Re: [Cfrg] Recent SM2 and SM3 drafts update

Hi Sean,

On 02/18/2014 09:36 PM, Sean Shen 沈烁 wrote:
> These are the documents describing algorithms themselves, trying to stick to the original standards. I discussed with the security directors, they also think CFRG is the proper place for algorithms regarding clarity and correctness of the text.

I agree with you and the ADs.   CFRG is the best place to have these 
documents reviewed.

CFRG people should keep in mind that these docs are informational, and 
that they aim to describe how to implement algorithms that are specified 
in other documents.   Comments and questions that would improve the 
clarity of description are helpful; comments on design alternatives are 
not.   Outside of the normative text, it might be possible for people to 
suggest useful informative text, on security considerations or 
implementation techniques, say.   It would also be good if we can 
establish interoperability between independent implementations.

Anyone willing to volunteer to review the docs, or to check test cases?

thanks,

David

> As for implementations, hope the algorithms will be options for applications, IPSEC and TLS definitely are definitely widely used ones, maybe also DNSSEC although DNSEXT WG is concluded currently. So far I haven't discussed with guys in those area regarding adopting SM2 and SM3 in those application, I plan to have the algorithms documents ready for the IETF reference first.
>
> Regarding the SM3 Hash function. It is based on the Merkle-Damgård design and very similar to SHA-2 but includes some additional strengthening features, it was designed by Xiaoyun Wang et al. I am not the designer and did not crypto analysis myself, but I collected some related arypto analysis paper in the webpage I mentioned, you can especially check: http://218.241.108.63/wiki/en/index.php/SM3%27s_related_papers
>
>
> -----邮件原件-----
> 发件人: Watson Ladd [mailto:watsonbladd@gmail.com]
> 发送时间: 2014年2月19日 9:31
> 收件人: Sean Shen 沈烁
> 抄送: cfrg@irtf.org
> 主题: Re: [Cfrg] Recent SM2 and SM3 drafts update
>
> If this is a valid transcription of the standard, it should be fine.
> But the place you want to go is the IPSEC and TLS WGs to get it into implementations.
>
> Note that this is not a recommendation for usage: I haven't validated parameters or the algorithms, and SM3 in particular looks sketchy.
> (It's an MD-style hash, in a world where many have fallen). Has there been a lot of analytical attention devoted to it that I've missed hearing about?
>
> Sincerely,
> Watson Ladd
>
> On Tue, Feb 18, 2014 at 5:00 PM, Sean Shen 沈烁 <shenshuo@cnnic.cn> wrote:
>> Dear cryptographers in CFRG,
>>
>> I have been working on writing a few cryptographic algorithms
>> documents: SM2 elliptic curve digital signature algorithm and SM3 hash
>> function. The two algorithms are published in China for years and
>> required to be used in IT systems like electronic authentication service system.
>>
>> It was my pleasure to provide the IETF documents to make these
>> algorithms public to IETF community and hence the whole Internet
>> industry. The two documents have been in published for quite a while
>> and I updated a few versions. I also have given presentations in IETF
>> meetings a few times to security guys in CFRG. Audience has been very interested in them.
>>
>> I think these works are valuable to both IETF community and vendors in
>> Chinese market. So I hope the two documents on the track to be IETF RFCs.
>>
>> Also I prepared a simple webpage to give information (related
>> documents and
>> implementations) of a few crypto algorithms used in China, including
>> SM2 and SM3. I will keep updating the draft and webpage , hope they
>> are helpful to the community. Please check:
>>
>> http://218.241.108.63/wiki/en/index.php/Main_Page
>>
>> I will appreciate and reviews and suggestions.
>>
>>
>>
>> Sean Shen
>>
>> CNNIC
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> A new version of I-D, draft-shen-sm2-ecdsa-02.txt has been
>> successfully submitted by Sean Shen and posted to the IETF repository.
>>
>>
>>
>> Name:               draft-shen-sm2-ecdsa
>>
>> Revision:  02
>>
>> Title:                  SM2 Digital Signature Algorithm
>>
>> Document date:       2014-02-14
>>
>> Group:               Individual Submission
>>
>> Pages:               40
>>
>> URL:
>> http://www.ietf.org/internet-drafts/draft-shen-sm2-ecdsa-02.txt
>>
>> Status:         https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
>>
>> Htmlized:       http://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
>>
>> Diff:           http://www.ietf.org/rfcdiff?url2=draft-shen-sm2-ecdsa-02
>>
>>
>>
>> Abstract:
>>
>>     This document discribles a set of public key cryptographic
>> algorithms
>>
>>     based on elliptic curves which is invented by Xiaoyun Wang et al.
>>
>>     These algorithms and recommended parameters are published by
>> Chinese
>>
>>     Commercial Cryptography Administration Office ([SM2 Algorithms] and
>>
>>     [SM2 Algorithms Parameters]) for the use of electronic
>> authentication
>>
>>     service system.  This document gives IETF standard description of
>> the
>>
>>     algorithms and parameters in [SM2 Algorithms] and [SM2 Algorithms
>>
>>     Parameters].
>>
>>
>>
>>     The document [SM2 Algorithms] published by Chinese Commercial
>>
>>     Cryptography Administration Office includes four parts: general
>>
>>     introdocution, Digital Signature Algorithm, Key Exchange Protocol
>> and
>>
>>     Public Key Encryption Algorithm.
>>
>>
>>
>>     The document [SM2 Algorithms Parameters] gives a set of recommended
>>
>>     parameters.
>>
>>
>>
>>
>>
>>
>>
>> A new version of I-D, draft-shen-sm3-hash-01.txt has been successfully
>> submitted by Sean Shen and posted to the IETF repository.
>>
>>
>>
>> Name:               draft-shen-sm3-hash
>>
>> Revision:  01
>>
>> Title:                  SM3 Hash function
>>
>> Document date:       2014-02-14
>>
>> Group:               Individual Submission
>>
>> Pages:               13
>>
>> URL:
>> http://www.ietf.org/internet-drafts/draft-shen-sm3-hash-01.txt
>>
>> Status:         https://datatracker.ietf.org/doc/draft-shen-sm3-hash/
>>
>> Htmlized:       http://tools.ietf.org/html/draft-shen-sm3-hash-01
>>
>> Diff:           http://www.ietf.org/rfcdiff?url2=draft-shen-sm3-hash-01
>>
>>
>>
>> Abstract:
>>
>>     This document discribles a hash function which is invented by
>> Xiaoyun
>>
>>     Wang et al.  This algorithm is published by Chinese Commercial
>>
>>     Cryptography Administration Office ([SM3]) for the use of
>> electronic
>>
>>     authentication service system.  This document gives IETF standard
>>
>>     description of the algorithm.
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> http://www.irtf.org/mailman/listinfo/cfrg
>>
>
>
> --
> "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither  Liberty nor Safety."
> -- Benjamin Franklin
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg