IETF Logo Mail Archive

Re: [Cfrg] Exposing the private key by signing "too many times"

Dan Brown <dbrown@certicom.com> Thu, 14 April 2016 14:44 UTC

Return-Path: <dbrown@certicom.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B60712E458 for <cfrg@ietfa.amsl.com>; Thu, 14 Apr 2016 07:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xv0g2x9uLUDL for <cfrg@ietfa.amsl.com>; Thu, 14 Apr 2016 07:44:47 -0700 (PDT)
Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by ietfa.amsl.com (Postfix) with ESMTP id C330612D7A5 for <cfrg@irtf.org>; Thu, 14 Apr 2016 07:44:46 -0700 (PDT)
Received: from xct104cnc.rim.net ([10.65.161.204]) by mhs215cnc.rim.net with ESMTP/TLS/AES256-SHA; 14 Apr 2016 12:20:19 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT104CNC.rim.net ([::1]) with mapi id 14.03.0210.002; Thu, 14 Apr 2016 10:44:43 -0400
From: Dan Brown <dbrown@certicom.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Exposing the private key by signing "too many times"
Thread-Index: AQHRlSRL1et0DmKoOUWMBuqTiI0fnp+JjhQf
Date: Thu, 14 Apr 2016 14:44:43 +0000
Message-ID: <20160414144442.5709908.79799.15426@certicom.com>
References: <C33F3EC3-AF92-4BC0-8191-32839135BBBB@vpnc.org>
In-Reply-To: <C33F3EC3-AF92-4BC0-8191-32839135BBBB@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/oZXl1MgTf63Q5cDrrUMuEGiH4gQ>
Subject: Re: [Cfrg] Exposing the private key by signing "too many times"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 14:44:53 -0000

Long ago DSA allowed biased ephemeral secrets, which Bleichenbacher exploited to extract the private key.

Not aware of history or survey papers on topic, sorry.

Some security proofs may have dependency on number of signatures, but that seems unlikely to lead to a regular belief among 'non-cryptographers'.

Intuitively, such a belief could arise naturally: info-theoretically each signature might leak some new small amount of info about the private key.

Not related to signatures, but there's also Gallant's attack against static DH :)

Is it CFRG's job to educate in such matters?

  Original Message
From: Paul Hoffman
Sent: Tuesday, April 12, 2016 9:32 PM
To: cfrg@irtf.org
Subject: [Cfrg] Exposing the private key by signing "too many times"


Greetings again. I regularly hear from non-cryptographers that they once
heard that you have to be careful not to sign "too many times" with the
same public/private pair because doing so will expose the private key.
I'm interested in the history of this belief. Are there any papers about
the history of signature algorithms where this might have been true, or
papers on the history of this belief?

--Paul Hoffman

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email