IETF Logo Mail Archive

[Cfrg] Open Issue List for draft-irtf-cfrg-eddsa-06

Jim Schaad <ietf@augustcellars.com> Thu, 11 August 2016 23:48 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C847912D950 for <cfrg@ietfa.amsl.com>; Thu, 11 Aug 2016 16:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qUNQGDsCPs5z for <cfrg@ietfa.amsl.com>; Thu, 11 Aug 2016 16:48:05 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBFEF12D78F for <cfrg@ietf.org>; Thu, 11 Aug 2016 16:48:04 -0700 (PDT)
Received: from hebrews (192.168.1.152) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 11 Aug 2016 17:00:11 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: cfrg@ietf.org
Date: Thu, 11 Aug 2016 16:47:53 -0700
Message-ID: <014901d1f42a$c8e10950$5aa31bf0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdH0Jc47LobkRyyJS9WnfKrzMvTtBg==
Content-Language: en-us
X-Originating-IP: [192.168.1.152]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ugtiedJPueXTbhJcFLBPVH_s1OM>
Subject: [Cfrg] Open Issue List for draft-irtf-cfrg-eddsa-06
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2016 23:48:08 -0000

The following is what I would consider to be on my open issue list for this
draft to get to approval.  I have tried to triage the list according to my
priorities.


High Priority:

1.  Fix the known security issue with EdDSA25519 and EdDSA25119ph:  I have
provided what I consider to be an elegant solution for this with the
modification from Ilari
(https://mailarchive.ietf.org/arch/msg/cfrg/VkBtpUwNIJ1JFAka1NljgBXgwVo)
And I was not the first, but my presentation is slightly different.

Moderate Priority:

1.  Remove the dom function from Ed448ph

Low Priority:

1.  In section 5.1.7, explain the trade-off between the two formulas and why
one is better than the other.

2.  Increase the size of the output of the Ed448ph if the security is not
consistent between the 448 bit curve and the 512 bit hash.  It just looks
odd because Ed25519 also uses a 512 bit pre-hash function.   My guess is
that nothing needs to be done, but an explanation might be useful.

3.  Define the ctx version of EdDSA25519.   It would be nice, esp if we
think that the context version is better even with null contexts, but if we
solve the first issue this can be done later if we decide it is preferable.

I don't care anymore:

1. Change the Ed448ph function to be a hash function rather than an XOR.  It
appears as long as the length is a known constant the two are equivalent for
all intents and purposes.
2. Previous issues that I raised with the python code.  My code is working
it no longer bothers me anymore.


Jim

v2.23.0 | Report a Bug | By Email