Re: [dsfjdssdfsd] provability & Dual_EC ... [was Blum-Blum-Shub ambiguity in 4086 ...]

ianG <iang@iang.org> Tue, 18 March 2014 17:06 UTC

Return-Path: <iang@iang.org>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C1531A06F8 for <dsfjdssdfsd@ietfa.amsl.com>; Tue, 18 Mar 2014 10:06:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F29Ud1WDQDQX for <dsfjdssdfsd@ietfa.amsl.com>; Tue, 18 Mar 2014 10:06:33 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) by ietfa.amsl.com (Postfix) with ESMTP id 962541A0721 for <dsfjdssdfsd@ietf.org>; Tue, 18 Mar 2014 10:06:16 -0700 (PDT)
Received: from tormenta.local (www2.futureware.at [78.41.115.142]) by virulha.pair.com (Postfix) with ESMTPSA id 7B1D56D52B; Tue, 18 Mar 2014 13:06:03 -0400 (EDT)
Message-ID: <53287CF9.9050407@iang.org>
Date: Tue, 18 Mar 2014 17:06:01 +0000
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: dsfjdssdfsd@ietf.org
References: <mailman.7123.1395159295.2539.dsfjdssdfsd@ietf.org>
In-Reply-To: <mailman.7123.1395159295.2539.dsfjdssdfsd@ietf.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dsfjdssdfsd/CHDfQ1C38Vx2ZB4dk0dSzb-vPhw
Cc: Dan Brown <dbrown@certicom.com>, "joncallas@icloud.com" <joncallas@icloud.com>
Subject: Re: [dsfjdssdfsd] provability & Dual_EC ... [was Blum-Blum-Shub ambiguity in 4086 ...]
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 17:06:35 -0000

Hi Dan,

> You raise the provability issue about BBS (which is different from the two issues about BBS that I previously raised, which were some attacks), and also extend it to Dual_EC, and perhaps any "public-key" DRBG.


I recently had built a DRBG or PRNG.  I tasked an intern (3rd year comp
sci) to do it.  I instructed ChaCha.  That was about it.

I was able to do that because (a ) I know what ChaCha does, enough for
this task, (b ) she was able to learn enough about it to write ChaCha
from the paper and get it up and going, within 3 weeks, also a mixer and
a collector, (c ) we're using it for crypto as well as RNGs, and (d ) if
anything goes wrong with it we'll hear about it.  Oh, and it comes with
some pedigree, call that (e ).

These are very simple engineering things.  They give me confidence.
And, none of the above characteristics are true of BBS or Dual_EC.
Provability doesn't change that, it doesn't add to the list, and in my
mind it makes it more suspicious, it gives it an air of mystique and
salesmanship.

This isn't saying anything that Jon didn't say, it's just adding some
anecdotal flesh -- out in the coding world we'll do what is practical as
engineers, we add tires on so we can kick them.  We typically wouldn't
touch things we don't understand with a barge pole.

It's really a pragmatic approach I suppose, very humdrum, but it is what
we do.



iang