Re: [Cfrg] CFRG feedback on signing with secp256k1 curve
Dan Brown <danibrown@blackberry.com> Wed, 13 June 2018 11:52 UTC
Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1776C130E1B for <cfrg@ietfa.amsl.com>; Wed, 13 Jun 2018 04:52:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUrVPM8fxKVS for <cfrg@ietfa.amsl.com>; Wed, 13 Jun 2018 04:52:07 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4F55130DEF for <cfrg@irtf.org>; Wed, 13 Jun 2018 04:52:06 -0700 (PDT)
X-Spoof:
Received: from xct108cnc.rim.net ([10.65.161.208]) by mhs211cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Jun 2018 07:52:05 -0400
Received: from XCT199YKF.rim.net (10.2.25.7) by XCT108CNC.rim.net (10.65.161.208) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 13 Jun 2018 07:52:06 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT199YKF.rim.net ([fe80::3026:d39d:47da:9fa3%12]) with mapi id 14.03.0319.002; Wed, 13 Jun 2018 07:52:04 -0400
From: Dan Brown <danibrown@blackberry.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] CFRG feedback on signing with secp256k1 curve
Thread-Index: AdQDDPHApxKUsU9XRnCoysNCHCWZFA==
Date: Wed, 13 Jun 2018 11:52:03 +0000
Message-ID: <20180613115201.8654932.51833.25750@blackberry.com>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-ID: <DC5B7CC68943B14590FD8C02F0F8C10A@rim.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/YmsPiiBYjy7YPMIrs0udV9GW9eU>
Subject: Re: [Cfrg] CFRG feedback on signing with secp256k1 curve
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2018 11:52:11 -0000
what about sha256, see below... From: Peter Gutmann Sent: Wednesday, June 13, 2018 4:46 AM To: Mike Jones; cfrg@irtf.org Subject: Re: [Cfrg] CFRG feedback on signing with secp256k1 curve Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org> writes: >because Blockchain is using secp256k1 and is under tremendous scrutiny, it’s >my assumption that if major security flaws were known, people would be widely >talking about them It's worse than that: Because of Blockchain, secp256k1 is under tremendous scrutiny, and anyone finding a weakness is highly motivated *not* to talk about it. secp256k1 is the curve I'd least want to use because it's such a massive target for highly-motivated attackers. Peter. _______________________________________________ So you must even less want to use SHA256 because Blockchain uses it for the sigs and the chaining and mining (proof of work). It’s also used in some other places, so it is a bit more massive target than secp256k1. Dan
- Re: [Cfrg] CFRG feedback on signing with secp256k… Dan Brown
- Re: [Cfrg] CFRG feedback on signing with secp256k… Dan Brown
- Re: [Cfrg] CFRG feedback on signing with secp256k… Dan Brown
- Re: [Cfrg] CFRG feedback on signing with secp256k… Peter Gutmann
- Re: [Cfrg] CFRG feedback on signing with secp256k… denis bider
- [Cfrg] CFRG feedback on signing with secp256k1 cu… Mike Jones
- Re: [Cfrg] CFRG feedback on signing with secp256k… Richard Barnes