IETF Logo Mail Archive

Re: [Crypto-panel] [CFRG] Can I have a review of draft-fluhrer-lms-more-parm-sets?

Jon Callas <jon@callas.org> Sat, 13 February 2021 21:24 UTC

Return-Path: <jon@callas.org>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82D13A0EED for <crypto-panel@ietfa.amsl.com>; Sat, 13 Feb 2021 13:24:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=callas.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9i3JIa7FYyg for <crypto-panel@ietfa.amsl.com>; Sat, 13 Feb 2021 13:24:24 -0800 (PST)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F503A0EEA for <crypto-panel@irtf.org>; Sat, 13 Feb 2021 13:24:24 -0800 (PST)
Received: by mail-pg1-x533.google.com with SMTP id o38so1936069pgm.9 for <crypto-panel@irtf.org>; Sat, 13 Feb 2021 13:24:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=callas.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E9m744NBQvUOxNir/qBAm8eB+E8qOx8DFBcSyf5tpG4=; b=Ri6zca/+xBT28adFlgF2uyKXya/iXn2z8F7xidEIFEQ3/1daWPBjwu6Aict9Ew5l6x St1s+6Kn2UXNa51Yq7faOep9rMdddB2AT9ere+fweGcVVSfvYlX8UjeL3vnUQ6PZb13P 2xAYk+E4aGQ/fj46rG2gGvfxuagCiY+CqgefduPy73mm/PlOymGDA/a8IOSlUGyE+Xm2 pcPr6QpN5z9bVU1XQdGDHRKEyzU+z33VwT9aE5qceF+qYL2C3tUjVhZcFc/MqpgD8e9J mR0jdRI2K2/KKTNlmn5Vp25vtBBRYHevPh4HcqtWaeo6Q501lvbgw6nhbEbym1eF+RnJ a1/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E9m744NBQvUOxNir/qBAm8eB+E8qOx8DFBcSyf5tpG4=; b=epN4pvvNvK01Kz5y2LF6CBPWsFD02/BOH+KRTgs64Xe9Sg8pNy3wHiTqV1xWh5ywR8 46xXZlQew/EfvYHL1zK0V3dWJzJvVAtOkKqgLYcUO0MeVM8HjcxHBf1UFzZLIHRTby91 cGBUPA6aY+5wxeqI2QBm/Q/K8H5zR8NXeva1xS4jkv/uAuLvoQ2zEZXZGL+YDhOX1orE CVMkoBdzB/RcbPzcAcG9j4qUc6MjsNrfufYcjhPgqYaaS9LBrLpqDDkQa4YTtOhaDjnF SpLcN5JnB+U1oKRG7Herzz1wwtztHwiGD5lyN0FQraYiaNfPwcyJx4ndxq0KCvD/hT4X 2pFA==
X-Gm-Message-State: AOAM53140++lVlZZkpK5Mnun3SnoIMoixGmhixcmy5VDBZn92YmB+5WI ovHzW2n3T0P+I6Tn9kdVNBI5GA==
X-Google-Smtp-Source: ABdhPJzRZNq6B1G4szYHhWOeCWeZNe3vM3GJB/xTKz3Ilha4THc6PNdhiKbWYOG6ke3e78a4odYIKA==
X-Received: by 2002:a63:748:: with SMTP id 69mr8619692pgh.112.1613251463610; Sat, 13 Feb 2021 13:24:23 -0800 (PST)
Received: from ?IPv6:2600:1700:38c4:12bf:3592:2265:db32:cb0? ([2600:1700:38c4:12bf:3592:2265:db32:cb0]) by smtp.gmail.com with ESMTPSA id 74sm13325492pfw.53.2021.02.13.13.24.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 13 Feb 2021 13:24:23 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <BN7PR11MB2641B951100EB5C8AD3023A2C18A9@BN7PR11MB2641.namprd11.prod.outlook.com>
Date: Sat, 13 Feb 2021 13:24:22 -0800
Cc: Jon Callas <jon@callas.org>, "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>, Russ Housley <housley@vigilsec.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EEABA8D1-86D1-47AA-99B9-3E6B73183381@callas.org>
References: <BN7PR11MB264152C19ECEFD79A61E7DDDC18F9@BN7PR11MB2641.namprd11.prod.outlook.com> <CAMr0u6nG-APMtEOn=xYdjBF0q3So6UEp-Nu0aB8tNEr154KNoA@mail.gmail.com> <EA7EDC73-C399-4089-B89A-0B6EF89EDC21@callas.org> <BN7PR11MB2641B951100EB5C8AD3023A2C18A9@BN7PR11MB2641.namprd11.prod.outlook.com>
To: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/6Z8ZmQjUO5y4kagCtneep2oIBvI>
Subject: Re: [Crypto-panel] [CFRG] Can I have a review of draft-fluhrer-lms-more-parm-sets?
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2021 21:24:26 -0000


> On Feb 12, 2021, at 8:13 PM, Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com> wrote:
> 
> Here's why: the SHA-512 hash compression function takes perhaps 50% more time than the SHA-256 hash compression function - however, it processes twice as much input, and so if you are hashing a long message, you end up processing it perhaps 30% faster.  That's fine for hashing long messages - LMS doesn't spend most of its time doing that.  Instead, a large majority of the hashes are done processing the LM-OTS winternitz chains, and the hashes there are carefully crafted to fit within 55 bytes (the most that SHA-256 can hash with a single hash compression call); replacing SHA-256 with SHA-512 would still have each step do a single hash compression call, but that hash compression call would take 50% longer.
> 

Thanks for the explanation, that was where my suspicions went -- first block overhead.

	Jon

v2.23.0 | Report a Bug | By Email