BJ8 2ORA==
X-Gm-Message-State: AOAM5320HLwcre5TO/DqUz6ZiGk5lq6C3CZDFg9kYFBfc8ggXusmjZO0 F2em1PdapRtjbq/EDuPuQgW2syUmobO68cdW560UDR7FToI=
X-Google-Smtp-Source: ABdhPJzBWV9JpTNTYwKWEpd/h6NLD0gEGUcV1h3iSrgDQynazNTeqV0nWdvRgcOF8i/km40exHNJWC5zf4om8csTxyQ=
X-Received: by 2002:a05:6830:1e9c:: with SMTP id n28mr8359040otr.200.1591382128890; Fri, 05 Jun 2020 11:35:28 -0700 (PDT)
MIME-Version: 1.0
References: <6cb870b8-71f3-7add-1d24-09797fb74f37@htt-consult.com>
In-Reply-To: <6cb870b8-71f3-7add-1d24-09797fb74f37@htt-consult.com>
From: chris - <chrispatton@gmail.com>
Date: Fri, 05 Jun 2020 14:35:17 -0400
Message-ID: <CACLV2m5KuZzNo7EHr8kzKq2=Zr3VvUHDYdEN4Rw=nh+F9JR5oQ@mail.gmail.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
Cc: cfrg@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007e98b805a75a8606"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/T7VWLyxmepHGLUG6I8mcYTMNfD4>
Subject: Re: [Cfrg] Ed25519 - X25519 keypair equivalences
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 18:35:32 -0000
Hi Robert, Using the same secret for two different applications is not generally secure. Whether it's secure depends intrinsically on what the applications are. Best, Chris P. On Fri, Jun 5, 2020 at 1:55 PM Robert Moskowitz <rgm-sec@htt-consult.com> wrote: > I am trying to understand rfc7748 sec 4.1 last paragraph: > > The Montgomery curve defined here is equal to the one defined in > [curve25519], and the equivalent twisted Edwards curve is equal to > the one defined in [ed25519]. > > It seems that if I have an Ed25519 key in an X.509 certificate, I can > use that equally for an EdDSA signature and an ECDH key derivation. > > Are there limits on this? Like a particular group of keypairs (like > what parameters). > > Are there crypto risks/attacks if 2 keypairs are used between two > entities both for signing (Ed25519) and encryption (via X25519)? > > This is potentially powerful... > > thanks > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] Ed25519 - X25519 keypair equivalences Robert Moskowitz
- Re: [Cfrg] Ed25519 - X25519 keypair equivalences chris -
- Re: [Cfrg] Ed25519 - X25519 keypair equivalences Russ Housley
- Re: [Cfrg] Ed25519 - X25519 keypair equivalences Jim Schaad
- Re: [Cfrg] Ed25519 - X25519 keypair equivalences Riad S. Wahby