Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream

"Martin Thomson" <> Mon, 20 January 2020 04:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5299F120077 for <>; Sun, 19 Jan 2020 20:28:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=fHVazfn1; dkim=pass (2048-bit key) header.b=dpF0YeRa
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eseHbSK_a8Vl for <>; Sun, 19 Jan 2020 20:28:26 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6722012003E for <>; Sun, 19 Jan 2020 20:28:26 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 6B9C121B8C for <>; Sun, 19 Jan 2020 23:28:24 -0500 (EST)
Received: from imap2 ([]) by compute1.internal (MEProxy); Sun, 19 Jan 2020 23:28:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=ZZ5Om 4ZRDQ/4btrO/9ELK8Kkb6+jQ4YyHimUfpzfulY=; b=fHVazfn1E4CXqGO/mNXYt 2O5RLnk5ci2JkEtX/9nURBVouIQpJ6OrXwzmTytW5/hmTIabMKyA/oxarcRGQjp2 JlMSrFZ+LQ9eYfPa7GEk2kk9Kz6Ticd+CfDI4L7im3sQfuokCG/qQ3h9qa9q1r+3 FMrCxEdWCAbu8FSpybSBPB8/W8fDE9YBn5gRiYac8/yVl4rrRB2ro5b778WiFC4g yIvGrN1pmxjKUxL0wsCzRtJrwX8Sfl/gGn7/I+LYlGLPnXn13qZ/qt6FaLLXjaeT /PD0MWYV58H1W8mgHNDt1szBaZSC7rHums6sdmRPk01BO6qK0Sa8ZZyMdN1d9IcL A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=ZZ5Om4ZRDQ/4btrO/9ELK8Kkb6+jQ4YyHimUfpzfu lY=; b=dpF0YeRaVppHzUXdMnqVN/8CfgsqIFR+IuoMPg5uqQr/LM+cfzlxtRBzw lLbQiEklceIaPOq6XQx8H3Tj+Zr4fQHU9+mOse1Rs6/mBVxdpkbgUESPOCI46Iqm lcHofX1OwjmSWS6DgOA28SeVMWE+3JKA9xRhLXwO6DiBTieK0szgsyhrOIUPZWTM nqoaBhnQ4Pu6u+OvvqEGrJKIj6opDS5U9rp1G00qZpeq9kCI5EKyOy+QujzHZhrn VpXWzD9v4LIKJV0/ODrzKDDzeSKe89wj3b/fst+InfxRM2CcL0D1QABq20XNfFoZ LLjBp/Ldg38jEPmicePoxR40yOm+w==
X-ME-Sender: <xms:aCwlXu8vESX4AfMOGLQVwYjpu5LPOoLn9oxNNb4coWDtkGdIqjHr7Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeggdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinhepvghthhiirdgthhenucfrrghrrg hmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhushht vghrufhiiigvpedt
X-ME-Proxy: <xmx:aCwlXmV-kB_IRpUKk5mp2GgBy0wTFzvXhvsYduUv1fs4g9IVbCQq2Q> <xmx:aCwlXhqKmetWfLm1kJJfHk5ZU3JZ9Xt-nAZC3sa-bZfhgX-vvK9Lwg> <xmx:aCwlXgnn97FPVcyV-TWhIjcFKKIc6RS-M7jW7MVvQ2EujDyzmkyhEw> <xmx:aCwlXtD3n0gPW1SO3-oMd0L7cpwyFr-xb-82YPTzWpG824W_cxCKPA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 067F7E00A5; Sun, 19 Jan 2020 23:28:24 -0500 (EST)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-754-g09d1619-fmstable-20200113v1
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <> <>
Date: Mon, 20 Jan 2020 15:28:02 +1100
From: "Martin Thomson" <>
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Jan 2020 04:28:28 -0000

As a matter of formality, publication on the Independent Submissions Stream wouldn't constitute a blessing by the CFRG, the IETF, or anyone aside.  The only blessing comes from from maybe the ISE within the bounds of that stream.

Let's say that this is "bad crypto" in the sense that it isn't demonstrably good.  It is the purpose of the Independent Submissions Stream to occasionally publish dissenting views where the ISE believes that there is sufficient benefit from doing so.  So the question we might ask is: is there any benefit to having this particular mechanism documented?

If this were widely-deployed not-good crypto, that might change the situation, but the potential for harm in terms of misunderstanding the status of the mechanism seems significant enough to argue for not publishing even then.  In my view.  But, as ISE, that is Adrian's choice and Adrian's choice alone.

I don't particularly like this situation, but that is the price the IETF community previously decided to pay in return for having an outlet for dissenting opinions on its proceedings and outputs.  It's also a very divisive issue where there is not universal agreement about either the value of the outlet or the constraints under which it operates.

On Mon, Jan 20, 2020, at 09:25, Paterson  Kenneth wrote:
> Hi Adrian,
> I'm no longer a CFRG chair so I can say exactly what I think now :-)
> I don't think CFRG should "bless" any draft concerning the WalnutDSA 
> scheme. Notably, this algorithm did not pass to the second round in the 
> NIST competition due to the significant cryptanalysis that it suffered 
> from prior to and in the early stages of the competition. 
> It may be that the proposers of this algorithm are able to avoid all 
> currently known attacks by setting parameters carefully, and through 
> extensive modifications to the scheme. But the scheme's history does 
> not inspire confidence. Moreover, my strong sense is that serious 
> cryptanalysts have stopped working on it simply because it did not pass 
> to the second round (put another way, they successfully killed it in 
> the first round).
> Best wishes,
> Kenny
> -- 
> Kenny Paterson
> Applied Cryptography Group
> ETH Zurich, Computer Science Dept.
> Universitätstrasse 6, CNB E 104.2
> CH-8092 Zurich
> tel. +41 44 632 32 52
> -----Original Message-----
> From: Cfrg <> on behalf of "RFC ISE (Adrian 
> Farrel)" <>
> Reply to: "" <>
> Date: Sunday, 19 January 2020 at 22:55
> To: "" <>
> Cc: "" 
> <>rg>, Adrian Farrel 
> <>
> Subject: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent 
> Stream
>     Hi CFRG,
>     Derek Atkins has presented draft-atkins-suit-cose-walnutdsa to me for
>     publication as an Independent Submission Informational RFC.
>     I think this is the sort of draft that would benefit from the CFRG's
>     wisdom and would appreciate any reviews or guidance that you're able to
>     give.
>     The latest version of the draft can be found at
>     If you could cc me on any discussions (or send them off list) that would
>     be helpful.
>     Many thanks,
>     Adrian
>     -- 
>     Adrian Farrel (ISE),
>     _______________________________________________
>     Cfrg mailing list
> _______________________________________________
> Cfrg mailing list