IETF Logo Mail Archive

Re: [Cfrg] Threshold signatures

Tony Arcieri <bascule@gmail.com> Fri, 03 January 2020 00:46 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB3151200C3 for <cfrg@ietfa.amsl.com>; Thu, 2 Jan 2020 16:46:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qg73wlJzwrKf for <cfrg@ietfa.amsl.com>; Thu, 2 Jan 2020 16:46:55 -0800 (PST)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C90612006B for <cfrg@irtf.org>; Thu, 2 Jan 2020 16:46:55 -0800 (PST)
Received: by mail-oi1-x22d.google.com with SMTP id n16so9748315oie.12 for <cfrg@irtf.org>; Thu, 02 Jan 2020 16:46:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/aUBMA9tfX1XHXS7t+2Sdvx1G1Y21xxKqv1rUK/LL1A=; b=HH5c/9GYdh7xkXIwVzXvoKQHVx41iaNWoufei0diWXbaUBtx3YZ+OqohVyZ8jWt8uv cr0C17CxS+Cg7EmmDoQ7hYJC7JFKm3wD7ON072Tu/qRA+rl1S6jh8/sj4SbZjARTc1gh t4JTOdZucWBBWmAbpjLOVlLzi4sUOWV9uiKyOf+N4xE7v0hc96MqmX1SWyUXTf8DKQcu ClEUWFbJyCMgQ1p2ECBJHqtlLmIs+msFchPyn55NFxFXv8aKmr5FHcblfNGHYNzE72a3 jOKVmefLNtZ6ZBKV7IBfYp5ZhzHze6TKXd9UTL33u6+2ggvRsdJJPiOJz3TNqHVgEpbs GdCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/aUBMA9tfX1XHXS7t+2Sdvx1G1Y21xxKqv1rUK/LL1A=; b=m3zYmRj3aS1WA/s6F8tqY5l32trVBV/WDFYLUy3UA5muqxxGGm0QYJs2QRwGGkokwH X1Fym5AmwxG+6lgls2VXLOelX1t8KgUEFeXvuDKi1sfGJgCr7Ie76mTpmCHHhzg8Xyae erBHpdgPppmayeDOpOE/63JUKH6O0bmgSRAe90inEBnWsZCW86VYSZCoFjXkqs+nQCJF cmh+Q/J78dy7HlFlHdV6pE+b4bj5myrLVGFSKMBcondSnc0UqASOetC2Fvg9k8JEfYFA Z+cZw/pWcgJThdw16bCynBApJmQOmVjvE0y8FNfN6QTTqhT7NjAxmgZGXYthaBh735Qt 6SFg==
X-Gm-Message-State: APjAAAW7zNJfvjnNMMpvE/D32ggG1OMwCSxaIKwxHuNMD8/o41RsPRSa t86PcZdJ1L/4r94SxMTaGWgSNJFjwKO7wgxNjuI=
X-Google-Smtp-Source: APXvYqwncL+AoVzc+3hReX4XTtwqiEl0pZMvv7shlUBOEIZiBmhYZ189N/gr7Y7fC+M535DuP1UVG5zGh+I1lXEOdmk=
X-Received: by 2002:aca:d0c:: with SMTP id 12mr3470139oin.26.1578012414410; Thu, 02 Jan 2020 16:46:54 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwiXTA7UoFwSWE_c-cy_EdtYE5qFAm594UfFkdAVLNhimg@mail.gmail.com> <902BF3DD-4515-4A23-B7B7-0C9D8726E56F@gnunet.org> <CAMm+LwjZ8fhe9XhRFr=93ye5je1KJRUzYydd34sX_8Y594vKkQ@mail.gmail.com>
In-Reply-To: <CAMm+LwjZ8fhe9XhRFr=93ye5je1KJRUzYydd34sX_8Y594vKkQ@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 02 Jan 2020 19:46:43 -0500
Message-ID: <CAHOTMVKA0wt-kqbW0bNOhJMKrmz_X3H9Hj-5KqmepN_gVMk0WQ@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: Jeff Burdges <burdges@gnunet.org>, IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000006986f7059b31a55c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/delaKa8u1wl8x1ppOvauW-IoPVg>
Subject: Re: [Cfrg] Threshold signatures
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 00:46:57 -0000

On Thu, Jan 2, 2020 at 7:36 PM Phillip Hallam-Baker <phill@hallambaker.com>
wrote:


> I discuss multi-sigs in the paper but the short answer is that pretty much
> every code signing system out there has a de facto assumption of one
> signature.


In addition to TUF, simple threshold signatures are also supported by
OpenPGP via TSIG.


> But more specifically, what I want to do is to divide the ability to use a
> code signing key between a cloud service and one (or more) engineers
> holding code signing keys.
>

A simple threshold signature set is definitely going to be the most
practical way to support this use case. Even Ed25519 support is exceedingly
rare in cloud KMS systems. I think that even if a spec for an interactive
Schnorr-based scheme existed, it's extremely unlikely that such systems
would adopt support for it, as these systems are deliberately slow-moving
by design, don't add new features without extremely strong and pervasive
customer support, and when they do add features, take quite awhile to do so.

-- 
Tony Arcieri

v2.23.0 | Report a Bug | By Email