[oss-gost-crypto] EC-RDSA and a key substitution attack

Open-source aspects of GOST Cryptography
 help / color / mirror / Atom feed

From: Vitaly Chikunov <vt@altlinux.org>
To: Open-source aspects of GOST Cryptography
	<oss-gost-crypto@lists.altlinux.org>
Subject: [oss-gost-crypto] EC-RDSA and a key substitution attack
Date: Tue, 4 Dec 2018 09:54:45 +0300
Message-ID: <20181204065445.gcaguhhvh7z6gajf@sole.flsd.net> (raw)

Hi,

В превью к ISO/IEC 14888-3:2018 сказано 

  https://www.iso.org/obp/ui/#!iso:std:76382:en

  "NOTE 5 The mechanisms of EC-DSA, EC-GDSA. EC-RDSA and EC-FSDSA may be
  vulnerable to a key substitution attack[10]. The attack is realized if
  an adversary can find two distinct public keys and one signature such
  that the signature is valid for both public keys. There are several
  approaches of avoiding this attack and its possible impact on the
  security of a cryptographic system. For example, the public key
  corresponding to the private signing key can be added into the message
  to be signed."

Где EC-RDSA это ГОСТ Р 34.10-2001 (а значит и 34.10-2012).

На сколько эта атака актуальна для ГОСТа или это очередной наговор на
российскую криптографию в стиле Н. Куртуа?

Добавить signing key к message не сложно, но я исхожу из того, что этого
делать не надо, так как в ГОСТе такого нет. Но если бы был
рекомендованный метод формирования подписи с учетом этой атаки, то
другое дело.

next             reply	other threads:[~2018-12-04  6:54 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-04  6:54 Vitaly Chikunov [this message]
2018-12-04  7:24   ` Vitaly Chikunov
2018-12-04 11:58 ` Paul Wolneykien
2018-12-05  7:35 ` Дмитрий Державин
2018-12-05  7:42   ` Vitaly Chikunov
2018-12-05  9:55   ` Дмитрий Державин
2018-12-05 11:37     ` Vitaly Chikunov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181204065445.gcaguhhvh7z6gajf@sole.flsd.net \
    --to=vt@altlinux.org \
    --cc=oss-gost-crypto@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Open-source aspects of GOST Cryptography

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/oss-gost-crypto/0 oss-gost-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 oss-gost-crypto oss-gost-crypto/ http://lore.altlinux.org/oss-gost-crypto \
		oss-gost-crypto@lists.altlinux.org oss-gost-crypto@lists.altlinux.ru oss-gost-crypto@lists.altlinux.com
	public-inbox-index oss-gost-crypto

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.oss-gost-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git