IETF Logo Mail Archive

Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-06.txt

Martin Thomson <mt@lowentropy.net> Fri, 09 December 2022 01:48 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9FDCC1516E1 for <cfrg@ietfa.amsl.com>; Thu, 8 Dec 2022 17:48:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=j+2WAgkQ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=uGQ3TzrQ
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47R4CULJFE2F for <cfrg@ietfa.amsl.com>; Thu, 8 Dec 2022 17:48:47 -0800 (PST)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 243B2C1522B0 for <cfrg@irtf.org>; Thu, 8 Dec 2022 17:48:47 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 63A713200914; Thu, 8 Dec 2022 20:48:44 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Thu, 08 Dec 2022 20:48:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1670550523; x=1670636923; bh=6V wvAM6nVl4QISElYThXAXfSfgL6XcTxZSE9jxiIk7w=; b=j+2WAgkQDli+VIm1dN 0Te/xwvAtfxEVrZlrHDFODkYFiV7sSNeDrcdkQ+Pem5ATJA1cL/WfVHMUz9ssf2L nk/YIUnfLv/V+40dxhqsavJvCnwMhnPqQcWkFl72zsPItWtWhUK2FyOLrXWIuFxJ QNRXZ5e4aCKqwxK2OZfqdNT9DxTcQCUeAq2KwpwcmFJ8f2YRsIVjh92A5NS72uR1 6aLoDyhI8jW/Oebi6AR2+Y7dKFFS3y7AhTbW7VKUyj2IOWbB8DVrNJo7N8+o3uZF 4NNwC3yaD2+kLonx9G0g1kIlrXqzVaBiX7b8zTz5BEPPtOIKHz57mS8jYshxKzwB +Wtg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1670550523; x=1670636923; bh=6VwvAM6nVl4QISElYThXAXfSfgL6 XcTxZSE9jxiIk7w=; b=uGQ3TzrQ50wOhc2EL6vzknzPSo4Kvk1ExhRwLTBojdtw Pvcx71Slly4GWPNhZIioYXbNuRsT+qfq0ePeQWJ876CNA6PprBBBKR5O+YSUdF11 R2eFhClyoTmA4NkR/0S8Y7FukSZsVhQPBOkQH/WXBB3fQLezvXZmgFYGQMSUgFq/ 36rq+ikh6o/w6pbLSdrd00gcmCenb4/uZS0UmRl2DpOP3N/TLy8qrOLD4jmzSp1F bAqmTUzbA8sjH9HO91sml8O6KVTIdDjrWAAVmpO57WRjGjEpf8z+v3qZ6wyrDd6i mcAHfP0KRb/H0xrdh5MMg92yw6ujyYs3v0nBRybM3A==
X-ME-Sender: <xms:-5OSY74JW370NLyFWlsqnUcsal-gdq_8tDgGyTO1QfWmYAQ-UgISsA> <xme:-5OSYw72oZ61yFNroqDFYbYix73Xze2tB666ABEWlRemxqisLhbtJ6qrAbmDMMVYq mm0Z78dJTotMlpuhnc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddugdegtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvfevufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefhgfdukeduueevfeejvd fhgeefvdduteejkeekjedutefhhfffudekteefffehudenucffohhmrghinhepghhithhh uhgsrdgtohhmpdhivghtfhdrohhrghdpihhrthhfrdhorhhgnecuvehluhhsthgvrhfuih iivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidr nhgvth
X-ME-Proxy: <xmx:-5OSYyewTv6Ef9fyqVBlnvgQGcJy6LiAX_kzVB69-aWpzJapsG85dg> <xmx:-5OSY8J2m3R3plMo2ibJj3VyPUG_-j0NPDumvZNBdSUd5IaYW2_ZWg> <xmx:-5OSY_Kg_0XM2mIHuwA8ra2WEutIDi99mavh1AV_MD2PzJaAAk5Uzw> <xmx:-5OSY6mcfbyGXTXnQc8H1RdSB-jtt1pc-1FthCMcpnDiw8Fn-Bw8VA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8E90D234007E; Thu, 8 Dec 2022 20:48:43 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1115-g8b801eadce-fm-20221102.001-g8b801ead
Mime-Version: 1.0
Message-Id: <491d8df7-b601-4835-aebd-6dc2e29d5da4@betaapp.fastmail.com>
In-Reply-To: <4D857C60-3D7B-4F63-9372-385AACB079B6@heapingbits.net>
References: <166906886082.62494.8820552099363522855@ietfa.amsl.com> <CAL02cgTHR4HLe2iOu3D3LxsB02DLG7w+pM550moax2=4VuYOFA@mail.gmail.com> <437fb464-dc79-43e4-b448-75ee7bc16abe@betaapp.fastmail.com> <4D857C60-3D7B-4F63-9372-385AACB079B6@heapingbits.net>
Date: Fri, 09 Dec 2022 12:48:26 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Christopher Wood <caw@heapingbits.net>
Cc: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/h-YTiliYYb0IuUBvQ_znKaBYajM>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2022 01:48:51 -0000

Yep, I've been tracking the issues and are happy with their resolution.

On Fri, Dec 9, 2022, at 04:23, Christopher Wood wrote:
> Thanks for the review, Martin. All editorial issues have been addressed 
> in the latest version of the document, including the way we walk about 
> message randomization. Can you please confirm that the latest version 
> addresses your comments?
>
> Best,
> Chris
>
>> On Nov 23, 2022, at 8:13 PM, Martin Thomson <mt@lowentropy.net> wrote:
>> 
>> Chris asked me to look at this document.
>> 
>> Overall, this looks good.  I had a few editorial issues, which I've opened issues or pull requests for.  However, I found an editorial issue that is worth raising here:
>>  https://github.com/cfrg/draft-irtf-cfrg-blind-signatures/issues/148
>> 
>> Sections 5 and 6 introduce message randomness requirements that don't seem to be very well contextualized.  I think that this stems from some unstated assumptions about the application domain.  Being a little more deliberate about how this scheme might be applied could go some way to making this sudden addition of a random suffix on messages understandable.
>> 
>> One consequence of this is that you might think, from reading up to Section 4, that you could send a message with an RSASSA-PSS label attached to it and the recipient doesn't need to care that it was generated using this process.  However, it is not clear to me now whether that would be a sensible thing to do, due to the entropy requirements imposed by the attacks referenced in Section 8.3.  Of course, adding 32 bytes of randomness to messages - the recommended approach - means that the recipient really does need to know that this has happened, or it might question what those 32 bytes mean.
>> 
>> On Wed, Nov 23, 2022, at 14:10, Richard Barnes wrote:
>>> Thanks, authors.  I reviewed this version, and it addresses my RGLC comments. 
>>> 
>>> On Mon, Nov 21, 2022 at 17:15 <internet-drafts@ietf.org> wrote:
>>>> 
>>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>>> This draft is a work item of the Crypto Forum RG of the IRTF.
>>>> 
>>>>        Title           : RSA Blind Signatures
>>>>        Authors         : Frank Denis
>>>>                          Frederic Jacobs
>>>>                          Christopher A. Wood
>>>>  Filename        : draft-irtf-cfrg-rsa-blind-signatures-06.txt
>>>>  Pages           : 31
>>>>  Date            : 2022-11-21
>>>> 
>>>> Abstract:
>>>>   This document specifies an RSA-based blind signature protocol.  RSA
>>>>   blind signatures were first introduced by Chaum for untraceable
>>>>   payments [Chaum83].  It extends RSA-PSS encoding specified in
>>>>   [RFC8017] to enable blind signature support.
>>>> 
>>>> Discussion Venues
>>>> 
>>>>   This note is to be removed before publishing as an RFC.
>>>> 
>>>>   Source for this draft and an issue tracker can be found at
>>>>   https://github.com/chris-wood/draft-wood-cfrg-blind-signatures.
>>>> 
>>>> 
>>>> The IETF datatracker status page for this draft is:
>>>> https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/
>>>> 
>>>> There is also an HTML version available at:
>>>> https://www.ietf.org/archive/id/draft-irtf-cfrg-rsa-blind-signatures-06.html
>>>> 
>>>> A diff from the previous version is available at:
>>>> https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-rsa-blind-signatures-06
>>>> 
>>>> 
>>>> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
>>>> 
>>>> 
>>>> _______________________________________________
>>>> CFRG mailing list
>>>> CFRG@irtf.org
>>>> https://www.irtf.org/mailman/listinfo/cfrg
>>> _______________________________________________
>>> CFRG mailing list
>>> CFRG@irtf.org
>>> https://www.irtf.org/mailman/listinfo/cfrg
>> 
>> _______________________________________________
>> CFRG mailing list
>> CFRG@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg

v2.46.0 | Report a Bug | By Email | System Status