Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE
Jim Schaad <ietf@augustcellars.com> Wed, 26 September 2018 23:39 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3764F128CFD for <cfrg@ietfa.amsl.com>; Wed, 26 Sep 2018 16:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JtrsE-DFpQ5 for <cfrg@ietfa.amsl.com>; Wed, 26 Sep 2018 16:39:10 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E82541277BB for <cfrg@irtf.org>; Wed, 26 Sep 2018 16:39:09 -0700 (PDT)
Received: from Jude (192.168.1.157) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 26 Sep 2018 16:34:38 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, cfrg@irtf.org
References: <3B4BE320-418B-4FC1-8427-0EF2F58A0F01@vigilsec.com> <6FD96340-0D8D-44C0-9374-9D7A3F36F967@gmail.com> <27af097a-6769-fcc4-7b28-12c1ea77055a@uni-paderborn.de> <000d01d45041$a8930250$f9b906f0$@augustcellars.com> <a21a5c72-f9e5-2eb7-4144-bdded4c8321d@uni-paderborn.de>, <E7059316-430B-4DE0-A0C7-09A0B6783C0F@ericsson.com> <1537989175802.46714@cs.auckland.ac.nz>
In-Reply-To: <1537989175802.46714@cs.auckland.ac.nz>
Date: Wed, 26 Sep 2018 16:38:38 -0700
Message-ID: <004601d455f2$0eba8b60$2c2fa220$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQEEZp9Jmzqi3dvAEs8tD+EEfxF7UQLPQyI6AbdQ/5ICTiDpsQH6H192AUyORzoBUpiMg6ZHpriA
X-Originating-IP: [192.168.1.157]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/smGTiEUlf3PjQnpobxncN_uNhaw>
Subject: Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 23:39:12 -0000
I may be wrong, but I was under the impression that FDH did not require a source of randomness, just a hash function that would deliver a full n-byte hash. This is highly doable with SHAKE functions. Jim > -----Original Message----- > From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Peter Gutmann > Sent: Wednesday, September 26, 2018 12:14 PM > To: John Mattsson <john.mattsson@ericsson.com>; Saqib A. Kakvi > <saqib.kakvi@uni-paderborn.de>; cfrg@irtf.org > Subject: Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE > > ​John Mattsson <john.mattsson@ericsson.com> writes: > > >If FDH gives better security it should be discussed, but based on your > >comments it is only as secure as PSS. > > Also, given recent results, neither are more secure than good old v1.5: > > https://eprint.iacr.org/2018/855 > > Given that PSS and FDH are much, much more complex to implement than v1.5 > (i.e. more things to go wrong), and require a source of random numbers that > v1.5 doesn't, is there any advantage to using PSS or FDH over just staying with > v1.5? > > Peter. > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] A new MGF for RSA-PSS based on SHAKE Russ Housley
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Saqib A. Kakvi
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Jim Schaad
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Saqib A. Kakvi
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE John Mattsson
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Jim Schaad
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Peter Gutmann
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Scott Fluhrer (sfluhrer)
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Jim Schaad
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Peter Gutmann
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Andy Lutomirski
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE John Mattsson
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE John Mattsson
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE A. Huelsing
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Tibor Jager
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Natanael
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Dang, Quynh (Fed)
- Re: [Cfrg] A new MGF for RSA-PSS based on SHAKE Panos Kampanakis (pkampana)