Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-02.txt

Christopher Wood <caw@heapingbits.net> Mon, 30 August 2021 13:58 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7967D3A1314 for <cfrg@ietfa.amsl.com>; Mon, 30 Aug 2021 06:58:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=gS5Rps5r; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=OPu1CjAE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWJLxncx5mRU for <cfrg@ietfa.amsl.com>; Mon, 30 Aug 2021 06:58:44 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1263F3A1311 for <cfrg@irtf.org>; Mon, 30 Aug 2021 06:58:44 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 1B39632009A6 for <cfrg@irtf.org>; Mon, 30 Aug 2021 09:58:43 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Mon, 30 Aug 2021 09:58:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=fEa6oulx0m94Wr9dsikH7sh4oRwJQFg AGtmNxjhndJI=; b=gS5Rps5rxsqHivTF5iDU1I/5Ws41TcRc9Ea6tYnwrVFhfwZ yoAH95ABy/o4XZAHsrni+iTp8bRUmr+CtI2MoMZdWWpCbDaSu/lI0tt9qzG2ajKK J2becn/S0mtjId9T6C8U6ngAhT4JXf8y4OjE8uS9XHpuNDOQNwUw9BRwrqRX7zfv 2YpOSTYcICRVbSBpdmaxwXDDodlAtH5boGpse0tOhS9/eV5hr7Q1/eeBlqMfk4ep nSlczvLvORvePZWUE/O72bw4Pm9Vyo9C1jaNBb/qv1tKpp26gMOljW1A90tTcVOx NCRNSty0oO01KBTd8D7RIDAN+TN7ORFAnKmnMIg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=fEa6ou lx0m94Wr9dsikH7sh4oRwJQFgAGtmNxjhndJI=; b=OPu1CjAE4or5raHCMQmrJy qgS5eti95Ak9t/6xXmtq0wx12XSKxwP8RLh4f6ltrRJqgHCCbdeVPZn3XDCoKWcj vMfWXqEWGzxfIPuRQ+5PfZVHdKZr/ecohpW9t6u/AoNqcFgZmbkhs+QySmprBuns smw4KTwEhkHl9xJWa6ET5fExHWfIg8OGi6eadyEqmXPOvdDsNcRVcjBOz5OoSntA dJ0TSvtIeQOciBYf+OqU6VprIUkS/NXYzqDnDucGfT0w+t//7jWcMuDLbtZFKj9o /M/IGzIf2OsimFyWFsFzdtc2IGDaOscfgOOGS03CBCZP7fkbxK6LaAemNyUtdPWw ==
X-ME-Sender: <xms:EuQsYRK_Qec1GZO1yeRrzqsWISGnfuTfKTyHf3UVJlkIsm00Ay_pOQ> <xme:EuQsYdKiNpFrlqumRGXbSntA7f4wH8ZMHpVgEzJ3KbivbXZOsMtTT_AxspKfx561S 8BficYnJhgPK19OJUQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudduledgjedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeevkeegtdfgtd ejhfetieefjefhtdfgudefudefleejuedvjedthfevgfevgfevtdenucffohhmrghinhep ghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:EuQsYZtXhBcDWqkb5IJcF5HAD44clYC_akpZDOO5sh_OtHLkpifMSA> <xmx:EuQsYSb71Vsc-CtRybX9MtKIaCI7O3qIxtWnlfMxEDFmAAK2vdmZ5g> <xmx:EuQsYYbXCxHn8oBsWprVh4Z_594_KKkDOY5AU1CbUbJU9uTGAPoRpg> <xmx:EuQsYRk6EP3qHF6OVpXtPkZRpeNsza65cfsaXyUIHFvqWKi1cesVjw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4B27A3C0EB8; Mon, 30 Aug 2021 09:58:42 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1125-g685cec594c-fm-20210825.001-g685cec59
Mime-Version: 1.0
Message-Id: <19bb2830-3c55-4c07-bb81-4da41eb6f930@www.fastmail.com>
In-Reply-To: <b4ab82f15439491bb265ba6d64d60185@uwaterloo.ca>
References: <162791899203.1107.7194332652638927873@ietfa.amsl.com> <0aab06f7-7beb-4ccc-ab8b-3a09d4d3c8fc@www.fastmail.com> <20210802172912.GK6513@yoink.cs.uwaterloo.ca> <a154ab88-7410-4346-8f7a-110f8e9a5591@www.fastmail.com> <CAMr0u6=QrGQt5UPzbwEs+zmLuzgB+KC2OJ0R+C0Md0EkXWWFmw@mail.gmail.com> <b4ab82f15439491bb265ba6d64d60185@uwaterloo.ca>
Date: Mon, 30 Aug 2021 06:58:22 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/dr4QnOMCAMd5WDXnespSr2yp5Z0>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2021 13:58:51 -0000

Thanks for the feedback, Chelsea! Please see inline below.

On Sun, Aug 29, 2021, at 8:00 PM, Chelsea Komlo wrote:
>  
> I recommend adding to Section 8.6 a discussion of U-Prove [1] and how 
> the broader goals of this draft (use of blind signatures to address the 
> shortcomings of VOPRFs) relate to the design of U-Prove. 

I filed this to track the suggestion: https://github.com/cfrg/draft-irtf-cfrg-blind-signatures/issues/95

> I also recommend including a short discussion of practical/desired 
> extensions to Privacy Pass and how/if these extensions can be 
> accommodated by Blind RSA. For example, including public metadata such 
> as expiration timestamps, etc. 

I filed this to noting how blind RSA could satisfy public verifiability for Privacy Pass: https://github.com/cfrg/draft-irtf-cfrg-blind-signatures/issues/96. 

I don't think we should touch on features not supported by the draft (such as partially blind signature support), as that list is likely extensive. 

> Section 5.1.1
>
> "The blinding factor r must be randomly chosen from a uniform 
> distribution. This is typically done via rejection sampling."
> 
> Is this not implied by the function random_integer_uniform?

It is, though as Jeff said, we added this note for additional clarity. 

Best,
Chris