Re: [Cfrg] draft-fluhrer-lms-more-parm-sets-01

Russ Housley <housley@vigilsec.com> Mon, 27 April 2020 10:35 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DEE63A09F3 for <cfrg@ietfa.amsl.com>; Mon, 27 Apr 2020 03:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRUJk0fPVKej for <cfrg@ietfa.amsl.com>; Mon, 27 Apr 2020 03:35:51 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89D8E3A09F1 for <cfrg@irtf.org>; Mon, 27 Apr 2020 03:35:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id B09E1300ABD for <cfrg@irtf.org>; Mon, 27 Apr 2020 06:35:48 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id yZOSTlOpZyrJ for <cfrg@irtf.org>; Mon, 27 Apr 2020 06:35:47 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 5642B300A02; Mon, 27 Apr 2020 06:35:47 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <3F99CED3-A810-4CF6-98AC-A55E29000D1F@vigilsec.com>
Date: Mon, 27 Apr 2020 06:35:47 -0400
Cc: IRTF CFRG <cfrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <292BB47D-6760-4B9B-B1F0-92E1804D009F@vigilsec.com>
References: <3F99CED3-A810-4CF6-98AC-A55E29000D1F@vigilsec.com>
To: Scott Fluhrer <sfluhrer@cisco.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Vc9jdWqlRpcgCZci93xmlTJsxKQ>
Subject: Re: [Cfrg] draft-fluhrer-lms-more-parm-sets-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 10:35:53 -0000

Scott:

I have an additional question.  The analysis in Section 8 (Security Considerations) seems to assume the same hash algorithm is used throughout the LMS tree.  However, the LMS typecode could indicate one hash algorithm and the LMOTS typecode could indicate another.  Would it be an error if different hash algorithms are used in this manner?

Russ


> On Apr 23, 2020, at 3:01 PM, Russ Housley <housley@vigilsec.com> wrote:
> 
> Scott:
> 
> Thanks for your talk on this draft yesterday.  It raised a few questions.
> 
> 1) SHA256-192:  I like it.  Does the size of I change?  My guess is that it is still 16 bytes, but I want to be sure.
> 
> 2) SHAKE256-256 and SHAKE256-192:  Why use an Extendable-Output Function (XOF)?  Since the output in the application is always 256 bits or 192 bits, the normal reason for picking an XOF does not seem relevant.
> 
> 3) Temporary code points: Why do you have collisions?  For example, LMOTS_SHA256_N24_W1 and LMS_SHA256_M24_H5 are the same, and RFC 8554 avoided overlaps between LMS and LMOTS code points.
> 
> Russ
> 
>