IETF Logo Mail Archive

Re: [Cfrg] testability of signature input/output parameters

Rene Struik <rstruik.ext@gmail.com> Thu, 04 June 2015 19:21 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92B911A8961 for <cfrg@ietfa.amsl.com>; Thu, 4 Jun 2015 12:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ofFNGNxiJM5A for <cfrg@ietfa.amsl.com>; Thu, 4 Jun 2015 12:21:54 -0700 (PDT)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF1381A8952 for <cfrg@irtf.org>; Thu, 4 Jun 2015 12:21:53 -0700 (PDT)
Received: by igblz2 with SMTP id lz2so46801733igb.1 for <cfrg@irtf.org>; Thu, 04 Jun 2015 12:21:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=JK9Gnruv1IsuPH1Gd3b0lcsRxSbJnbp015Yf87a5ELs=; b=hxJFg/BFiKUrNMTfF5Xm09MlMT/URUW8rNsDoqH+fsBw5/TtBAh8bgTiEZMjGbOmxv Eg2ONICKb/lFa9NuuUa8A089BxqsEdHru1FWmoaRlYMThUzN6wbvBO4SWJ9vMH98zRW7 J7aKyGlTH24dgJvkpYmOcrxkAKn578JGr6o1MnJEHpg5hSYslELUrBUPOSjZGOxi3WaG 9DdXar1XGSJYC06fw4tHcF1LsJEDRelTkJGMjY8U9iDVrtRwvXetT17ZLElJ4yEG24NO ybHmjOyo11eYlLcb8oJMYsMchsqwPu6rVXxmbwFp+k4yTwOgxnN3NpteQlQVs5FXwVQV s0yg==
X-Received: by 10.107.132.87 with SMTP id g84mr21552915iod.25.1433445713371; Thu, 04 Jun 2015 12:21:53 -0700 (PDT)
Received: from [192.168.0.14] (CPE7cb21b2cb904-CM7cb21b2cb901.cpe.net.cable.rogers.com. [99.231.49.38]) by mx.google.com with ESMTPSA id x4sm1768854iod.26.2015.06.04.12.21.52 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Jun 2015 12:21:52 -0700 (PDT)
Message-ID: <5570A53D.7020207@gmail.com>
Date: Thu, 04 Jun 2015 15:21:33 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <C49BFA4F-76B9-48A1-913B-144D606FBBDD@isode.com> <556F8811.2070101@cs.tcd.ie> <20150604065658.GA14531@LK-Perkele-VII> <55705C19.4040600@gmail.com> <20150604183631.GL18760@localhost>
In-Reply-To: <20150604183631.GL18760@localhost>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/cuTcwUDjWU96yHOIAdNOWtCjV6o>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] testability of signature input/output parameters
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 19:21:55 -0000

I think one lesson one can draw from "piecemeal polls" is that it might 
make it harder to consider system-wide trade-offs.

Hence, the questions in my email of yesterday, June 3, 2015, 5.14pm EDT, 
see http://www.ietf.org/mail-archive/web/cfrg/current/msg06875.html. I 
think these still stand.

Rene

On 6/4/2015 2:36 PM, Nico Williams wrote:
> On Thu, Jun 04, 2015 at 10:09:29AM -0400, Rene Struik wrote:
>> [...]
> It isn't possible to write test vectors for non-deterministic signature
> schemes unless you expose PRNG state or nonce inputs as explicit
> arguments to the API.  Regardless of whether one chooses to do that or
> not, non-deterministic signature schemes whose security falls apart when
> nonces are reused (or are predictable) is a really bad idea.
>
> Anyways, we've already determined that we have consensus in favor of
> deterministic signature schemes.  You could ask that that matter be
> re-opened, but first re-read the threads that led there.
>
> Nico


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363

v2.23.0 | Report a Bug | By Email