Re: [Cfrg] New Version Notification for draft-komlo-frost-00.txt

Christopher Wood <caw@heapingbits.net> Wed, 19 August 2020 00:11 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72FE63A1047 for <cfrg@ietfa.amsl.com>; Tue, 18 Aug 2020 17:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=YqWK2zQ8; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=K4loC0Uu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScAVbzF_95Nx for <cfrg@ietfa.amsl.com>; Tue, 18 Aug 2020 17:11:18 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A28EF3A1046 for <cfrg@irtf.org>; Tue, 18 Aug 2020 17:11:18 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id D9E4EF79 for <cfrg@irtf.org>; Tue, 18 Aug 2020 20:11:17 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Tue, 18 Aug 2020 20:11:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=4dmzuS+/uE0uMWZE3KYZp7fDxmEPMN2 9lW9O3enBDic=; b=YqWK2zQ8UIjQguvBt3rQn5eI//uumQfeyYpftVDAenGbFxO tLiBlr7NT37LVsDowpFjEWuk9d6uyyWTKFMfRPRbIB+Ver69JNJ1siyBikH+iq1m 3YFrfKTC3HfqwMC7gZ4WGS90fvWrnWlMyUevnJZUBtEHpUEcyKxyOS9bCp2r5dKP pmPW8CjCP32o0n01/0dcMXiG1kt0D+loHQkbNJa16ebBvck+YGEqqSNQlKoG/C7h gSALckXsxPNodt0k26EqnWDKNnUKVBJHQGSHEYqnafacCycA9B0xyUGfwEQWPzrz drXRlUMqx0X/dxv0JPHpGDWr4qf5sKB6/eHcHww==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=4dmzuS +/uE0uMWZE3KYZp7fDxmEPMN29lW9O3enBDic=; b=K4loC0UuLKrAB05tOBPSda heXDOa2Wvc4E6WkDQSpEqhENTVGsfGCJEh0gAttRZZUYXa4cfJq+76QAhJrHWyuv pehZ4HXb9b4CZASsBhGzEP7zUeNBJe+xkmstcM08RPk7haw8RvFJZTEzIaXg4+eY KZJDNb732XVHJTddMOJUOhVtSuCbXEvZLpiSg0MQPs5l+jxM6UlALNvrWJeNnIqI slpZhnlaYgv8sf+ojkKQRfUKyXMF9I5v/TIQ4N5CWQVT2e4ArNggWdZC2Hp+M92L 4cO8KKgg60P49nB9tmTNgv5l+R73llrt/MQunUJCybr7c3hUs5Z97iSjvauBnw7Q ==
X-ME-Sender: <xms:JG48XxI6KdTwkhIIBEo34Jh4z9xgzYr3SABmhhGa8k_LzAcE84fnsw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddtjedgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpefgvdekvdeuie eviefgvddvffefudfhleektedtgeefgfejfeffkedvheefveejjeenucffohhmrghinhep ihgrtghrrdhorhhgpdhivghtfhdrohhrghdpihhrthhfrdhorhhgnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgs ihhtshdrnhgvth
X-ME-Proxy: <xmx:JG48X9IBSMzEvZ6H3g1ZeClJHTbUi_IBXbFgpLDVmWC2vXZOdZ-Rpg> <xmx:JG48X5vKQ21pbQmv5bN4Bj2dGn-ZFWJQ3DYrW78W0JuhMICLBE8ZXg> <xmx:JG48Xybyq-M32hSM5Fijnzh88AxOuNNESVtJopYekdB1hK8NpwHx2A> <xmx:JW48X0rZ-0BSC1ozmcTSK6ihjCQwZu3ktHrz67zl0MXkbYVJL8ZFeA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id CC6943C00A1; Tue, 18 Aug 2020 20:11:16 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-191-gef79d59-fm-20200818.001-gef79d590
Mime-Version: 1.0
Message-Id: <ad0db219-2e34-4524-8bd5-8f2ed785789b@www.fastmail.com>
In-Reply-To: <CAL02cgR_YugyL42r8Dn_6ip6UA5NUiJAW6eWNJ8tAZhkaM+Jjw@mail.gmail.com>
References: <159682640967.6742.1777084682628766482@ietfa.amsl.com> <f93a51d298e848589b55da5cab9e4f54@uwaterloo.ca> <CAL02cgR_YugyL42r8Dn_6ip6UA5NUiJAW6eWNJ8tAZhkaM+Jjw@mail.gmail.com>
Date: Tue, 18 Aug 2020 17:10:12 -0700
From: Christopher Wood <caw@heapingbits.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/wN8Bz1F6LikVmxivYV6fcmZpLBE>
Subject: Re: [Cfrg] New Version Notification for draft-komlo-frost-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 00:11:20 -0000

On Fri, Aug 7, 2020, at 12:38 PM, Richard Barnes wrote:
> Hi Chelsea,
> 
> Thanks for posting this.  I've been following FROST and looked at it 
> for a couple of applications.  I appreciate its simplicity and 
> robustness relative to other options in this space.  I would be 
> interested in this draft moving forward.

+1 -- given the growing use cases for threshold cryptography, and the tradeoffs FROST makes for improved network overhead, I'd like to see this draft advance as well.

Best,
Chris

> 
> --RLB
> 
> On Fri, Aug 7, 2020 at 3:20 PM Chelsea Komlo <ckomlo@uwaterloo.ca> wrote:
> 
> > All,
> 
> > 
> 
> > We posted our -00 draft for FROST, a Flexible Round Optimized Schnorr Threshold Signature scheme. This draft reflects our updated FROST construction [1].
> 
> > 
> 
> > FROST improves upon prior constructions as it can be used as a single-round signing protocol with preprocessing, while remaining safe against known forgery attacks that are applicable to prior schemes in the literature [2].
> 
> > 
> 
> > Please let us know if there are any questions. We look forward to this draft being considered for adoption as a work item.
> 
> > 
> 
> > Chelsea 
> 
> > 
> 
> > [1] https://eprint.iacr.org/2020/852
> 
> > [2] https://eprint.iacr.org/2018/417
> 
> > 
> 
> > 
> > 
> > *From:* internet-drafts@ietf.org <internet-drafts@ietf.org>
> > *Sent:* Friday, August 7, 2020 6:53 AM
> > *To:* Ian Goldberg; Chelsea Komlo
> > *Subject:* New Version Notification for draft-komlo-frost-00.txt 
> >  
> > 
> > A new version of I-D, draft-komlo-frost-00.txt
> > has been successfully submitted by Chelsea Komlo and posted to the
> > IETF repository.
> > 
> > Name:           draft-komlo-frost
> > Revision:       00
> > Title:          FROST: Flexible Round-Optimized Schnorr Threshold Signatures
> > Document date:  2020-08-07
> > Group:          Individual Submission
> > Pages:          22
> > URL:            https://www.ietf.org/internet-drafts/draft-komlo-frost-00.txt
> > Status:         https://datatracker.ietf.org/doc/draft-komlo-frost/
> > Htmlized:       https://tools.ietf.org/html/draft-komlo-frost-00 <https://tools.ietf...org/html/draft-komlo-frost-00>
> > Htmlized:       https://datatracker.ietf.org/doc/html/draft-komlo-frost 
> > draft-komlo-frost-00 <https://datatracker.ietf.org/doc/html/draft-komlo-frost>
> > datatracker.ietf.org
> > FROST: Flexible Round-Optimized Schnorr Threshold Signatures (Internet-Draft, 2020)
> > 
> > 
> > 
> > 
> > Abstract:
> >    Unlike signatures in a single-party setting, threshold signatures
> >    require cooperation among a threshold number of signers each holding
> >    a share of a common private key.  Consequently, generating signatures
> >    in a threshold setting imposes overhead due to network rounds among
> >    signers, proving costly when secret shares are stored on network-
> >    limited devices or when coordination occurs over unreliable networks.
> >    This draft describes FROST, a Flexible Round-Optimized Schnorr
> >    Threshold signature scheme that reduces network overhead during
> >    signing operations while employing a novel technique to protect
> >    against forgery attacks applicable to similar schemes in the
> >    literature.  FROST improves upon the state of the art in Schnorr
> >    threshold signature protocols, as it can safely perform signing
> >    operations in a single round without limiting concurrency of signing
> >    operations, yet allows for true threshold signing, as only a
> >    threshold number of participants are required for signing operations.
> >    FROST can be used as either a two-round protocol where signers send
> >    and receive two messages in total, or optimized to a single-round
> >    signing protocol with a pre-processing stage.  FROST achieves its
> >    efficiency improvements in part by allowing the protocol to abort in
> >    the presence of a misbehaving participant (who is then identified and
> >    excluded from future operations)--a reasonable model for practical
> >    deployment scenarios.
> > 
> >                                                                                   
> > 
> > 
> > Please note that it may take a couple of minutes from the time of submission
> > until the htmlized version and diff are available at tools.ietf.org.
> > 
> > The IETF Secretariat
> > 
> > 
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>