IETF Logo Mail Archive

Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-06.txt

Christopher Wood <caw@heapingbits.net> Thu, 08 December 2022 17:23 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD169C14CE47 for <cfrg@ietfa.amsl.com>; Thu, 8 Dec 2022 09:23:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=lGa+viiq; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Y6YJPysn
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UEGXLyBOHvc6 for <cfrg@ietfa.amsl.com>; Thu, 8 Dec 2022 09:23:20 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFCF6C14CEEA for <cfrg@irtf.org>; Thu, 8 Dec 2022 09:23:19 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 14CB05C011A; Thu, 8 Dec 2022 12:23:19 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Thu, 08 Dec 2022 12:23:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; t=1670520199; x= 1670606599; bh=J6qv59GKubrNsnir/GNkYtPZSnoPAbemgqQ8Gq9gp4A=; b=l Ga+viiqwv5pCKp9PNcrmalCUXVIvqCaO7YoskD1Jx5pLhOCBgsrhHIXI1xcw2AxS eKUJAeBy5gxXQi4G+Y/D5ZFAkBZE4wsj7+WrMYKXQj2dgrbkeCytwFsA5SlY/aS1 i3s63BHC7T7np66Eqly8SYodC9ePzAGR2l3jppt5p++i6ETxlay0hbeJFZPbBOMK kKi5yvI5cLnxC9xY8B8Xs9onTv1wQNUEG8sv6iwVab4jwiCcwznQ9cyplktpp5Dg O3G0jP55RzkbnXlZvtUL0EhC6pPuorvx6r4sjboI6r0xdiVYLCgMykCLi9hqvMHh TUvp3qpvEKQGUpOsLnWJQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1670520199; x= 1670606599; bh=J6qv59GKubrNsnir/GNkYtPZSnoPAbemgqQ8Gq9gp4A=; b=Y 6YJPysngQPzAvAw3Hb4lyGhZK++5FktaNHLNA9bR5qUurAbDzDokRJ0B0tlafgET OmpwwUnnUnjocVcUJSoem7Q16tgUeZJAGifLYoCWr5I0+x3Dkjyl96Y2he1Wv1xo o4q6oRjOrH/bxcPAbxK7bhiCcd1Nn6cvEXxr7UdOfQQ6AYemYuH1ekepjQvFxcj0 qE901AIri5IGrJM3JW71EMjN4oKbTufKzaYAdeLgczH3X6C8gu/32LVRKQHbGWJN CnvRhhk4c8o6sVvJ9aTyKJ9IiadUZRxXQYUHJVljOGZ3wQFd5K05blFQTFbFbHwk 2AAlYW3kM36LjXz59s1KQ==
X-ME-Sender: <xms:hh2SY7wvhbT54TaRxJKSYqHQKztFKb8bM1PiHuXFtjFuSZ_TkY3l4A> <xme:hh2SYzRX3tbtCMsQ8ir7HZVnvw45gupPY6cVHktWfbFpT8ro4kMW_XTmc5gcPgo24 By-UsO5Qijn0T1XeKY>
X-ME-Received: <xmr:hh2SY1UxVLIRO2nl6iEcNdKpCSOrp-lJUm_MncvYmbPhmhjGvY5cMx22htkh1dPMp2uZA7xhEPnlvSrUuFeHAOl0DVWcCb6Dvg4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvddtgddutdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffvefgkfhfvffosehtqhhmtdhhtddvnecuhfhrohhmpeevhhhr ihhsthhophhhvghrucghohhougcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvghtqe enucggtffrrghtthgvrhhnpeejudfgjedtieehvdeujefhteeihefhgeduheeguddvheek uddvffffheevgfeuveenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhivghtfhdroh hrghdpihhrthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:hh2SY1jLagerEiRBlDbk4IeRVTnwP0BvdaMol3wpyhTdSu3s25QzzQ> <xmx:hh2SY9BojRwKu4WbtzKoJyQxUpl7btCZCkrQ__Rvyu4lYQRbMdzK4w> <xmx:hh2SY-IcB7Xz7mFn2aVBoPa_k-7GA11H7KPGZxeqDWqrS6Ny5NmKkQ> <xmx:hx2SYwpEFFy0QTK7Zkul9D11nmB_6Pl8dPtghBKs1fTuTsB3WueKgg>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 8 Dec 2022 12:23:18 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Christopher Wood <caw@heapingbits.net>
In-Reply-To: <437fb464-dc79-43e4-b448-75ee7bc16abe@betaapp.fastmail.com>
Date: Thu, 08 Dec 2022 12:23:17 -0500
Cc: cfrg@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4D857C60-3D7B-4F63-9372-385AACB079B6@heapingbits.net>
References: <166906886082.62494.8820552099363522855@ietfa.amsl.com> <CAL02cgTHR4HLe2iOu3D3LxsB02DLG7w+pM550moax2=4VuYOFA@mail.gmail.com> <437fb464-dc79-43e4-b448-75ee7bc16abe@betaapp.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/rsAJGswNeFDc_r2mf49bGRilS6I>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2022 17:23:24 -0000

Thanks for the review, Martin. All editorial issues have been addressed in the latest version of the document, including the way we walk about message randomization. Can you please confirm that the latest version addresses your comments?

Best,
Chris

> On Nov 23, 2022, at 8:13 PM, Martin Thomson <mt@lowentropy.net> wrote:
> 
> Chris asked me to look at this document.
> 
> Overall, this looks good.  I had a few editorial issues, which I've opened issues or pull requests for.  However, I found an editorial issue that is worth raising here:
>  https://github.com/cfrg/draft-irtf-cfrg-blind-signatures/issues/148
> 
> Sections 5 and 6 introduce message randomness requirements that don't seem to be very well contextualized.  I think that this stems from some unstated assumptions about the application domain.  Being a little more deliberate about how this scheme might be applied could go some way to making this sudden addition of a random suffix on messages understandable.
> 
> One consequence of this is that you might think, from reading up to Section 4, that you could send a message with an RSASSA-PSS label attached to it and the recipient doesn't need to care that it was generated using this process.  However, it is not clear to me now whether that would be a sensible thing to do, due to the entropy requirements imposed by the attacks referenced in Section 8.3.  Of course, adding 32 bytes of randomness to messages - the recommended approach - means that the recipient really does need to know that this has happened, or it might question what those 32 bytes mean.
> 
> On Wed, Nov 23, 2022, at 14:10, Richard Barnes wrote:
>> Thanks, authors.  I reviewed this version, and it addresses my RGLC comments. 
>> 
>> On Mon, Nov 21, 2022 at 17:15 <internet-drafts@ietf.org> wrote:
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the Crypto Forum RG of the IRTF.
>>> 
>>>        Title           : RSA Blind Signatures
>>>        Authors         : Frank Denis
>>>                          Frederic Jacobs
>>>                          Christopher A. Wood
>>>  Filename        : draft-irtf-cfrg-rsa-blind-signatures-06.txt
>>>  Pages           : 31
>>>  Date            : 2022-11-21
>>> 
>>> Abstract:
>>>   This document specifies an RSA-based blind signature protocol.  RSA
>>>   blind signatures were first introduced by Chaum for untraceable
>>>   payments [Chaum83].  It extends RSA-PSS encoding specified in
>>>   [RFC8017] to enable blind signature support.
>>> 
>>> Discussion Venues
>>> 
>>>   This note is to be removed before publishing as an RFC.
>>> 
>>>   Source for this draft and an issue tracker can be found at
>>>   https://github.com/chris-wood/draft-wood-cfrg-blind-signatures.
>>> 
>>> 
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/
>>> 
>>> There is also an HTML version available at:
>>> https://www.ietf.org/archive/id/draft-irtf-cfrg-rsa-blind-signatures-06.html
>>> 
>>> A diff from the previous version is available at:
>>> https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-rsa-blind-signatures-06
>>> 
>>> 
>>> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
>>> 
>>> 
>>> _______________________________________________
>>> CFRG mailing list
>>> CFRG@irtf.org
>>> https://www.irtf.org/mailman/listinfo/cfrg
>> _______________________________________________
>> CFRG mailing list
>> CFRG@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
> 
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

v2.46.0 | Report a Bug | By Email | System Status