Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream

"Paterson Kenneth" <kenny.paterson@inf.ethz.ch> Sun, 19 January 2020 22:25 UTC

Return-Path: <kenny.paterson@inf.ethz.ch>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE2912001E for <cfrg@ietfa.amsl.com>; Sun, 19 Jan 2020 14:25:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4SoE8NGWtiY for <cfrg@ietfa.amsl.com>; Sun, 19 Jan 2020 14:25:34 -0800 (PST)
Received: from mailg210.ethz.ch (mailg210.ethz.ch [IPv6:2001:67c:10ec:5606::21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73865120046 for <cfrg@irtf.org>; Sun, 19 Jan 2020 14:25:33 -0800 (PST)
Received: from mailm112.d.ethz.ch (2001:67c:10ec:5602::24) by mailg210.ethz.ch (2001:67c:10ec:5606::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Sun, 19 Jan 2020 23:25:23 +0100
Received: from mailm114.d.ethz.ch (2001:67c:10ec:5602::26) by mailm112.d.ethz.ch (2001:67c:10ec:5602::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Sun, 19 Jan 2020 23:25:27 +0100
Received: from mailm114.d.ethz.ch ([fe80::7114:d795:2066:d254]) by mailm114.d.ethz.ch ([fe80::7114:d795:2066:d254%3]) with mapi id 15.01.1847.005; Sun, 19 Jan 2020 23:25:27 +0100
From: "Paterson Kenneth" <kenny.paterson@inf.ethz.ch>
To: "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>, "cfrg@irtf.org" <cfrg@irtf.org>
CC: "draft-atkins-suit-cose-walnutdsa@ietf.org" <draft-atkins-suit-cose-walnutdsa@ietf.org>
Thread-Topic: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream
Thread-Index: AQHVzxMynpu5qoRG2EyAH0XVSoWpn6fykIsA
Date: Sun, 19 Jan 2020 22:25:27 +0000
Message-ID: <5F28BE43-1AB5-4CA6-9435-BB841778EBD8@inf.ethz.ch>
References: <087819e292adcd619684ac745a8a243f.squirrel@www.rfc-editor.org>
In-Reply-To: <087819e292adcd619684ac745a8a243f.squirrel@www.rfc-editor.org>
Accept-Language: de-CH, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [85.255.233.90]
x-tm-snts-smtp: 396AB48864FA6338860BC47C23A53CA162941BC443763727139665346AB4D4742000:8
Content-Type: text/plain; charset="utf-8"
Content-ID: <41AB6AF1356FFC429935995299B54B3C@intern.ethz.ch>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/x780cBySTESetCj0qnt2pa6NV0Y>
Subject: Re: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jan 2020 22:25:37 -0000

Hi Adrian,

I'm no longer a CFRG chair so I can say exactly what I think now :-)

I don't think CFRG should "bless" any draft concerning the WalnutDSA scheme. Notably, this algorithm did not pass to the second round in the NIST competition due to the significant cryptanalysis that it suffered from prior to and in the early stages of the competition. 

It may be that the proposers of this algorithm are able to avoid all currently known attacks by setting parameters carefully, and through extensive modifications to the scheme. But the scheme's history does not inspire confidence. Moreover, my strong sense is that serious cryptanalysts have stopped working on it simply because it did not pass to the second round (put another way, they successfully killed it in the first round).

Best wishes,

Kenny


-- 
Kenny Paterson
Applied Cryptography Group
 
ETH Zurich, Computer Science Dept.
Universitätstrasse 6, CNB E 104.2
CH-8092 Zurich
 
tel. +41 44 632 32 52
www.appliedcrypto.ethz.ch

-----Original Message-----
From: Cfrg <cfrg-bounces@irtf.org> on behalf of "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
Reply to: "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>
Date: Sunday, 19 January 2020 at 22:55
To: "cfrg@irtf.org" <cfrg@irtf.org>
Cc: "draft-atkins-suit-cose-walnutdsa@ietf.org" <draft-atkins-suit-cose-walnutdsa@ietf.org>rg>, Adrian Farrel <rfc-ise@rfc-editor.org>
Subject: [Cfrg] draft-atkins-suit-cose-walnutdsa on the Independent Stream

    Hi CFRG,
    
    Derek Atkins has presented draft-atkins-suit-cose-walnutdsa to me for
    publication as an Independent Submission Informational RFC.
    
    I think this is the sort of draft that would benefit from the CFRG's
    wisdom and would appreciate any reviews or guidance that you're able to
    give.
    
    The latest version of the draft can be found at
    https://datatracker.ietf.org/doc/draft-atkins-suit-cose-walnutdsa/
    
    If you could cc me on any discussions (or send them off list) that would
    be helpful.
    
    Many thanks,
    Adrian
    -- 
    Adrian Farrel (ISE),
    rfc-ise@rfc-editor.org
    
    _______________________________________________
    Cfrg mailing list
    Cfrg@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg