Re: [Cfrg] FW: New Version Notification for draft-mattsson-cfrg-det-sigs-with-noise-02.txt
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 11 March 2020 16:38 UTC
Return-Path: <prvs=0339343cff=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 38A493A0D4D
for <cfrg@ietfa.amsl.com>; Wed, 11 Mar 2020 09:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001,
SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001]
autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id CbhPnOVA5yB4 for <cfrg@ietfa.amsl.com>;
Wed, 11 Mar 2020 09:38:30 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id F1E433A0D49
for <cfrg@irtf.org>; Wed, 11 Mar 2020 09:38:26 -0700 (PDT)
Received: from LLE2K16-MBX03.mitll.ad.local (LLE2K16-MBX03.mitll.ad.local) by
llmx3.ll.mit.edu (unknown) with ESMTPS id 02BGcNrb039666;
Wed, 11 Mar 2020 12:38:23 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>,
"cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] FW: New Version Notification for
draft-mattsson-cfrg-det-sigs-with-noise-02.txt
Thread-Index: AQHV98N6fVnviP0GFUG+Ojo08zPqcg==
Date: Wed, 11 Mar 2020 16:38:22 +0000
Message-ID: <6FBE7A65-7635-4EBF-A5B1-4FB376D81A73@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.22.0.200209
x-originating-ip: [172.25.1.90]
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha256; boundary="B_3666775102_822246427"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572
definitions=2020-03-11_07:2020-03-11,
2020-03-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0
malwarescore=0
phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.0.1-2002050000 definitions=main-2003110100
Archived-At:
<https://mailarchive.ietf.org/arch/msg/cfrg/ud1x_W-yXYBzHflzj2e2-WR-cMs>
Subject: Re: [Cfrg] FW: New Version Notification for
draft-mattsson-cfrg-det-sigs-with-noise-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
<mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
<mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 16:38:32 -0000
Perfect, *thank you!* On 3/11/20, 12:15 PM, "Cfrg on behalf of John Mattsson" <cfrg-bounces@irtf.org on behalf of john.mattsson=40ericsson.com@dmarc.ietf.org> wrote: Dear CFRG, After the comments on the list I submitted a new version. The changes since -00 are - As suggested Quynh Dang and Uri Blumenthal, the new version replaces the XOR construction with concatenation and places the random value before the message. - As suggested [SBBDS17] and Uri Blumenthal, the new version implements the additional countermeasure to pad with zeroes so that so that the first block is composed only of the hashed private key and the random value, but not the message. - As suggested by Tony Arcieri, the terminology "noise" could be confusing and has been changes to "additional randomness" - Some more text on the construction and benefits with the construction. - Reduced and slightly rewritten discussion section (to be removed in the future) Cheers, John -----Original Message----- From: "internet-drafts@ietf.org" <internet-drafts@ietf.org> Date: Wednesday, 11 March 2020 at 16:11 To: John Mattsson <john.mattsson@ericsson.com>om>, John Mattsson <john.mattsson@ericsson.com>om>, Sini Ruohomaa <sini.ruohomaa@ericsson.com>om>, Erik Thormarker <erik.thormarker@ericsson.com> Subject: New Version Notification for draft-mattsson-cfrg-det-sigs-with-noise-02.txt A new version of I-D, draft-mattsson-cfrg-det-sigs-with-noise-02.txt has been successfully submitted by =?utf-8?q?John_Preu=C3=9F_Mattsson?= and posted to the IETF repository. Name: draft-mattsson-cfrg-det-sigs-with-noise Revision: 02 Title: Deterministic ECDSA and EdDSA Signatures with Additional Randomness Document date: 2020-03-11 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/internet-drafts/draft-mattsson-cfrg-det-sigs-with-noise-02.txt Status: https://datatracker.ietf.org/doc/draft-mattsson-cfrg-det-sigs-with-noise/ Htmlized: https://tools.ietf.org/html/draft-mattsson-cfrg-det-sigs-with-noise-02 Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-cfrg-det-sigs-with-noise Diff: https://www.ietf.org/rfcdiff?url2=draft-mattsson-cfrg-det-sigs-with-noise-02 Abstract: Deterministic elliptic-curve signatures such as deterministic ECDSA and EdDSA have gained popularity over randomized ECDSA as their security do not depend on a source of high-quality randomness. Recent research has however found that implementations of these signature algorithms may be vulnerable to certain side-channel and fault injection attacks due to their determinism. One countermeasure to such attacks is to re-add randomness to the otherwise deterministic calculation of the per-message secret number. This document updates RFC 6979 and RFC 8032 to recommend constructions with additional randomness for deployments where side-channel attacks and fault injection attacks are a concern. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] FW: New Version Notification for draft-mat… John Mattsson
- Re: [Cfrg] FW: New Version Notification for draft… Blumenthal, Uri - 0553 - MITLL