From: Paul Wolneykien <manowar@altlinux.org> To: oss-gost-crypto@lists.altlinux.org Subject: Re: [oss-gost-crypto] EC-RDSA and a key substitution attack Date: Tue, 4 Dec 2018 14:58:22 +0300 Message-ID: <34bb2784-24e9-69dd-f2e3-d32dfdc50a0e@altlinux.org> (raw) In-Reply-To: <20181204065445.gcaguhhvh7z6gajf@sole.flsd.net> 04.12.2018 09:54, Vitaly Chikunov пишет: > Hi, > > В превью к ISO/IEC 14888-3:2018 сказано > > https://www.iso.org/obp/ui/#!iso:std:76382:en > > "NOTE 5 The mechanisms of EC-DSA, EC-GDSA. EC-RDSA and EC-FSDSA may be > vulnerable to a key substitution attack[10]. The attack is realized if > an adversary can find two distinct public keys and one signature such > that the signature is valid for both public keys. There are several > approaches of avoiding this attack and its possible impact on the > security of a cryptographic system. For example, the public key > corresponding to the private signing key can be added into the message > to be signed." > > Где EC-RDSA это ГОСТ Р 34.10-2001 (а значит и 34.10-2012). > > На сколько эта атака актуальна для ГОСТа или это очередной наговор на > российскую криптографию в стиле Н. Куртуа? Очень похоже. Не сказано, какова вероятность нахождения второго подходящего ключа и какие условия поиска имеются в виду. > Добавить signing key к message не сложно, но я исхожу из того, что этого > делать не надо, так как в ГОСТе такого нет. Но если бы был > рекомендованный метод формирования подписи с учетом этой атаки, то > другое дело. > > > _______________________________________________ > oss-gost-crypto mailing list > oss-gost-crypto@lists.altlinux.org > https://lists.altlinux.org/mailman/listinfo/oss-gost-crypto >
next prev parent reply other threads:[~2018-12-04 11:58 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-12-04 6:54 Vitaly Chikunov 2018-12-04 7:24 ` Vitaly Chikunov 2018-12-04 11:58 ` Paul Wolneykien [this message] 2018-12-05 7:35 ` Дмитрий Державин 2018-12-05 7:42 ` Vitaly Chikunov 2018-12-05 9:55 ` Дмитрий Державин 2018-12-05 11:37 ` Vitaly Chikunov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=34bb2784-24e9-69dd-f2e3-d32dfdc50a0e@altlinux.org \ --to=manowar@altlinux.org \ --cc=oss-gost-crypto@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Open-source aspects of GOST Cryptography This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/oss-gost-crypto/0 oss-gost-crypto/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 oss-gost-crypto oss-gost-crypto/ http://lore.altlinux.org/oss-gost-crypto \ oss-gost-crypto@lists.altlinux.org oss-gost-crypto@lists.altlinux.ru oss-gost-crypto@lists.altlinux.com public-inbox-index oss-gost-crypto Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.oss-gost-crypto AGPL code for this site: git clone https://public-inbox.org/public-inbox.git