[CFRG] Re: [lamps] Re: Do we have unsafe uses of Ed448 and Ed25519? Fix Ed448?
Daniel Huigens <daniel.huigens@proton.ch> Thu, 12 September 2024 19:32 UTC
Return-Path: <daniel.huigens@proton.ch>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0F48C14F6AD for <cfrg@ietfa.amsl.com>; Thu, 12 Sep 2024 12:32:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proton.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_8Xa6N5Q18z for <cfrg@ietfa.amsl.com>; Thu, 12 Sep 2024 12:32:11 -0700 (PDT)
Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9C61C14F696 for <cfrg@irtf.org>; Thu, 12 Sep 2024 12:32:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.ch; s=fsfh6slcp5an5a6isf5wjqrmd4.protonmail; t=1726169529; x=1726428729; bh=OwgYcLzzY80uWjiflHuD+K+qLII/FdkZGEzk4DGzXNM=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=K1d10OEBD6g2FsLY/qPG/V1lBk3vmmHvNsb98eT39A+37sd+NtHdw1hxpl8xt2iwK eitWknYtIQ4+1uq8ceDkNxaaTTc86h7wSHMvjfi3jhA19QV8y587ryf4EQ/ERWXv5i FaCK8eQL7Gklo9E0kCTvNPNcYVMv16Pbjd3WnF1PpzUcOb+JsRMkS3cuDCpxEK3Ckj HejyoyUcaALV8I566GUsoWl2Hz4m38j1zTrdPsoasPdrrhnKu8WfublhvFoQIniaQy vbOEXtwxP0Zxqj71HsEAgIFdi6bmzVDfIQShrD4J7fgsr6e6Og468UhZkx9S5LLOsO K/GUr2AY7ZIUw==
Date: Thu, 12 Sep 2024 19:32:06 +0000
To: "Markku-Juhani O. Saarinen" <mjos.crypto@gmail.com>
From: Daniel Huigens <daniel.huigens@proton.ch>
Message-ID: <ne7qwAiLKKXQwpjKkM5_VSyyvgF8bEievobP2itFm5UIrypyooKkJTmPiBwJtvzC_SlRn8H6raNvDMoNMaJjybRLmychcYULfT9SOSGOr9w=@proton.ch>
In-Reply-To: <CA+iU_qnb6xhqrFOoB3nxxCPqTrrJh7xLOPwPAg8yTsaSEbaEUg@mail.gmail.com>
References: <CAMm+Lwhqn4Jb6+ngpn7XgewMPhp_m30sVmHHWpGOzgQL-Jb-Gg@mail.gmail.com> <7UBoaC8dyojecRBPaTY-ox4-kUc97lmYVs7CCbK1-pSSOGciGEGpMDrmbtcvXaVwck_g450IA1NkMmeu4drw-TsIJbANOyNJTk85HTRSgLA=@proton.ch> <CAMm+LwgWerSbRAg01jYbRDEbcD5U1tzmLJFS0SQ-BhYRt3zEHA@mail.gmail.com> <EFRK10NjF9PY9HVQWEHtO59GMQTpUu2nJ1bFb3_DLRzAwo6Wr-tiWMqXmsZbCQHeYzQ9lsqDzNWf_vjndqDseaexeBLAnbpy0WsfRFMAONE=@proton.ch> <CA+iU_qnb6xhqrFOoB3nxxCPqTrrJh7xLOPwPAg8yTsaSEbaEUg@mail.gmail.com>
Feedback-ID: 37000915:user:proton
X-Pm-Message-ID: 96b7d993135b56a1d0d085211e2a2756d4b92c45
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_2psm2XIKY5s4733nvQUD1Kq5lUnMtOu4SGVqmCIXCY"
Message-ID-Hash: SEWMZQQ27V6KNYSXQ2SZI4EJAMQYXNAF
X-Message-ID-Hash: SEWMZQQ27V6KNYSXQ2SZI4EJAMQYXNAF
X-MailFrom: daniel.huigens@proton.ch
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IRTF CFRG <cfrg@irtf.org>, jose@ietf.org, cose WG <cose@ietf.org>, SPASM <SPASM@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: [lamps] Re: Do we have unsafe uses of Ed448 and Ed25519? Fix Ed448?
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zxAHJ0CuGFIT6oY7dkbGCdCRs5Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hi Markku, Yeah. We had a conversation about this on the OpenPGP mailing list and David A. Cooper from NIST (although speaking for himself) [clarified](https://mailarchive.ietf.org/arch/msg/openpgp/5OJLFcUB3i7Y9y6ji7xPcdLav5U/), similarly to what you said: > I do not think of HashML-DSA.Sign as being a case in which the hashing > of the message occurs at the application level. I think of the way that > signing works with my smart card (or an HSM) now. If my application > wants to sign a message (using RSA or ECDSA), calls a sign function of > the cryptographic library. The library sends the message to a software > cryptographic module (that is probably statically or dynamically linked > to the cryptographic library), applies any necessary padding to the > hash, and then sends the result to the smart card (or HSM), which > performs the private key operation. I would expect something similar > with ML-DSA. The application just asks for a message to be signed. The > cryptographic library handles the details of how to do that, which may > involve sending different commands to different cryptographic modules. Best, Daniel
- [CFRG] Do we have unsafe uses of Ed448 and Ed2551… Phillip Hallam-Baker
- [CFRG] Re: Do we have unsafe uses of Ed448 and Ed… Daniel Huigens
- [CFRG] Re: Do we have unsafe uses of Ed448 and Ed… Phillip Hallam-Baker
- [CFRG] Re: Do we have unsafe uses of Ed448 and Ed… Daniel Huigens
- [CFRG] Re: [lamps] Re: Do we have unsafe uses of … Daniel Huigens