IETF Logo Mail Archive

Re: [Cfrg] Call for adoption: draft-hdevalence-cfrg-ristretto-01

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 02 October 2019 17:02 UTC

Return-Path: <prvs=51783a50ab=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBB0C1200E6 for <cfrg@ietfa.amsl.com>; Wed, 2 Oct 2019 10:02:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZFzIZQEzSCk for <cfrg@ietfa.amsl.com>; Wed, 2 Oct 2019 10:02:29 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33FA51200D8 for <cfrg@irtf.org>; Wed, 2 Oct 2019 10:02:28 -0700 (PDT)
Received: from LLE2K16-MBX02.mitll.ad.local (LLE2K16-MBX02.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id x92H2Rjm036440; Wed, 2 Oct 2019 13:02:27 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Greg Hudson <ghudson@mit.edu>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Call for adoption: draft-hdevalence-cfrg-ristretto-01
Thread-Index: AQHVbkB1fylWj0aJGEaJeRfJLd1BNKcx9jSAgABTT4CAANwyAIARR5EAgABT4wCAABzSgIADC2EA///AeAA=
Date: Wed, 02 Oct 2019 17:02:26 +0000
Message-ID: <9BD6E35F-CD0E-4F50-8F62-0B3CDFAF9A81@ll.mit.edu>
References: <e43c34da-1e2c-d1b5-9fc1-5bcc8373ebc8@isode.com> <CAL02cgQorNKVrOPvqZQtDQNK-F0nH_dwj3i39zadkBKM1O0U5A@mail.gmail.com> <161fc653-2cab-4c6d-812b-92d2e426719d@www.fastmail.com> <6be1dbd1-308c-4e32-98e3-f02dbceefa4d@www.fastmail.com> <CAD5V+fPL+OAoQu_emTSULvv=-hUsrQx97y-7EoeKsfoXH=NTbA@mail.gmail.com> <704a89b1-1527-90c6-41c5-6f17a03d973d@mit.edu> <CAD5V+fPR37VYr9K6T7A3FTAuxgaaMv-WdQd6mXcGHyydks7Cag@mail.gmail.com> <72cd25b1-8cae-da61-5142-d6763f4613db@mit.edu>
In-Reply-To: <72cd25b1-8cae-da61-5142-d6763f4613db@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
x-originating-ip: [172.25.1.84]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3652866146_2110942958"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-02_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910020144
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Z-QlDyAzBZNOf1a3ARO2UHYnUlc>
Subject: Re: [Cfrg] Call for adoption: draft-hdevalence-cfrg-ristretto-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 17:02:32 -0000

On 10/2/19, 12:50 PM, "Cfrg on behalf of Greg Hudson" <cfrg-bounces@irtf.org on behalf of ghudson@mit.edu> wrote:
    > [I wrote:]>>     Hashing non-uniform inputs does not produce uniform outputs
    >> On 9/30/19 2:20 PM, Alex Davidson wrote:
    >> I should have made it more explicit here that I'm assuming that the
    >> initial hash function evaluation is modelled as a random oracle.
    >
    > The output of a random oracle (instantiated once globally) on
    > non-uniform inputs is not uniform, in the sense of all values being
    > equally likely.  For example, if "mypassword" is a thousand times as
    > likely as any other input, then H("mypassword") will be roughly a
    > thousand times as likely as any other output.

Which is no different from, e.g., a block cipher in ECB/codebook mode. Which often enough is modeled as Random Oracle, regardless.

v2.23.0 | Report a Bug | By Email