[openpgp] Re: Deterministic generation of (symmetric) public key params from private key params
Daniel Huigens <d.huigens@protonmail.com> Thu, 14 November 2024 16:40 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB50C1DA1CD for <openpgp@ietfa.amsl.com>; Thu, 14 Nov 2024 08:40:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFG2R9BlVW4P for <openpgp@ietfa.amsl.com>; Thu, 14 Nov 2024 08:40:28 -0800 (PST)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 087BAC1D8757 for <openpgp@ietf.org>; Thu, 14 Nov 2024 08:40:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1731602425; x=1731861625; bh=zG5uFkPjsXVyrzY9hCImV4nYyCXEDbsaZHa+asVOIn0=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=W7RFsDp298NoUs7rTkX4HXvtWDWE8hz/QtvHbWkWNVzm7NoN+v3foh5gawl1NhYDG hcxrycU0dGBNNqK/VbXOH3EiwjUde7hTXD+tKqvf9gJz3ksLTRowrsFExi8QuL564z Ax7NnwsMmijstFzrLJkL2i6nVIEpx7gEx1HOBppQByWtmWLZi9C3L9rjpc1fZSBObp yerz6VNV1LJSliscf4eR3Qn7qwWUkqZG7zjkc2wRgy4/JJOvFaKxcvIJnhwWShICSw DdR9Gl0ywAIOtc7DbGZ88RtqAIw7oDnBk1sP/Z1KIkAnGy9TutpSi/GHdzad5BgOJo 4DVgKUQhgtgsw==
Date: Thu, 14 Nov 2024 16:40:21 +0000
To: Justus Winter <justus@sequoia-pgp.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Message-ID: <WUXXmJrHPAI2AVgvViSvuX-MW11---ZTxJx6m3Z-uyngBTncxyGC18yihkWaJ4RkrN7O1_DhnEJOBz0nLvwn0jgLXTtJzIWN8ZdPDYuBNmU=@protonmail.com>
In-Reply-To: <877c95yg9q.fsf@europ.lan>
References: <FxKXcgs81L4JQJjqV8sB_941ghtKVj5cjVYx6povy95enL27NdtRWhG5cLgElc9jJXQRqFqbTroNYlSL1agjgDVfRTmKJtKVwJkC0U1PmS8=@protonmail.com> <87a5e3xmba.fsf@europ.lan> <prYwCJCeUbCUx9PF-bWdQf-DpImAj18NQ9VhjOH0NpT-6WFmO_4JHrmI-2x0laDmEKjVVEif6GPZJa4rhz64k8-2-aZW6Og03YG6RLeGtfA=@protonmail.com> <877c95yg9q.fsf@europ.lan>
Feedback-ID: 2934448:user:proton
X-Pm-Message-ID: 51f70165921088036fca4b296ad172ddb4305910
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: N6NYT3KYJLLXB54667ZIDNTFJB2MLDXB
X-Message-ID-Hash: N6NYT3KYJLLXB54667ZIDNTFJB2MLDXB
X-MailFrom: d.huigens@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Deterministic generation of (symmetric) public key params from private key params
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/PCDAAEj0ngNKjPPrAiYolSk_Vng>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi Justus :) On Thursday, November 14th, 2024 at 16:41, Justus Winter wrote: > Interesting. What about also hashing in the other metadata (i.e. the > timestamp). Then, the problem arises only if you have 2^64 users > creating a symmetric key at the exact same time Yeah, I think it'd probably be safe, but we'd have to write a somewhat non-trivial security considerations section arguing why it is so, and detailing the (admittedly very unlikely) scenarios in which it's not. I'm just not sure it's worth it to save 32 octets? Also, I'm still not sure if deterministic certificate generation from the private key material (plus a timestamp, presumably) is even a use case we should care about - e.g. does Sequoia (or any other library) even have an API for that? And if so, could it be extended to provide some algorithm-specific public key material (e.g. the fingerprint seed) as well? Alternatively, implementations could offer to deterministically generate a certificate from a (different kind of) seed, by seeding a CSPRNG or KDF using it and then generating both the private key material and the fingerprint seed using that? Best, Daniel
- [openpgp] Deterministic generation of (symmetric)… Daniel Huigens
- [openpgp] Re: Deterministic generation of (symmet… Justus Winter
- [openpgp] Re: Deterministic generation of (symmet… Daniel Huigens
- [openpgp] Re: Deterministic generation of (symmet… Simo Sorce
- [openpgp] Re: Deterministic generation of (symmet… Justus Winter
- [openpgp] Re: Deterministic generation of (symmet… Daniel Huigens
- [openpgp] Re: Deterministic generation of (symmet… vedaal
- [openpgp] Re: Deterministic generation of (symmet… Daniel Huigens