IETF Logo Mail Archive

[COSE] SHA-512/256 and SHA-256/64

John Mattsson <john.mattsson@ericsson.com> Fri, 01 July 2022 07:33 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D62C15A738 for <cose@ietfa.amsl.com>; Fri, 1 Jul 2022 00:33:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.851
X-Spam-Level:
X-Spam-Status: No, score=-2.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjDTsoSI7f_2 for <cose@ietfa.amsl.com>; Fri, 1 Jul 2022 00:33:09 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2072.outbound.protection.outlook.com [40.107.22.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFB2DC15C7F0 for <cose@ietf.org>; Fri, 1 Jul 2022 00:33:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nT8EauFsj2XRGMdwfoIRDY0mHV9KSGGG8+aGnTnyRlPn0ZDyF4QpXK52mvCM8xJGi9FYix7hDoo/VfXdkWhQspD0QENty12nzyunkDHXi+jscRwIMQ4kmx/TPPWrj63FONKsXN7VLxpbaeXs/n/A7Vnz5juod0V+EJivO7PJkJ39y6a5zCUrb6zZuNCPgHbRLYLXZM9/Uie/yoGAN+2L1klygVAt1Y4gJVxYxnmHaAh+B6sMag+9OSRVEYnjwh2bvWkULELQAG+OdyTsaSF6QgCDapJWt3il5jFVl3YKErGEd68fueGBjwrWQzIEHnq56SNKqmhs0YNyzA8cp2NNcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Lp5IKYNF2dyu3USOnFMYq7cVLLbNbZuwNG0qfrqHFso=; b=mEMDXn0Wv4dyuM9d4uJ2IaQh2KpTR01iTuUeHy/5p0Y3lFU4musOj2cuuEzaGn0GmVwHSJWFGJ1bsaKTDAenDS9mU1vz46o2PORJ4Qg4cafTZZwdhANc+TCR4YyNPCCRuUQus8HSEwnOvQCkjVtuhNoz3w8Pc/U5kcZIzFLyp72PO6zaEx+dVNa/yC2tRBpZxD3IB95Vz3vPHd1HJ+64jQDVOYSdYNnYdr4ITesaU/xzc+i79IWx0JytPPb5jtzsUqUsiSHQWESdu8zV33jOTQGcPFFeyWVe3jp/Ynbgjgxtxtk4KbHgIOdiOS34DRJNP8ZgSKdHDBhwCVAiSCIT9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lp5IKYNF2dyu3USOnFMYq7cVLLbNbZuwNG0qfrqHFso=; b=GmuyaAIXJOF/4312Jjb9WnQwQBDoisRVr6UmZT7PgqWpGAT1JFr+rFoz1j0kDcPfMmbpY1zxN09tO3Yy1O1UfItVbM+amWSse5j6MfhKDn/ow+MY1qILaZksz3JzsqxbQWi2eyrrr8VjBbV3zkybDC/H7Ml+o4miR4D8o9PZOUM=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AM7PR07MB6546.eurprd07.prod.outlook.com (2603:10a6:20b:1a2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.8; Fri, 1 Jul 2022 07:32:56 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c9a5:b970:1fd7:5cdb]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c9a5:b970:1fd7:5cdb%5]) with mapi id 15.20.5417.008; Fri, 1 Jul 2022 07:32:56 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cose@ietf.org" <cose@ietf.org>
Thread-Topic: SHA-512/256 and SHA-256/64
Thread-Index: AQHYjRrWzeAtG3BZXUiI8RXmSyvxPQ==
Date: Fri, 01 Jul 2022 07:32:56 +0000
Message-ID: <HE1PR0701MB3050613BD954FEB66217926489BD9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e7afb73a-da74-419e-ef8e-08da5b33ea97
x-ms-traffictypediagnostic: AM7PR07MB6546:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6woRPTZ+PYc5VNugON7CanVya2h0ngKQrFR7sNsXKqql/qzxtbOs6gnevsuVhc+uTPpFxKHyBS+TIazUOVy19WapeMAA0SHoMWo8kp1avKr1gwynYpGvIhN5eXnwG+KLX2q+kmL+be8gOFYWmxybhh+pxfTrAInM3ioDWhiHrp566qb76QylHk44GDX7nsp6t1Ate56cwMFq8Urp+W+nMnyF0+mK4zaOSqil93gi93Pr3zDbbKLj+hHLscJnZvOlSWsCbEdHJYT1UZ1Q3bUgqDjOL8pGsiReU5MHZIsjwfQKwqmmf17qH+WjG7lwmr/hLbzTNloTBd+OPrgMkk6lOyIpjEqWGHYIvG6ko8xsMUctD6zt79Ogg3O1IjJ/bfZz7ezhjCIGaZ25Qpa1N/8UPgxcPFFCHkKFOIqPWaGFoFP6Un4XePSDYsgeD6eIfdC8mNoryHWeR6w+j4jAcopudpVVs+7ueRj7DPizhHXfUp8La0BtBMINVlniDdrVkOw5oQmPZunL0UAuuih9/2FIhIvbH9WM0IyU9sZRWsWgdmMDKoWJCQnn9FgAdjMifZkfNzOA+XxIlDrHAW1Ei0hUEG8okDNypTeyZYBMWUdBszshjjDceaI+jdK+bfQMVDsM1yFR+pdEzGC3JE1VFRHgKU333xP1ArreZ3ZDZETswo8y03o2ov1sRWzCtUsFdQLi5MAg+9sp0F60QdTOXb0CNPT06ZUuT2zLYyHe4f+g6QyFr7nrLN5M6v0LsJHGrIeqXvLffqrbYHf7mR4iVYnD1npzZrUteP871UmZUsWvEo9ql2U/9np46rdrTT0F+hW6
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(39860400002)(136003)(396003)(366004)(376002)(5660300002)(2906002)(41300700001)(33656002)(71200400001)(44832011)(9686003)(86362001)(8936002)(186003)(7696005)(6506007)(478600001)(26005)(52536014)(6916009)(38100700002)(316002)(38070700005)(8676002)(122000001)(82960400001)(64756008)(66446008)(66476007)(66556008)(91956017)(66946007)(76116006)(83380400001)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yJoUgK2QMCQcr5cgI858LHJeez7c0x2a6AWrEnv5bwlHemtfM/vM/1FC9TR0hPTZu8Rxyuc0xT7fQwxCsI3hz1fJ0cRg4+E+XnYf4kCLnXtYGLa40PNxePGiwAyoJUv43aCCSCUGg44+cDeLHxqUfKEeHGeSlBsbFnagFRJGesq6DNJTqbMC0I3IikuSKolxYGGtMm+9bzezZ+n4KBEyFYevuDpzUK8L4Ku3NnbF13Np23EWQPowg+X58u1d99awh4GssYOz818gKFs+tHZ7VWwCKOPDxPhkbsucOocAzSoV5VQmOE/xYsxUKj5/VE0or2PxFDr3hKTEwRmbp02mJQqxQZ2UFeT8Ub7IKmOk88Ugb3IOSrhJ3CUeFLe4Qd7X7ARpNWmD5h+g+qoSSOtsrEjujSLiXShfEy2d+H9p0D0ScQAkHSgeQORrkusb3EQ/RcHq5B14mKpqdFSoylcu9uyIoZ2NgOcgzRpFsNE6uvBx3z/y5GctsO2hsgSZCoo+1YbjpX9NtzmP3ARTQmoPdVORNAUChevddUaN5sXBCoXritqy8EhRBXViAKpaa672Om9Eor4NeMcHMw0LGmayquB6O8cicYr99NiYnSGr9/thzHjUspRCtu02x2qxqICqhYbSThTk48flK9lD1Nud+runUiSKuktJYyYa1DOWo5PPbZ/X3i+rxlVh9rjey8i+BH0WSLLIgAhjEOASTWrwy93Tdh2F32bzjw2IUKYKP+XaffryoVHViAPcEie1xLuE9aKnOKNXdQcbSXzBJlgXjjgvbpP24Rz23zpIbPJV7+6ZCehUuID9A1QIjQzHg5wCcv6z72m1+YBPuNTgTTtNuOw8gJdefNEGA9xr6onqIjpOA7ugbk7M2T5SbeWmCin6iMe2dk1r5enwUHmWrr1U0I1cABzWv6GzFLZ6zwNcCEUO1My7rLPBKt69ATDkljxIefvEACdcNNHOGoO1Ncj6Gm656QSh2zd6k+BqtaYBarkqAZ0YjeYpRurnKGeT1HjattiEy2xANEw2zrZ00J71tMcNSoPO3qMGlah7jdbQbjXmFUtOAWAV+sIryeLZG7yw/P1SGnv4MoPJW1j0C6dC2kJH7yTw694OwG7ScT3+UcbXdKSDVBzz9oJuMZA6rY1Yq3EFrp/LhTwruu3er6rEsMd1ZSq7U+fC6OJPzSP3ODXq28n0ySClOYEdF/u9XLEAaQeFQL6GsJWKG0DJFBQeDoGJ8o2NU95Mo1bFt/v4+t6kgcH/jrD3tuAvKzR3+FNlOUqWbtiW6+CkUyLHcc1cMUzwCFmPMVHD5BKuKKcVW1GwpPFgEozpIwObEUCprodhd6TUsgO1jqNS3tDL0Ib+Cu+c6/FiHDb2OBDMZW8EF0SCkJvUJWOYxweZSLjOO1jYbMUtPOSINcTyLRltzzVdp1zzBZaWxzJrd66qLoGR3sodlnkZ/mIDKsFQ2CUJSEtQcVEB6MzGAkUBDr6Z3hcXLcfW4m+cbeW3n1oGKJ2OSESEQ8Fdizfa4jpgZZINoGhD0THpZTKgoLGclKUE6Do1QRogcN8/LdxWqeOyEPc13Oel+TgM6t21KT9aWaMFjwL2d/rPfAC1sRIPDRuf85V1pZA7RYLS6EkEpiW5C8LYVAc=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050613BD954FEB66217926489BD9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e7afb73a-da74-419e-ef8e-08da5b33ea97
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2022 07:32:56.3475 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DFIzcQIlDONrOiZjn6OQZNWiqQRx9vo4vVQl5N78pn28QLtlOuhMzIra2fT3qBtCiHG6A3BsDcHJdjSkxmVMMzD7jEYA3LruOfpta/Hbkuc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6546
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/WE2GBHA-_pg4Dr9LTBKAaPPjp9s>
Subject: [COSE] SHA-512/256 and SHA-256/64
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2022 07:33:13 -0000

Hi,

- The IANA COSE Algorithms Registry lists draft-ietf-cose-rfc8152bis-algs-12 as a reference for SHA-512/256 and SHA-256/64. This seems incorrect. draft-ietf-cose-rfc8152bis-algs does not mention SHA-512/256 or SHA-256/64.


- NIST SP 180-4 assigns a very specific meaning to the notation SHA-512/t as the name for a t-bit hash function _based_ on SHA-512 whose output is truncated to t bits. The initial hash value is a _function_ of t.

SHA-512/256 is defined in NIST SP 180-4. As the initial hash value is a function of t it is infeasible to find any relation between a SHA-512 hash and a SHA-512/256 hash.

SHA-256/64 is not defined in NIST SP 180-4. draft-ietf-cose-hash-algs introduces a new meaning to the /t notation. In SHA-256/64 the initial hash value is the same as in SHA-256, i.e., it is not a function of t. This means that SHA-256/64 has different security properties than SHA-512/256. There is a trivial relation between a SHA-256 hash and a SHA-256/64 hash.

I think this difference needs to be made clearer in draft-ietf-cose-hash-algs. The security properties of the SHA-256/64 might come as a surprise to a user expecting the same properties as SHA-512/512. There is also a risk for incompatible implementations as people might implement SHA-256/64 in a similar way as SHA-512/256.

I think that the name SHA-256/64 should be changes as the “/64” in SHA-256/64 has different meaning than the “/256” in SHA-512/256.

I do not think that the initial hash value in SHA-256/64 should be changed as that would make it incompatible with any current implementation of SHA-256.

Cheers,
John

v2.23.0 | Report a Bug | By Email