IETF Logo Mail Archive

Re: [Cfrg] I-D Action: draft-mcgrew-hash-sigs-13.txt

Daniel Van Geest <Daniel.VanGeest@isara.com> Thu, 06 September 2018 18:16 UTC

Return-Path: <Daniel.VanGeest@isara.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB786130E1A for <cfrg@ietfa.amsl.com>; Thu, 6 Sep 2018 11:16:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCZKg5hW_Ncy for <cfrg@ietfa.amsl.com>; Thu, 6 Sep 2018 11:16:39 -0700 (PDT)
Received: from esa2.isaracorp.com (esa2.isaracorp.com [207.107.152.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5469A130E5C for <cfrg@ietf.org>; Thu, 6 Sep 2018 11:16:39 -0700 (PDT)
Received: from unknown (HELO V0501WEXGPR01.isaracorp.com) ([10.5.8.20]) by ip2.isaracorp.com with ESMTP; 06 Sep 2018 18:16:35 +0000
Received: from V0501WEXGPR01.isaracorp.com (10.5.8.20) by V0501WEXGPR01.isaracorp.com (10.5.8.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Thu, 6 Sep 2018 14:16:35 -0400
Received: from V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba]) by V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba%7]) with mapi id 15.01.1466.003; Thu, 6 Sep 2018 14:16:35 -0400
From: Daniel Van Geest <Daniel.VanGeest@isara.com>
To: "Scott Fluhrer (sfluhrer)" <sfluhrer=40cisco.com@dmarc.ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [Cfrg] I-D Action: draft-mcgrew-hash-sigs-13.txt
Thread-Index: AQHURgd0Wlc1oDVkL0im/uX/5JYnL6TjyDEAgAAr1AA=
Date: Thu, 06 Sep 2018 18:16:35 +0000
Message-ID: <F4D0516F-44CB-4598-85ED-512C0D593371@isara.com>
References: <153625508014.11624.7422048043039435025@ietfa.amsl.com> <006c15b806634cc980aea19ac5a8daa8@XCH-RTP-006.cisco.com>
In-Reply-To: <006c15b806634cc980aea19ac5a8daa8@XCH-RTP-006.cisco.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.5.17.122]
Content-Type: text/plain; charset="utf-8"
Content-ID: <6BFA018AD6F88F4D8602DFB94A1FD707@isara.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/sCgjQ25sLkhvIjYREUMiP_enViE>
Subject: Re: [Cfrg] I-D Action: draft-mcgrew-hash-sigs-13.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2018 18:16:41 -0000

On the topic of options (and the possible addition of more, sorry), Scott wrote this paper https://eprint.iacr.org/2017/811.pdf (Grover's algorithm doesn't parallelize well, so it is possible to truncate hashes and still maintain 128 bits of quantum security).  The results could be used to reduce a Sphincs signature from 41000 bytes to about 23k.  How would it affect HSS signature sizes?

If it has a significant effect, is it worth adding as an option?

What does CFRG think of the paper's results?  Are they worth applying to XMSS or any future hash-based signature algorithms which come through here?

Thanks,
Daniel

On 2018-09-06, 7:40 PM, "Cfrg on behalf of Scott Fluhrer (sfluhrer)" <cfrg-bounces@irtf.org on behalf of sfluhrer=40cisco.com@dmarc.ietf.org> wrote:

    This update provides a set of clarifications and nit-fixes that were requested by reviewers.
    
    It does not address any 'mandatory to implement' issues; nor does it address concerns from IANA (which I'm still not quite sure what they are...)
    
    > -----Original Message-----
    > From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of internet-drafts@ietf.org
    > Sent: Thursday, September 06, 2018 1:31 PM
    > To: i-d-announce@ietf.org
    > Cc: cfrg@ietf.org
    > Subject: [Cfrg] I-D Action: draft-mcgrew-hash-sigs-13.txt
    > 
    > 
    > A New Internet-Draft is available from the on-line Internet-Drafts directories.
    > This draft is a work item of the Crypto Forum RG of the IRTF.
    > 
    >         Title           : Hash-Based Signatures
    >         Authors         : David McGrew
    >                           Michael Curcio
    >                           Scott Fluhrer
    > 	Filename        : draft-mcgrew-hash-sigs-13.txt
    > 	Pages           : 60
    > 	Date            : 2018-09-06
    > 
    > Abstract:
    >    This note describes a digital signature system based on cryptographic
    >    hash functions, following the seminal work in this area of Lamport,
    >    Diffie, Winternitz, and Merkle, as adapted by Leighton and Micali in
    >    1995.  It specifies a one-time signature scheme and a general
    >    signature scheme.  These systems provide asymmetric authentication
    >    without using large integer mathematics and can achieve a high
    >    security level.  They are suitable for compact implementations, are
    >    relatively simple to implement, and naturally resist side-channel
    >    attacks.  Unlike most other signature systems, hash-based signatures
    >    would still be secure even if it proves feasible for an attacker to
    >    build a quantum computer.
    > 
    >    This document is a product of the Crypto Forum Research Group (CFRG)
    >    in the IRTF.
    > 
    > 
    > The IETF datatracker status page for this draft is:
    > https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs/
    > 
    > There are also htmlized versions available at:
    > https://tools.ietf.org/html/draft-mcgrew-hash-sigs-13
    > https://datatracker.ietf.org/doc/html/draft-mcgrew-hash-sigs-13
    > 
    > A diff from the previous version is available at:
    > https://www.ietf.org/rfcdiff?url2=draft-mcgrew-hash-sigs-13
    > 
    > 
    > Please note that it may take a couple of minutes from the time of submission
    > until the htmlized version and diff are available at tools.ietf.org.
    > 
    > Internet-Drafts are also available by anonymous FTP at:
    > ftp://ftp.ietf.org/internet-drafts/
    > 
    > _______________________________________________
    > Cfrg mailing list
    > Cfrg@irtf.org
    > https://www.irtf.org/mailman/listinfo/cfrg
    
    _______________________________________________
    Cfrg mailing list
    Cfrg@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg

v2.31.3 | Report a Bug | By Email | System Status