Re: [Cfrg] Exposing the private key by signing "too many times"
Dan Brown <dbrown@certicom.com> Thu, 14 April 2016 14:44 UTC
Return-Path: <dbrown@certicom.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B60712E458 for <cfrg@ietfa.amsl.com>; Thu, 14 Apr 2016 07:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xv0g2x9uLUDL for <cfrg@ietfa.amsl.com>; Thu, 14 Apr 2016 07:44:47 -0700 (PDT)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by ietfa.amsl.com (Postfix) with ESMTP id C330612D7A5 for <cfrg@irtf.org>; Thu, 14 Apr 2016 07:44:46 -0700 (PDT)
Received: from xct104cnc.rim.net ([10.65.161.204]) by mhs215cnc.rim.net with ESMTP/TLS/AES256-SHA; 14 Apr 2016 12:20:19 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT104CNC.rim.net ([::1]) with mapi id 14.03.0210.002; Thu, 14 Apr 2016 10:44:43 -0400
From: Dan Brown <dbrown@certicom.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Exposing the private key by signing "too many times"
Thread-Index: AQHRlSRL1et0DmKoOUWMBuqTiI0fnp+JjhQf
Date: Thu, 14 Apr 2016 14:44:43 +0000
Message-ID: <20160414144442.5709908.79799.15426@certicom.com>
References: <C33F3EC3-AF92-4BC0-8191-32839135BBBB@vpnc.org>
In-Reply-To: <C33F3EC3-AF92-4BC0-8191-32839135BBBB@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/oZXl1MgTf63Q5cDrrUMuEGiH4gQ>
Subject: Re: [Cfrg] Exposing the private key by signing "too many times"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 14:44:53 -0000
Long ago DSA allowed biased ephemeral secrets, which Bleichenbacher exploited to extract the private key. Not aware of history or survey papers on topic, sorry. Some security proofs may have dependency on number of signatures, but that seems unlikely to lead to a regular belief among 'non-cryptographers'. Intuitively, such a belief could arise naturally: info-theoretically each signature might leak some new small amount of info about the private key. Not related to signatures, but there's also Gallant's attack against static DH :) Is it CFRG's job to educate in such matters? Original Message From: Paul Hoffman Sent: Tuesday, April 12, 2016 9:32 PM To: cfrg@irtf.org Subject: [Cfrg] Exposing the private key by signing "too many times" Greetings again. I regularly hear from non-cryptographers that they once heard that you have to be careful not to sign "too many times" with the same public/private pair because doing so will expose the private key. I'm interested in the history of this belief. Are there any papers about the history of signature algorithms where this might have been true, or papers on the history of this belief? --Paul Hoffman _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Exposing the private key by signing "too m… Paul Hoffman
- Re: [Cfrg] Exposing the private key by signing "t… Phillip Hallam-Baker
- Re: [Cfrg] Exposing the private key by signing "t… Paul Grubbs
- Re: [Cfrg] Exposing the private key by signing "t… Phillip Hallam-Baker
- Re: [Cfrg] Exposing the private key by signing "t… Taylor R Campbell
- Re: [Cfrg] Exposing the private key by signing "t… Manger, James
- Re: [Cfrg] Exposing the private key by signing "t… William Whyte
- Re: [Cfrg] Exposing the private key by signing "t… Aaron Zauner
- Re: [Cfrg] Exposing the private key by signing "t… Dan Brown
- Re: [Cfrg] Exposing the private key by signing "t… Thomas Pornin
- Re: [Cfrg] Exposing the private key by signing "t… David Jacobson
- Re: [Cfrg] Exposing the private key by signing "t… ned+cfrg