IETF Logo Mail Archive

[openpgp] Re: Deterministic generation of (symmetric) public key params from private key params

vedaal@nym.hush.com Thu, 14 November 2024 17:46 UTC

Return-Path: <vedaal@nym.hush.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 569E6C14F713 for <openpgp@ietfa.amsl.com>; Thu, 14 Nov 2024 09:46:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nym.hush.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAOX2qjEffnJ for <openpgp@ietfa.amsl.com>; Thu, 14 Nov 2024 09:46:01 -0800 (PST)
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6398CC14F6F2 for <openpgp@ietf.org>; Thu, 14 Nov 2024 09:46:00 -0800 (PST)
Received: from smtp3.hushmail.com (localhost [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id BB333800157 for <openpgp@ietf.org>; Thu, 14 Nov 2024 17:45:59 +0000 (UTC)
X-hush-tls-connected: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=nym.hush.com; h=date:to:subject:from; s=hush; bh=3fF/JRYwOlNxqWetehmzOx6C9CoZ7OCFvTVtyl2TTMg=; b=lCWffANHyiioYqsbT1XT3CM6t/DKMpG0qGc7YexI4EIaFXorEZMiO14T2NmK2USZFn0s4SNegGqme1XQVxoc0fs3CBqsqzZPJ2JDHk63zw6aer5l7EAPdeTkXB4VNKKxJAXtYvsOWugmKrStc5GiA1caPyq00fyHDpDcmrcZaASTXRWWWunzlmmfwc89om5H0rTzfu7AwWAENQ4veP0xBap+6xIaA3GAGpDzg1xSQdZakIiDVUCAEA08Yq75q69b9bKHnh9OfbVBgDFCjihaesJlby1zHu+WdU4qB+gO5pyMeCuMyZxmlvBUjzscpt5LLzH+ZX8XvZtz5BFR8bN8Sg==
Received: from smtp.hushmail.com (w9.hc.hushmailinc.com [10.4.30.113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp3.hushmail.com (Postfix) with ESMTPS; Thu, 14 Nov 2024 17:45:59 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 48) id 7E7B929D9; Thu, 14 Nov 2024 17:45:59 +0000 (UTC)
MIME-Version: 1.0
Date: Thu, 14 Nov 2024 12:45:59 -0500
To: Justus Winter <justus@sequoia-pgp.org>, openpgp <openpgp@ietf.org>
From: vedaal@nym.hush.com
In-Reply-To: <877c95yg9q.fsf@europ.lan>
References: <FxKXcgs81L4JQJjqV8sB_941ghtKVj5cjVYx6povy95enL27NdtRWhG5cLgElc9jJXQRqFqbTroNYlSL1agjgDVfRTmKJtKVwJkC0U1PmS8=@protonmail.com> <87a5e3xmba.fsf@europ.lan> <prYwCJCeUbCUx9PF-bWdQf-DpImAj18NQ9VhjOH0NpT-6WFmO_4JHrmI-2x0laDmEKjVVEif6GPZJa4rhz64k8-2-aZW6Og03YG6RLeGtfA=@protonmail.com> <877c95yg9q.fsf@europ.lan>
Message-ID: <2f50dbea1fffe1b0ce159da0f80ba661f41b9216efbc0ee1@smtp.hushmail.com>
Content-Type: multipart/alternative; boundary="=_c8e052bd2a7b235e987164c6eda56e6e"
Message-ID-Hash: YYOPAVR7TPZBIVLA7IB2MSTKS343NQT4
X-Message-ID-Hash: YYOPAVR7TPZBIVLA7IB2MSTKS343NQT4
X-MailFrom: vedaal@nym.hush.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Deterministic generation of (symmetric) public key params from private key params
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/K5tVwm5o1139BitWpbpb9zZL_ig>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>


On 11/14/2024 at 10:41 AM, "Justus Winter"  wrote:
Interesting.  What about also hashing in the other metadata (i.e. the
timestamp).  Then, the problem arises only if you have 2^64 users
creating a symmetric key at the exact same time

=====

GnuPG allows for a 'fake time' where any time can be listed. 

So, theoretically, a well-funded, well resourced adversary, can create
2^64 symmetric keys with the same timestamp. 

vedaal

v2.36.0 | Report a Bug | By Email | System Status