Re: [Cfrg] Structure in the S-box of the Russian algorithms (RFC 6986, RFC 7801)
Tony Arcieri <bascule@gmail.com> Mon, 11 February 2019 21:49 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57831277D2 for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2019 13:49:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yt89fW6nJbjO for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2019 13:49:30 -0800 (PST)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09CF9126C15 for <cfrg@irtf.org>; Mon, 11 Feb 2019 13:49:30 -0800 (PST)
Received: by mail-ot1-x32b.google.com with SMTP id 32so717681ota.12 for <cfrg@irtf.org>; Mon, 11 Feb 2019 13:49:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ofBIDiCJhJtxzKz4lP0Cyv9OV9C/jMTq2fftOd64vJQ=; b=tyCe3CQtICa3uVE0K8UTRtUrQwpVV6vzmDwOMTpiezoloUnqqBFYjYU0oN7GjMkTOD cT0i8j6cEN6Y9hlywf0KACE4wk13qSrVHO6s/NZQDUt795ojfARu4BskvW7qMi36xqT0 B2OoySWN+lqJ+5LuMppRBTQc5IYCqDxyA4k1gsHC++5/HrlW9aLaDBUsGMr+qWYol8O/ eeiNMaQ9xaPEhpK5lch4rgz6sYWBRn+ESmoimHf4eyNFJpz518852GTkGLqvDgYWw9o5 HVPNT38+Gzfk8aguVOui40I6sgXAAMdPsehApUxMJ/BBrqy2yxDqpyZO049B6J/N1zME xJmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ofBIDiCJhJtxzKz4lP0Cyv9OV9C/jMTq2fftOd64vJQ=; b=HNAAkUtMyUMBTudFd6e4QcwamBNVGuMtuF/AhuARygVrMIuRvuqbQd4fqOkuVQ2EhI wOxzjBA15O26GGe5Hl7VG63Dop6wVOU8crlzwAg82rsSjyC6wEJtr9kokegwlkz8OiUW /iW9hUxOOL0JPNtgt1sWyvGhOPP8OTU+cOiugsYonejh3tNx87t2RWvoezuxb3z/o8GW hJKttdep94bf0XDEhrLtKoCKdFGxAizoKOXwZI5C1+MuaygHUuVnt/UcJoD1P01RzbZ+ 6sfOryglPfpgQXRLsICbnenxrLhtuuYwNo8VDzv/ORoDjsxfLENKJNfxyu27EahehjMA PAng==
X-Gm-Message-State: AHQUAubWVPJ40wOsoUXbbat7aC6IP4rbJhAA3kyXGZbKGdEYgWZJUqxP AIxpS7RkBZQ4/mjiiZE4p3a9pDVrniw0WirM8UI=
X-Google-Smtp-Source: AHgI3IZtYOPG5WWuAuIcyEKvTUP+eps2eR62MA0v8uk7csnYMa7RjjO+tHTVwhK2Ve5vmDCmEEtQX9NLeKlR3yZybsg=
X-Received: by 2002:a9d:6b94:: with SMTP id b20mr414726otq.42.1549921768824; Mon, 11 Feb 2019 13:49:28 -0800 (PST)
MIME-Version: 1.0
References: <47911132.8757406.1549835386894.JavaMail.zimbra@inria.fr> <CAHOTMV+EtVP0xf8-pGpJZJLorYvNWaTuQ1+JXN2TuB7jOdsbPg@mail.gmail.com> <CAMr0u6k+awvZLRuCvCY_a+NokvqtgvL0gsAedmzUvDXvzvFWTA@mail.gmail.com>
In-Reply-To: <CAMr0u6k+awvZLRuCvCY_a+NokvqtgvL0gsAedmzUvDXvzvFWTA@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 11 Feb 2019 13:49:17 -0800
Message-ID: <CAHOTMVLasgBAqJFF_KR4RGmfd98Z9eW=F+bY-jFKCaD4NtXuCA@mail.gmail.com>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Cc: Leo Perrin <leo.perrin@inria.fr>, CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000075e3570581a548eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Y9-pcmd3g-xQGK08L0aAashp0W8>
Subject: Re: [Cfrg] Structure in the S-box of the Russian algorithms (RFC 6986, RFC 7801)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 21:49:32 -0000
On Sun, Feb 10, 2019 at 10:44 PM Stanislav V. Smyshlyaev <smyshsv@gmail.com> wrote: > But those curves were generated in 2012 - they reflected best practices > and state-of-the-art of that time. And Streebog was used for the obvious > reason - it was a new hash function that was standardized in Russia (as a > part of GOST R 34.11-2012 standard) and available for me and my colleagues. > I'm not accusing you of acting in bad faith (and to the extent I may have done that in my tweet regarding Streebog in general I apologize, it was moderately out of proportion). That said, one of the main goals of the CFRG in selecting new elliptic curves was to have a set of "rigid" selection guidelines (a.k.a. "nothing up my sleeve"). A series of circumstances like this is the exact reason why it's nice for the curve parameter selection process to be beyond reproach, and if nothing else serves as an illustrative example of what could go wrong in a standardization process which doesn't follow this approach. -- Tony Arcieri
- [Cfrg] Structure in the S-box of the Russian algo… Leo Perrin
- Re: [Cfrg] Structure in the S-box of the Russian … Tony Arcieri
- Re: [Cfrg] Structure in the S-box of the Russian … Stanislav V. Smyshlyaev
- Re: [Cfrg] Structure in the S-box of the Russian … Tony Arcieri
- Re: [Cfrg] Structure in the S-box of the Russian … Paul Lambert
- Re: [Cfrg] Structure in the S-box of the Russian … Dmitry Khovratovich
- Re: [Cfrg] Structure in the S-box of the Russian … Leo Perrin
- Re: [Cfrg] Structure in the S-box of the Russian … Sergey Agievich