From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vt@altlinux.org>
Date: Tue, 4 Dec 2018 10:24:30 +0300
From: Vitaly Chikunov <vt@altlinux.org>
To: Open-source aspects of GOST Cryptography
 <oss-gost-crypto@lists.altlinux.org>
Message-ID: <20181204072430.rxzg7bfbu5gebl2r@sole.flsd.net>
References: <20181204065445.gcaguhhvh7z6gajf@sole.flsd.net>
 <CADqLbzKt6PPM7T7ooeHt=6TP5h6w5t3vboT0x34r6SyTvW6ukg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CADqLbzKt6PPM7T7ooeHt=6TP5h6w5t3vboT0x34r6SyTvW6ukg@mail.gmail.com>
User-Agent: NeoMutt/20171215-106-ac61c7
Subject: Re: [oss-gost-crypto] EC-RDSA and a key substitution attack
X-BeenThere: oss-gost-crypto@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Open-source aspects of GOST Cryptography
 <oss-gost-crypto@lists.altlinux.org>
List-Id: Open-source aspects of GOST Cryptography
 <oss-gost-crypto.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/oss-gost-crypto>, 
 <mailto:oss-gost-crypto-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/oss-gost-crypto>
List-Post: <mailto:oss-gost-crypto@lists.altlinux.org>
List-Help: <mailto:oss-gost-crypto-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto>, 
 <mailto:oss-gost-crypto-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2018 07:24:31 -0000
Archived-At: <http://lore.altlinux.org/oss-gost-crypto/20181204072430.rxzg7bfbu5gebl2r@sole.flsd.net/>
List-Archive: <http://lore.altlinux.org/oss-gost-crypto/>

On Tue, Dec 04, 2018 at 10:02:14AM +0300, Dmitry Belyavsky wrote:
>    А просто EC-DSA в данном контексте что?

Это американский ECDSA (FIPS 186-2, ANSI X9.62, ISO/IEC 15946-2).


> 
>    On Tue, Dec 4, 2018 at 9:54 AM Vitaly Chikunov <[1]vt@altlinux.org>
>    wrote:
> 
>      Hi,
>      В превью к ISO/IEC 14888-3:2018 сказано
>        [2]https://www.iso.org/obp/ui/#!iso:std:76382:en
>        "NOTE 5 The mechanisms of EC-DSA, EC-GDSA. EC-RDSA and EC-FSDSA
>      may be
>        vulnerable to a key substitution attack[10]. The attack is
>      realized if
>        an adversary can find two distinct public keys and one signature
>      such
>        that the signature is valid for both public keys. There are
>      several
>        approaches of avoiding this attack and its possible impact on the
>        security of a cryptographic system. For example, the public key
>        corresponding to the private signing key can be added into the
>      message
>        to be signed."
>      Где EC-RDSA это ГОСТ Р 34.10-2001 (а значит и 34.10-2012).
>      На сколько эта атака актуальна для ГОСТа или это очередной наговор
>      на
>      российскую криптографию в стиле Н. Куртуа?
>      Добавить signing key к message не сложно, но я исхожу из того, что
>      этого
>      делать не надо, так как в ГОСТе такого нет. Но если бы был
>      рекомендованный метод формирования подписи с учетом этой атаки, то
>      другое дело.
>      _______________________________________________
>      oss-gost-crypto mailing list
>      [3]oss-gost-crypto@lists.altlinux.org
>      [4]https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto
> 
>    --
> 
>    SY, Dmitry Belyavsky
> 
> References
> 
>    1. mailto:vt@altlinux.org
>    2. https://www.iso.org/obp/ui/#!iso:std:76382:en
>    3. mailto:oss-gost-crypto@lists.altlinux.org
>    4. https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto

> _______________________________________________
> oss-gost-crypto mailing list
> oss-gost-crypto@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto