[CFRG] Re: Adoption Call: Partially Blind RSA Signatures
Kevin Yeo <kwlyeo@google.com> Wed, 21 August 2024 21:32 UTC
Return-Path: <kwlyeo@google.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7C5DC180B67 for <cfrg@ietfa.amsl.com>; Wed, 21 Aug 2024 14:32:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.607
X-Spam-Level:
X-Spam-Status: No, score=-22.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NyogMrWEq_KM for <cfrg@ietfa.amsl.com>; Wed, 21 Aug 2024 14:32:34 -0700 (PDT)
Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FCD8C137367 for <cfrg@irtf.org>; Wed, 21 Aug 2024 14:32:34 -0700 (PDT)
Received: by mail-vs1-xe2e.google.com with SMTP id ada2fe7eead31-498d14b9b8cso44108137.3 for <cfrg@irtf.org>; Wed, 21 Aug 2024 14:32:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1724275953; x=1724880753; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9XiCNnBabTMtSvUw2eBcNNfr0b8mclrX07TkVnQ6bAo=; b=oO/iTBWPCASLFurKB6M5dEuvfIACDfFN2Frt9xLMb25jjyxnpJFwv9MbFoFbQcmn8Y A4XKcYLnToWHOlox1CLlTt6nX3e0S65Rh+1ndr82iplGxYktvs8dToyLgGoY6GyWVoNb a2GnBRBQgpdK9aMSYTUTIz/p4tcV3ntYeOUiv8iLTlJ1OjiQx1wuEkNJs3BoYIDLQkJ7 jTGdm8KXUrG/9P4ON3Q24ddSIacl6Jg85NIeiq+W4bGHfApiLUXTteDz7shTG1pilINa k0YY9YzfI3SCtdZx8qHHocS0UljNPbHoLcR7tDH5gKM2ETqxfsyRE7ROHTwt2d/4vg+R wJcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724275953; x=1724880753; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9XiCNnBabTMtSvUw2eBcNNfr0b8mclrX07TkVnQ6bAo=; b=d/5kl6StqVG/zC1KY1oA6xQyofVhLT8fyk8H8TUdj86+FVlgYU4LEujzihgJopPNVz mpY/MGoIOZzmvkjNOxP2mw0NyEi6d8JDEXz7arT3exO36GoyMss5lFtRnil+2gsQYpEU TFhM2wWECczURqot+a7nh2QKZ2i/uCJAvLgWsb9yyrZs/72mkBqi0lFMqSk7ncHU58K6 OMNEMjcFBesnhnLneHOo3wyEQLnue2nJ65EubKM4TZ9+YijIzVHrM6Ks3eAYA+TvO+mZ bLpuE6p7Ay/gbmWfpMzGARJuxaOGXKTJdXyF3neiiAPm/jTXItjZcvI7YRof2tpl3hdX O7UQ==
X-Forwarded-Encrypted: i=1; AJvYcCXXQUNU7lxhN9NytZErdBYdtUsxZICM0yxUK9Q2dUGKwPBkO13kliPUBfNKQx+VfSnUeJqe@irtf.org
X-Gm-Message-State: AOJu0YziMU8DWMpxmtuo9gD2jdvlninxgUbbzZIZhr2HsCpI7atfsX22 GqljG5D9z3tJWyBhnlZZDdyQfS2z5eQi1IfQEJG7Tm6JL85oAdpnC3g4hnECvY2H7KPr00/7DBi XUsOtiyCuP0OQ8l5/KE2BC8XlaANR+9N9ARjo
X-Google-Smtp-Source: AGHT+IExfRjXOnEDFu6QzDwKfyXmncHHBxC0ooi/nO6a+z44Me/Ppx2rqlnY7Q4Y5f+jsbYomD1tiLmevtsO44rs1FI=
X-Received: by 2002:a05:6102:2ad5:b0:48f:e62f:8863 with SMTP id ada2fe7eead31-498d3dea2fdmr4411183137.2.1724275953129; Wed, 21 Aug 2024 14:32:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAMr0u6=Q2FGZeoZKMpNiBV+osFkvEWLDRQDsp5xCOdmXTULb+w@mail.gmail.com> <CAFzKZmz134cTEEv2huCp66rECMVMGSRKFauFhj+Ze_zbf-cZbA@mail.gmail.com>
In-Reply-To: <CAFzKZmz134cTEEv2huCp66rECMVMGSRKFauFhj+Ze_zbf-cZbA@mail.gmail.com>
From: Kevin Yeo <kwlyeo@google.com>
Date: Wed, 21 Aug 2024 17:32:20 -0400
Message-ID: <CAK68sXoo+DqQKzw2=ngx9tOShfZODu+WPLu0VgG-MW5hZP9P_Q@mail.gmail.com>
To: Chris Barber <cbarbernash@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000aeb6a90620384761"
Message-ID-Hash: 44A2R25NSIVJOYYUQS7RH43JRGGT2X7Q
X-Message-ID-Hash: 44A2R25NSIVJOYYUQS7RH43JRGGT2X7Q
X-MailFrom: kwlyeo@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: CFRG <cfrg@irtf.org>, cfrg-chairs@ietf.org, draft-amjad-cfrg-partially-blind-rsa@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: Adoption Call: Partially Blind RSA Signatures
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/iyGrPrxE1jLrD6_DU1fC9ImzSME>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hi Chris, This particular protocol was chosen as it is a two-move, pairing-free partially blind signature. Two-move protocols enable each blind signing protocol to be executed in a single roundtrip between the user and signer. In contrast, the partially blind signatures that you linked (Tessaro-Zhu and Kastner-Loss-Xu) are both three-move protocols. In practice, this means that the blind signing protocol requires two rounds between the user and signer that may be prohibitive in many applications. One more reason that two-move protocols are more desirable is that their security is the same in both the sequential and concurrent models (this is known to be false for three-move protocols). See https://eprint.iacr.org/2022/895.pdf for further details on concurrent security for two-move blind signatures. Best, Kevin On Wed, Aug 21, 2024 at 1:03 PM Chris Barber <cbarbernash@gmail.com> wrote: > Hi everyone, > > I’m curious why we should adopt this particular protocol, and whether > moving away from RSA might be a better path forward for new protocols. > > The Tessaro-Zhu [1] and Kaster-Loss-Rosenberg-Xu [2] protocols are more > efficient, and the concurrency concerns in the Abe–Okamoto protocol could > likely be addressed. > > [1] https://eprint.iacr.org/2022/047 > [2] https://eprint.iacr.org/2020/1071 > > On Fri, Aug 16, 2024 at 11:24 AM Stanislav V. Smyshlyaev < > smyshsv@gmail.com> wrote: > >> Dear CFRG participants, >> >> This message is starting 3 weeks adoption call on "Partially Blind RSA >> Signatures" draft, draft-amjad-cfrg-partially-blind-rsa ( >> https://datatracker.ietf.org/doc/draft-amjad-cfrg-partially-blind-rsa/) >> that will end on September 6th 2024. >> >> Please send your feedback in reply to this email or directly to CFRG >> chairs <cfrg-chairs@ietf.org> <cfrg-chairs@ietf.org>. >> >> Best regards, >> Stanislav (for CFRG chairs) >> _______________________________________________ >> CFRG mailing list -- cfrg@irtf.org >> To unsubscribe send an email to cfrg-leave@irtf.org >> > _______________________________________________ > CFRG mailing list -- cfrg@irtf.org > To unsubscribe send an email to cfrg-leave@irtf.org >
- [CFRG] Adoption Call: Partially Blind RSA Signatu… Stanislav V. Smyshlyaev
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Christopher Patton
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Steven Valdez
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Sofia Celi
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… David Schinazi
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Tommy Pauly
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Chris Barber
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Kevin Yeo
- [CFRG] Re: Adoption Call: Partially Blind RSA Sig… Stanislav V. Smyshlyaev