IETF Logo Mail Archive

[CFRG] Comments on [draft-irtf-cfrg-det-sigs-with-noise-00]

Danny Niu <dannyniu@hotmail.com> Tue, 23 May 2023 02:07 UTC

Return-Path: <dannyniu@hotmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D19A9C14CEFC for <cfrg@ietfa.amsl.com>; Mon, 22 May 2023 19:07:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.222
X-Spam-Level:
X-Spam-Status: No, score=-1.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWoUMZZShmJu for <cfrg@ietfa.amsl.com>; Mon, 22 May 2023 19:07:42 -0700 (PDT)
Received: from JPN01-TYC-obe.outbound.protection.outlook.com (mail-tycjpn01olkn20827.outbound.protection.outlook.com [IPv6:2a01:111:f403:7010::827]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9EADC14CE47 for <cfrg@ietf.org>; Mon, 22 May 2023 19:07:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NtCsij1yXaqwNMQmhkzHLAoQPGmGt0vOJBW/JYoZEeh8XPqdg+h1IU2qWjUGTBf+attpW4xUgIx/7pXdRk4sxe1BPXNZYFfadfiv/EDt2s1PUbiD0Fcn/W+CtCOsOmQ55hC3TCATnFjM/1UVb7bZg0jNheRSKRt31yMxC8vefCVtPeAVzm/1M3lSeV32x2B3FD8ABa+yUkqIpHpycxu9hvBKNNvBElww/5deZnVBrYjEy7KpK0NmkF5FSB/HwgjXfhv3Ju+dwfSATl/I/I3TL8wVTwC/0N7NkST/tXZZFB7iM2cHwyi2Smb8amxL0TILBdDnhI20/GVprCTfzc+Xyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PC5Lq6lK1xbvXH7tqnGYY0rsreQ2dfBxqolJ1VGgDl8=; b=Blzj2m5BjnQ6nZwOTKTwPZfi0QJPeNbQGDl+vUe4ntgOcn38ERAW8XuPZ4LlCe+pk4ySXyVcf+Uz2l8NjhiBKrSzP1GAg7XciimC27Xh2hcZFSr7weNYFDbg7ZnKmeTHh3XsJQMvs65njjwgW5zm6WJv9v4RmCZVdPN3lExYiIQUkLcQGhCB7FSJcfC38NBfH4DzH9R/QpcbMON4m+9UYvyw1UfbKz9WWzh8NmrCG1VUGAgIJu/FCCDrdzVxeF1XWOgh0waUXVAEydm5mrZhAVKhIhEZDK8V69YDat6vNUoQew+OyCXrtwEToQuZ6wU68hbDwUVC7aIqFgaY8ChBLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PC5Lq6lK1xbvXH7tqnGYY0rsreQ2dfBxqolJ1VGgDl8=; b=NcbjM8mZfTtigyuOO6shZ3ya4zaH6hPgulTZg2v+4XkP/9R2EJN37wBTTSBO3jp8tqWjbaNOaZnUzu5zp52ZfiuUTsAguZjGwfbD4bRwky4koCyEqHEtDA3VX8i6E2sZyEvGvxMoZxFBVgu/wdc24NHmOk09AFy4AVt9M9EtEHGtcxF5r+72q8G7SNonoWn4BkXuteBYtvTfTjFoOjD3mfF4mh6qjiAd+J4etElFcEg9+AhpTF/uFgr+VoWYCJt5ahBNXJnJzwHeU91dS3H4NAs0QmVZeH0MSa+FYCEuzQyvTgBdQuSOAPwQvGn9Gjr+MpLB2SQ1EeDGZmb/4kHwGg==
Received: from OS3P286MB3402.JPNP286.PROD.OUTLOOK.COM (2603:1096:604:20a::13) by TYCP286MB3851.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:439::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29; Tue, 23 May 2023 02:07:37 +0000
Received: from OS3P286MB3402.JPNP286.PROD.OUTLOOK.COM ([fe80::4a9:edc3:5880:1fe5]) by OS3P286MB3402.JPNP286.PROD.OUTLOOK.COM ([fe80::4a9:edc3:5880:1fe5%3]) with mapi id 15.20.6411.029; Tue, 23 May 2023 02:07:37 +0000
From: Danny Niu <dannyniu@hotmail.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: Comments on [draft-irtf-cfrg-det-sigs-with-noise-00]
Thread-Index: AQHZjRmHnTLZoZzNEkuQsuAwFu+qQA==
Date: Tue, 23 May 2023 02:07:37 +0000
Message-ID: <OS3P286MB3402F705CB0B39ADBA9391C0C1409@OS3P286MB3402.JPNP286.PROD.OUTLOOK.COM>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [chMUhKV662jjDFkq+NxmXUDh3CK/GQhF]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: OS3P286MB3402:EE_|TYCP286MB3851:EE_
x-ms-office365-filtering-correlation-id: b4e6f8d1-4830-4208-6c2a-08db5b327b45
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F8dIPrJHXqOvjKIZiO6nfisN5+Wjyhh3g+TjUEsf12miihCun+DYH3bS2fH0WaFELW+dPibPhhohnn8WzappA1MVYEZ3Dkel4pw7zS9O96qM/JFo6yUJnEb0CDlh+mcePtsaB9uwB8XKG8Z+fXBLa5PcI4k/3g66w6Ui3rC0hXCGGiXBfJZKcVQSBWv8yBSI4Re7jtIDACBtSBhU6ZJtZnrNR59QGyxY+VIc3Ph5h871E8zVIGDA2APYlkoyK2WWIWV8jXEovoOI59laKNNhzrd8nKlZry1k7Emz+6dicSPso70EjC7jsSPf71vm76kQzQheZVTgWehJGY41T/Vr498x2jU5AHeugVXHIJdMbgxlezFwTTsi6429Z4cP37QN3csl+zrLpPJxH+rkHwLQGTEIqVmtxNEHdicjZ6hW6YOHTPBqmUSvxiwNT4+A1OWQaAjlx0RKH+HlZoisEH8Rq5TVyYDiwuOXXMDnP5Z48aHcqylcmdELcPjlFebKcku1k7pSjWuC8x0OGIkOvPXQgLwOWH/m60vwU64RFX1yxkA=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: e6GToggOyWGaIja/fgbcQsHLS/rOg3+vuG/+akJBsyHL2TbhmnDVR7emOM1MWth7F9Dehrv/k35FJJRFn5i2Uu+kvIh1uJkMIZXDDyDtpiTzfA726xzkfyfUHJ0VdBvv8YrW2Y0XpYLcTAPkqZdU5ONdlzmGf3z00BKfrAk/T0PF3WqhCowgYpNXziTzbB9GgoTB/iJazqRGHgLZMHwSOhq/YPMktikIlwA7zMyLWWbYhdNTo7F/9e9+chY7POKMMhcqc6+n1RxJTELHu/SuevHgK8JBWBTGiTiAkQCBomAKiBxYCE5QRoI6bteXT40yJbXQPzoR9NWaJC4lD9rQeT5wo9m6msBp68cejjcUWMM8tjDnO8q9nbpMDFi+cwt8pqPp6k2nTYOhSXTaF1pAvWMv3X5xTVQtOwt4/sE48Xnz8u34zyMlfR0EpdPKcEywGc7WDQixSFaykjzsruVJNoZq0tE7+1OgqJ88VxonwBOvv31yj+w9KWmbsK85TwymSwMGXRoicfEGcGVLIrBcG+iVgwAjwHTVB3WRfj/Gh4vA91oMD6uFwTnznOGQLzm0cikqDOgfcpaZ17XPJhA81XkEFqyxG5/7S3duBSKAKZnWyDgQhDtAu/K6CqP5jQer1qxthhgrPjSOtqEPqXgwdEjws3ed67Uk6KhpaqJC1kv27r0Iccrg8tYNpT84p/+w7d732qFtitNEVIK7CwlYjVDEijoXxnu6OKyK+2PTR5Zp1QSnpPX3NLqYMvbCsutkpz9OB0oSMdi+KSprGtrqrC0qx6jlIb6jKueHKYhAlyZIsvYI+Y/krwUttIW6MMJB6kQETbYUClsSLmTccmurftrLA+TQzEmAPRrt3+kiBV8LRbgDVxdNiikO13GL3LJnSaE46ItNRM5oEfCkrni0rv3VRxqIQt3a28Wwt2BrZfYTflJqDzBdPGZ5R2AcEaXHRRtlBPmIJrQd+g2B3RyoslJwbr1rP6iDBeF+mTMP34dv4a76FdQv3mtEfwxplKZx6wjhUrZkMviRSZFGzwwUItCo3hc/crZ5uF5PlxluDZHC7NKP51Z+OGOXo58iyZk8Jhw91XxVE83fT+SZmWUrflJG4FdEBmZgJEIEBBivwzQZ/DT/aQNosOFIJ+AoPOFPwpJdjDgWNYGYg2c/V1O3XWZu62QoDDkFDPA1WHGuCP0KGMyvQuYK6JuuuAHA/bpS
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-05f45.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: OS3P286MB3402.JPNP286.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: b4e6f8d1-4830-4208-6c2a-08db5b327b45
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2023 02:07:37.7439 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB3851
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/mxbQ9N1QXDlS7IdFm4aA5nhN_3c>
Subject: [CFRG] Comments on [draft-irtf-cfrg-det-sigs-with-noise-00]
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2023 02:07:47 -0000

Greetings.

It's been a while since anyone discussed the det-sigs draft, so I wonder if we've formed some kind of consensus on it yet.

I'd like to let the interested parties know that, I've written a experimental C implementation of the draft. If anyone's interested in benchmarking or any kind of testing, I'd love to assist. I've also raised a few implementation-related issue at crypto.stackexchange.com/a/106599/36960 and I'll summarize here:

1. The draft treats ECDSA RNG as a white box and penetrates the PRNG boundary to seed it, which is something NIST specifies not to do. This isn't too big an issue, as there are ways to maintain functionality opacity.

2. The draft underspecifies how to use KMAC when the hash function is SHAKE. The way I prefer is to persuade NIST to specify and approve a permutation-based PRNG and use that instead. However in the interim time, we could add details on how KMAC should be used with HMAC-DRBG, but again, it'll penetrate the PRNG boundary. What's more, KMAC had not been approved for use with HMAC-DRBG yet.

Thanks.

PS: I'm kind of new here (I previously subscribed to the IETF list to discuss some issue with the POSIX sockets API, and left).

v2.23.0 | Report a Bug | By Email