Re: [Cfrg] Big-key cryptography
Aaron Zauner <azet@azet.org> Tue, 15 December 2015 12:48 UTC
Return-Path: <azet@azet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF68C1A8877 for <cfrg@ietfa.amsl.com>; Tue, 15 Dec 2015 04:48:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbOogQN3JdSr for <cfrg@ietfa.amsl.com>; Tue, 15 Dec 2015 04:48:36 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11E3A1A8871 for <cfrg@irtf.org>; Tue, 15 Dec 2015 04:48:36 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id n186so163267417wmn.1 for <cfrg@irtf.org>; Tue, 15 Dec 2015 04:48:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=BesvP0MwwCBVBGhmhYTCPc8nxzsvkiLBBtzUt4VvZIk=; b=Am6sGooA5XVMCARCJXFOySNUypGlX3M5s/GU0K4VgIGu3lGBErDU4rrrpyerdf+kN6 07TPx1/2r8c6BgZpdFruLS8X/x2DcL2VwxctnhkbTwtfqOSsTIH0khVBwmpl3qUEXJhG VIupNWfahiPzoQJ9tt6WlomPqfSYHoBNw50Nk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=BesvP0MwwCBVBGhmhYTCPc8nxzsvkiLBBtzUt4VvZIk=; b=KEQYX/Bk3rgrO+rLVFyfURKwjrOBSrTTJEem2DC3+MxeLKq7TxXl4ye5SCqJwaXod6 wjeqp+xJLf7SmX1MF9LKcA3hs5Ki0NqUgZH0wBBea4CTDWhQd2wTyw+GCPUQEd7On0lP m5tfRWzXKB/U++IGUMtqfSreSX+5WRW9y0lu1OcvAuC7NiSJyumvtE1Auqhy+gKmGg2D ar7VZizNbGbkewD7U6C598zeFwT16yfArhuHOSfTxqamglAQdZkjmPWVmcgydUcM7wvv 1MRNK/qyQ8f4pzCO8M2g7CinLVyZ5N4zB16fIIZQRnw91KmM4zbxVm6MGoCjrIsqU2qA ZO/Q==
X-Gm-Message-State: ALoCoQnf5abnT5wvVhc5TUdTdVtLvTm9Dp0Rch8b7PYTcuTkI86Dgr7Ko8NT6CRi/DrpOfOdVyz/s0Uf1Gs8OLQLX3i+pmlBTA==
X-Received: by 10.28.133.8 with SMTP id h8mr4559854wmd.71.1450183714442; Tue, 15 Dec 2015 04:48:34 -0800 (PST)
Received: from [192.168.1.111] ([41.232.117.184]) by smtp.gmail.com with ESMTPSA id q4sm1317513wja.6.2015.12.15.04.48.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Dec 2015 04:48:33 -0800 (PST)
Message-ID: <56700C1C.9070902@azet.org>
Date: Tue, 15 Dec 2015 13:48:28 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Grigory Marshalko <marshalko_gb@tc26.ru>
References: <566C3791.2050705@azet.org> <5669F8AF.2000008@azet.org> <bcbd3d10ecc43f8bd1e302f095a2ade0@mail.tc26.ru> <803c5559d8b8b2d6853c066ee906355c@mail.tc26.ru> <51b7ad9ad4199cff7e1538ded64193c3@mail.tc26.ru>
In-Reply-To: <51b7ad9ad4199cff7e1538ded64193c3@mail.tc26.ru>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig2F159F4D126D48C92B405336"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/sXpwAuugHWwamwXFu9Jy0vrz3f4>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Big-key cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 12:48:38 -0000
Hi Grigory, See also Ryan's reply. Grigory Marshalko wrote: > Hi Aaron, > > I mean that when we speak about key generation we should always control the amount of entropy. So the bigger the key the more entropy we need. That is the main problem in this approach - how to generate the initial key/state (By pool I mean entropy pool like in Fortuna RBG). > Regards, Generation of "randomness" is not really a big issue anymore (at least on Linux - probably pretty similar on other Operating Systems). These days modern Intel Chips come with a RDRAND instruction that is mixed into the pool (with many other inputs, e.g. IRQs). RDRAND ``` The RDSEED instruction was added to Intel Secure Key for seeding another pseudorandom number generator,[16] available in Broadwell CPUs. The entropy source for the RDSEED instruction runs asynchronously on a self-timed circuit and uses thermal noise within the silicon to output a random stream of bits at the rate of 3 GHz. ``` -- https://en.wikipedia.org/wiki/RdRand If you're really clever you could do something like how BoringSSL seeds: ``` TLS servers that are pushing lots of AES-CBC need the RNG to be really fast because each record needs a random IV. Because of this, if BoringSSL detects that the machine supports Intel's RDRAND instruction, it'll read a seed from urandom, expand it with ChaCha20 and XOR entropy from RDRAND. The seed is thread-local and refreshed every 1024 calls or 1MB output, whichever happens first. ``` -- https://www.imperialviolet.org/2015/10/17/boringssl.html HTH, Aaron
- [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Dan Brown
- Re: [Cfrg] Big-key cryptography Natanael
- Re: [Cfrg] Big-key cryptography Alexandre Anzala-Yamajako
- Re: [Cfrg] Big-key cryptography Paul Grubbs
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Dan Brown
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Ryan Carboni
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Hanno Böck
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] [MASSMAIL]Re: Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Alexandre Anzala-Yamajako
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Aaron Zauner