Re: [CFRG] Handling the errata for RFC 7748
Benoît Viguier <b.viguier@cs.ru.nl> Thu, 10 December 2020 08:52 UTC
Return-Path: <b.viguier@cs.ru.nl>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F383A0B1D for <cfrg@ietfa.amsl.com>; Thu, 10 Dec 2020 00:52:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fdgDkVHSfoSN for <cfrg@ietfa.amsl.com>; Thu, 10 Dec 2020 00:52:15 -0800 (PST)
Received: from smtp1.science.ru.nl (smtp1.science.ru.nl [131.174.16.143]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 666E73A0B16 for <cfrg@irtf.org>; Thu, 10 Dec 2020 00:52:14 -0800 (PST)
Received: from [192.168.2.2] (84-80-216-9.fixed.kpn.net [84.80.216.9]) (authen=benoit) by smtp1.science.ru.nl (8.15.2/5.32) with ESMTPSA id 0BA8qCls001868 for <cfrg@irtf.org>; Thu, 10 Dec 2020 09:52:12 +0100
To: cfrg@irtf.org
References: <CAMr0u6=K4S1WG9+y5PkkwHMdcHDT11TcjX9icb1yxQ14hQV6eQ@mail.gmail.com>
From: Benoît Viguier <b.viguier@cs.ru.nl>
Message-ID: <17eb8736-37f9-2623-7de6-7d8e3ca6bd1e@cs.ru.nl>
Date: Thu, 10 Dec 2020 09:52:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <CAMr0u6=K4S1WG9+y5PkkwHMdcHDT11TcjX9icb1yxQ14hQV6eQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------C77444676E28DD3172A8412A"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/kFqSCbvvlEMmqMnisC3LCKYBAAE>
Subject: Re: [CFRG] Handling the errata for RFC 7748
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 08:52:18 -0000
Dear CFRG, I support this decision. Last Monday, we got the notification that our paper "A Coq proof of the correctness of X25519 in TweetNaCl" [1] got accepted. This paper contains two formally mechanized proofs: - TweetNaCl is correct with respect to the RFC. - and more importantly that *X25519 in the RFC is correct with respect to the original paper by Bernstein* [2]. Regards. [1]: https://benoit.viguier.nl/files/tweetverif.pdf <https://benoit.viguier.nl/files/tweetverif.pdf> [2]: https://cr.yp.to/ecdh/curve25519-20060209.pdf <https://cr.yp.to/ecdh/curve25519-20060209.pdf> On 12/10/20 7:50 AM, Stanislav V. Smyshlyaev wrote: > Dear CFRG, > > There are three reported errata for RFC 7748: > https://www.rfc-editor.org/errata/eid5568 > <https://www.rfc-editor.org/errata/eid5568> > https://www.rfc-editor.org/errata/eid5651 > <https://www.rfc-editor.org/errata/eid5651> > https://www.rfc-editor.org/errata/eid5028 > <https://www.rfc-editor.org/errata/eid5028> > > The third one (5028) is an editorial one, I am sure that it improves > clarity of the text, therefore, I support it without doubt. > > The first one (5568) is a technical one, with a proposal to change one > bit of the input u-coordinate in the hexadecimal representation (to > make it "consistent" with the base 10 representation). However, > the author of 5568 has probably missed that implementations of x25519 > should "mask" that bit after taking a u-coordinate as an input - > therefore, the existing text of RFC does not have any errors there. > This is exactly the result of unclear text that is addressed in the > abovementioned third erratum (5028).Therefore, I would propose to > reject the erratum. > > The second one (5651) notes that the algorithm description has a > mistake in the description (for calculation of z_2). After > implementing the described algorithm myself (with the MAGMA package) > I've obtained the expected numbers. I suspect that the RFC text is OK, > –therefore I would propose to reject the erratum. > > Therefore, I'm planning to approve the third one (5028) and reject the > other two errata (5568 and 5651). > > Regards, > Stanislav > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg -- Kind regards, Benoît Viguier Software Engineer - PhD Student | Cryptography & Formal Methods Radboud University | Mercator 1, Toernooiveld 212 6525 EC Nijmegen, the Netherlands | www.viguier.nl
- [CFRG] Handling the errata for RFC 7748 Stanislav V. Smyshlyaev
- Re: [CFRG] Handling the errata for RFC 7748 Benoît Viguier
- Re: [CFRG] Handling the errata for RFC 7748 Adam Langley
- Re: [CFRG] Handling the errata for RFC 7748 Mike Hamburg
- Re: [CFRG] Handling the errata for RFC 7748 Stanislav V. Smyshlyaev