Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 26 September 2018 19:14 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DD861274D0 for <cfrg@ietfa.amsl.com>; Wed, 26 Sep 2018 12:14:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DUZXdFBpgmLZ for <cfrg@ietfa.amsl.com>; Wed, 26 Sep 2018 12:14:11 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CC9B127333 for <cfrg@irtf.org>; Wed, 26 Sep 2018 12:14:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1537989251; x=1569525251; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=62P9mbKISXBaD7tWhd3KEb4l7W4zjhNMURyfzdTAQuw=; b=118rBe7mQ2wly9CmG0qC/scFPy6HUwHX9I4Gh83gawQ4vOm6gXT7oCAo Lgt+/PJ4g2F9Ef/dtkNANsdjXRE0/lwJr0F9t7OKHrv05p5yEFF+SuUmi bxPmrFO15ZFj0k787SvNhF2OoUN9wFCMjrqkpJ/ym2v4u/gqRo72aWZmc 2/7VrqWWlNNbKePtgZeXjTuOKBak5h4HP8iQCIbI2iFgrGQdmimkZyc+R YAhwrC+B7tK1mbbdkNQ+ENYKtlrRoCo2MHG6FTYrQMfngseDbR6orH0N/ 0F1XkLUUR9pCc+TchUerh8upoS8dxi6ND3a5OTFU3Bd3mSNfaWaeH8wH0 w==;
X-IronPort-AV: E=Sophos;i="5.54,307,1534766400"; d="scan'208";a="32457818"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-b.UoA.auckland.ac.nz) ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 27 Sep 2018 07:14:04 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.3) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 27 Sep 2018 07:14:03 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Thu, 27 Sep 2018 07:14:03 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: John Mattsson <john.mattsson@ericsson.com>, "Saqib A. Kakvi" <saqib.kakvi@uni-paderborn.de>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] A new MGF for RSA-PSS based on SHAKE
Thread-Index: AQHUTskYV5j6U9RAXkKfFCz+rKFFD6T3xcHs//9WzwCAAAqeAIAKOeUAgAGbZGA=
Date: Wed, 26 Sep 2018 19:14:02 +0000
Message-ID: <1537989175802.46714@cs.auckland.ac.nz>
References: <3B4BE320-418B-4FC1-8427-0EF2F58A0F01@vigilsec.com> <6FD96340-0D8D-44C0-9374-9D7A3F36F967@gmail.com> <27af097a-6769-fcc4-7b28-12c1ea77055a@uni-paderborn.de> <000d01d45041$a8930250$f9b906f0$@augustcellars.com> <a21a5c72-f9e5-2eb7-4144-bdded4c8321d@uni-paderborn.de>, <E7059316-430B-4DE0-A0C7-09A0B6783C0F@ericsson.com>
In-Reply-To: <E7059316-430B-4DE0-A0C7-09A0B6783C0F@ericsson.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/_Ap4aKOMie5hshuQ5Bj9-Ep9KnU>
Subject: Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 19:14:14 -0000
​John Mattsson <john.mattsson@ericsson.com> writes: >If FDH gives better security it should be discussed, but based on your >comments it is only as secure as PSS. Also, given recent results, neither are more secure than good old v1.5: https://eprint.iacr.org/2018/855 Given that PSS and FDH are much, much more complex to implement than v1.5 (i.e. more things to go wrong), and require a source of random numbers that v1.5 doesn't, is there any advantage to using PSS or FDH over just staying with v1.5? Peter.
- [Cfrg] A new MGF for RSA-PSS based on SHAKE Russ Housley
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Saqib A. Kakvi
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Jim Schaad
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Saqib A. Kakvi
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE John Mattsson
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Jim Schaad
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Peter Gutmann
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Scott Fluhrer (sfluhrer)
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Jim Schaad
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Peter Gutmann
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Andy Lutomirski
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE John Mattsson
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE John Mattsson
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE A. Huelsing
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Tibor Jager
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Natanael
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Dang, Quynh (Fed)
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Panos Kampanakis (pkampana)