From: Vitaly Chikunov <vt@altlinux.org> To: Open-source aspects of GOST Cryptography <oss-gost-crypto@lists.altlinux.org> Subject: Re: [oss-gost-crypto] EC-RDSA and a key substitution attack Date: Tue, 4 Dec 2018 10:24:30 +0300 Message-ID: <20181204072430.rxzg7bfbu5gebl2r@sole.flsd.net> (raw) In-Reply-To: <CADqLbzKt6PPM7T7ooeHt=6TP5h6w5t3vboT0x34r6SyTvW6ukg@mail.gmail.com> On Tue, Dec 04, 2018 at 10:02:14AM +0300, Dmitry Belyavsky wrote: > А просто EC-DSA в данном контексте что? Это американский ECDSA (FIPS 186-2, ANSI X9.62, ISO/IEC 15946-2). > > On Tue, Dec 4, 2018 at 9:54 AM Vitaly Chikunov <[1]vt@altlinux.org> > wrote: > > Hi, > В превью к ISO/IEC 14888-3:2018 сказано > [2]https://www.iso.org/obp/ui/#!iso:std:76382:en > "NOTE 5 The mechanisms of EC-DSA, EC-GDSA. EC-RDSA and EC-FSDSA > may be > vulnerable to a key substitution attack[10]. The attack is > realized if > an adversary can find two distinct public keys and one signature > such > that the signature is valid for both public keys. There are > several > approaches of avoiding this attack and its possible impact on the > security of a cryptographic system. For example, the public key > corresponding to the private signing key can be added into the > message > to be signed." > Где EC-RDSA это ГОСТ Р 34.10-2001 (а значит и 34.10-2012). > На сколько эта атака актуальна для ГОСТа или это очередной наговор > на > российскую криптографию в стиле Н. Куртуа? > Добавить signing key к message не сложно, но я исхожу из того, что > этого > делать не надо, так как в ГОСТе такого нет. Но если бы был > рекомендованный метод формирования подписи с учетом этой атаки, то > другое дело. > _______________________________________________ > oss-gost-crypto mailing list > [3]oss-gost-crypto@lists.altlinux.org > [4]https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto > > -- > > SY, Dmitry Belyavsky > > References > > 1. mailto:vt@altlinux.org > 2. https://www.iso.org/obp/ui/#!iso:std:76382:en > 3. mailto:oss-gost-crypto@lists.altlinux.org > 4. https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto > _______________________________________________ > oss-gost-crypto mailing list > oss-gost-crypto@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto
next prev parent reply other threads:[~2018-12-04 7:24 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-12-04 6:54 Vitaly Chikunov 2018-12-04 7:24 ` Vitaly Chikunov [this message] 2018-12-04 11:58 ` Paul Wolneykien 2018-12-05 7:35 ` Дмитрий Державин 2018-12-05 7:42 ` Vitaly Chikunov 2018-12-05 9:55 ` Дмитрий Державин 2018-12-05 11:37 ` Vitaly Chikunov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181204072430.rxzg7bfbu5gebl2r@sole.flsd.net \ --to=vt@altlinux.org \ --cc=oss-gost-crypto@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Open-source aspects of GOST Cryptography This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/oss-gost-crypto/0 oss-gost-crypto/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 oss-gost-crypto oss-gost-crypto/ http://lore.altlinux.org/oss-gost-crypto \ oss-gost-crypto@lists.altlinux.org oss-gost-crypto@lists.altlinux.ru oss-gost-crypto@lists.altlinux.com public-inbox-index oss-gost-crypto Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.oss-gost-crypto AGPL code for this site: git clone https://public-inbox.org/public-inbox.git