[Cfrg] Reference for hash substitution attack against RSASSA-PSS and its mitigation

Mike Jones <Michael.Jones@microsoft.com> Fri, 02 June 2017 20:06 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF862128BBB for <cfrg@ietfa.amsl.com>; Fri, 2 Jun 2017 13:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFKnOAjK09_9 for <cfrg@ietfa.amsl.com>; Fri, 2 Jun 2017 13:06:27 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0118.outbound.protection.outlook.com [104.47.36.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF0712954D for <cfrg@irtf.org>; Fri, 2 Jun 2017 13:06:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zdLyDHK4AawmkxsiI+tfCj1Dylt3JXyqSRE75FIh9LQ=; b=o43VyS59y5c3nrXmnoz6rJe7NVR7DDfzfAjw1uYM2fAePoh8md290vIfPmnFUlQNZns/VrARMO32wS39zEtPWdXLtqUvMZ9/kHBg+OLiY2ae+TE8AbPREurVR2YT3gNRLXUuJ++ynUd4u9xPZwXgJ++Ol1vmJH3wp8JSUAAwKTA=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0151.namprd21.prod.outlook.com (10.173.189.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.1; Fri, 2 Jun 2017 20:06:25 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.1157.006; Fri, 2 Jun 2017 20:06:25 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
CC: Steve KENT <steve.kent@raytheon.com>
Thread-Topic: Reference for hash substitution attack against RSASSA-PSS and its mitigation
Thread-Index: AdLb26Zx24x4lnXmRNe6X+ajH2VGUA==
Date: Fri, 2 Jun 2017 20:06:25 +0000
Message-ID: <CY4PR21MB050485ED3B9A02F48EC2E81EF5F70@CY4PR21MB0504.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetBy=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-06-02T13:06:19.6021399-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8:4::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0151; 7:++3f8AQXI8LblUKUwYu0qICcmTRDvO6p0vKifinTI0Ksfcz/+rymG16vb6gES/ymZHvbtP2nKZX7aDqTiSI12Bb6ZKjR650iGEaGgeTv9LvWCn46TqyccfW5YQgNmRYujGo702fKzwMZHKHCKNX7m8Fj4M3Kq6mZzjCY6tXwpiNrKXtWXLPCk0iTPSzGxe4AkmewW6uJW3ylIyV+5ujfjB0AMdKTyroAJ0Vri2i5/vxeHOYt11sFrK4vZV2fPyqzBxpUTecopvY2n1/T2dusHB60v+Xee1+nW5VNb/OHq/T30Ee7hJSrw7l2u/69jiJGqmLRhBNBGahP3PYrCzO88SFlHPOeCE3u/nwE6D/BL34=
x-ms-traffictypediagnostic: CY4PR21MB0151:
x-ms-office365-filtering-correlation-id: 2bd67771-dc8a-41a4-c020-08d4a9f2d954
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR21MB0151;
x-microsoft-antispam-prvs: <CY4PR21MB01512AA6B665021576D1F4B8F5F70@CY4PR21MB0151.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123562025)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0151; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0151;
x-forefront-prvs: 03264AEA72
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39450400003)(39860400002)(39400400002)(39850400002)(39410400002)(5630700001)(53936002)(2906002)(5660300001)(3280700002)(3660700001)(86612001)(74316002)(33656002)(7736002)(25786009)(86362001)(54896002)(10090500001)(6306002)(6506006)(77096006)(5640700003)(4326008)(5005710100001)(6916009)(8990500004)(9686003)(99286003)(6436002)(55016002)(2351001)(1730700003)(81156014)(81166006)(54356999)(8936002)(8676002)(122556002)(2900100001)(558084003)(50986999)(10290500003)(14454004)(72206003)(2501003)(110136004)(38730400002)(6116002)(102836003)(189998001)(790700001)(7696004)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0151; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB050485ED3B9A02F48EC2E81EF5F70CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2017 20:06:25.7280 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0151
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/p11bCBYSxrcW1YBTUoDkhpvnCf0>
Subject: [Cfrg] Reference for hash substitution attack against RSASSA-PSS and its mitigation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 20:06:30 -0000

Is there a paper that describes the theoretical hash substitution attacks against RSASSA-PSS and how they are mitigated?

                                                                Thanks,
                                                                -- Mike