crypto primitives: add RSA-FDH - lsd0009 - LSD0009: The GNU Taler Protocol

commit f9ad03dcf8b27b42dd27d7fa9a9c1674089b9c98
parent 186e6c9ba1ec9a83472cdce6acd41c2f0215f1ae
Author: Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
Date:   Mon,  8 Jul 2024 11:50:09 +0200

crypto primitives: add RSA-FDH

Diffstat:
M draft-guetschow-taler-protocol.md  | 24 +++++++++++++++++++++++-
M draft-guetschow-taler-protocol.xml  | 120 +++++++++++++++++++++++++++++++++++++++++++++++++------------------------------

2 files changed, 97 insertions(+), 47 deletions(-)
diff --git a/draft-guetschow-taler-protocol.md b/draft-guetschow-taler-protocol.md
@@ -198,7 +198,29 @@ do until OKM < N:
 
 ## Blind Signatures
 
-### FDH-RSA
+### RSA-FDH
+
+~~~
+RSA-FDH(msg, pubkey) -> fdh
+
+Inputs:
+    msg     message
+    pubkey  RSA public key consisting of modulus N and public exponent e
+
+Output:
+    fdh     full-domain hash of msg over pubkey.N
+~~~
+
+`fdh` is calculated based on HKDF-Mod from {{hkdf-mod}} as follows:
+
+~~~
+info = 0x5253412d46444120465470735721 ("RSA-FDA FTpsW!" encoded as UTF-8)
+salt = length(pubkey.N) | length(pubkey.e) | pubkey.N | pubkey.e
+fdh = HKDF-Mod(pubkey.N, salt, msg, info)
+~~~
+
+The resulting `fdh` can be used to test against a malicious RSA pubkey
+by verifying that the greatest common denominator (gcd) of `fdh` and `pubkey.N` is 1.
 
 ### Clause-Schnorr
 
diff --git a/draft-guetschow-taler-protocol.xml b/draft-guetschow-taler-protocol.xml
@@ -221,7 +221,29 @@ do until OKM < N:
 </section>
 <section anchor="blind-signatures"><name>Blind Signatures</name>
 
-<section anchor="fdh-rsa"><name>FDH-RSA</name>
+<section anchor="rsa-fdh"><name>RSA-FDH</name>
+
+<figure><artwork><![CDATA[
+RSA-FDH(msg, pubkey) -> fdh
+
+Inputs:
+    msg     message
+    pubkey  RSA public key consisting of modulus N and public exponent e
+
+Output:
+    fdh     full-domain hash of msg over pubkey.N
+]]></artwork></figure>
+
+<t><spanx style="verb">fdh</spanx> is calculated based on HKDF-Mod from <xref target="hkdf-mod"/> as follows:</t>
+
+<figure><artwork><![CDATA[
+info = 0x5253412d46444120465470735721 ("RSA-FDA FTpsW!" encoded as UTF-8)
+salt = length(pubkey.N) | length(pubkey.e) | pubkey.N | pubkey.e
+fdh = HKDF-Mod(pubkey.N, salt, msg, info)
+]]></artwork></figure>
+
+<t>The resulting <spanx style="verb">fdh</spanx> can be used to test against a malicious RSA pubkey
+by verifying that the greatest common denominator (gcd) of <spanx style="verb">fdh</spanx> and <spanx style="verb">pubkey.N</spanx> is 1.</t>
 
 </section>
 <section anchor="clause-schnorr"><name>Clause-Schnorr</name>
@@ -330,7 +352,7 @@ do until OKM < N:
 
 
 
-<?line 217?>
+<?line 239?>
 
 <section anchor="change-log"><name>Change log</name>
 
@@ -348,50 +370,56 @@ Education and Research (BMBF) within the project Concrete Contracts.</t>
   </back>
 
 <!-- ##markdown-source:
-H4sIAAAAAAAAA81YbVMbyRH+vr+iY3+REq2QBMigM6nwYgwFyC6D6z5wJBp2
-R9Icq52t2VmE7MO/7L7lj+XpmdGrudSlkkpCUdLuTL9N99Pd04rjOHrs0XYU
-WWUz2aNXN2NJ7/uf6UZk0tBHo61OdPYqSnWSiwkoUiOGNh5V0pbJWE9jy4Rx
-EQijRFg50mbWI5UPdRSpwvTImqq0nVZrv9WJpto8jIyuCqZIZSHxkduotEaK
-yfrag5yBOu1FRDE5Pe4pMbPC6pERxXjmFmQiyrF7KsRsAs4yil7To8wr2cMD
-kZGF7tHY2qLsbW2NlG2O8iqXtqnNaCsr0xZMa2J5y1FnOEJpl/QgeIF+K4pE
-ZcfawLwYyom8f67Ug86Eovd//9V7yO2BsUc3n0/oxMgSh6PPuXqUplR2RnpI
-NzIZ5zrTo5mjFvf3Rj4yw5zeLbOPJAw7k9lkrDP7BQtNarfcZgJRvTXyRKew
-5yRutVvd/bBS5ZZj816aici9MjkRKuvRxNvdXET2L7aKUy+umcooyjV4LKzm
-eHw6Pe60WzvhcXevux8eu51tt3p2cXIK5R/Om+0W/ltvtvbf7MXbcXenE7d3
-QBW/+dv2Dgivz64XdN1WZ2+rf3590zw9/3jdbO+14h1ACEBaqI6iOI7hIBxd
-JDaKfrqlm6Mf6ac7vzFRaZpJDv85TqrTKrFK52tkR3IqjCQ7FhYfqiRAu2LU
-EJ5Lq7KMGKOxyhnVI3igJJGnNBEzODC3QuUkjdGmbEafS0kQM9OVIT3Nyajy
-4Q+sva+t8JpjGgj6he4HBEdqIAtKJQviTMkdESNA0FTZMd0z8/ES4CpBDqqJ
-4sMzqjc3z4B8Oq1yd0xH8BoePYw7u136+rocCzw8R9G3b9+isFyblKM6xX+m
-MSdNdJ4Xle05IGCDv5CCWKIJzi1Gkm3LZD6CbZf0ljp/7bZJJ1Zyjn2o7IKZ
-pTkhgS1VIyQRcw/Vk0znMtjeS8D/gLY7czlsXDRgAQMOAbtHO8nMPT+MKKlA
-QbqW/qS002w3aJc/uvzBAeo2O8xxG1B411y6Y7fd8e7Aw4o78PbvuqPd2f3P
-+KO787v9waf53h8d9keH/bE998fOP/GH82oNldkBMZ0v1xd+it3e/6m3NtBz
-s/RRcFyiDTK30HkKD2rnxKEykLngZOkv+zaVQ5VDKxL969cAmueed4SVkwL6
-V/0ROesPiLduW73t9p03CjVgtcxoxMune6qGQ9R+Gho9mUvaCiBf0X2L0njH
-D2ylylEDROY99SiySiKcXA+ugssO0YxQxFTidRyj+Id6cHZ1eIyojidiHk1e
-idmZNbTYBgx/si6qcAXiUrAAH5ezEJdkreg4G4ah6Pi6FZy4Hqc1gECTA0gp
-EyOte12iQzCrQHTmnEzJZi0hlQorXKE098oKMwus6ziCGRS+Q0w3LPK5hW2X
-WonIkipz8N9wfehvd8HJF7D2RBr16J27UXC517GDH9Lhs8ciq4Ok32CjGnPU
-qSq9Nn/XUtxm8FpagTAuGsNt6K93kXO0neqAH+5Ya5EAoLRxYHn35LqjqwLv
-ngr+Kq0s+JBlNeLUCsdkO+560YC/48A1YLtKGjiQAJ0A56BB07HKJM0JWeQm
-HQA8oFoybCJpHNae680ANzDVSpHZBp1fXDXczbBBlw5yHy6uAkxKH0KmcyF0
-MATi3YJDPNUE5TqPA4QMjEACua36D455+aeGILWEDv6oUplCqe/v4EM5EHyX
-UvmIHYzC+0UajW7OfDBwpY4BpUyFyweiKLLI7wz1moF8KWCosptFUWTzFCwL
-magh8mVxgdH5hpW1BCG/xx3CmRAHsHrb6o72MlCGLdgbsL1hGoczVMQNFW8P
-qLO7+0fUvQPaa3db9fWU+RAO/Ftya1B5GUTXv6u2zP1dIg11lulpGSrmx08X
-0LyKsCUW6r56nPkCOq+/tdWuWI9Yx0IAI68GkSso2hThGttqqwhmz1M1vtIp
-roGCs0/76uoyeK3su2R+bvjSvah1gF1lcpeobJUr7oyqicg4hfGeI5YjXNYQ
-VjWivJrcY72/kgisvdZv0EY+vJwM/XkUl8J+oD4K4NplcomNPhuP7XItlf7X
-ufQ7kum/kE3/GurXQtpfAT4wgv35ZQNyXCdJJRgnHj7W9flHmc3ofg4y4Wcv
-LvO+kasvnCvWWdqIpmPUcxok60MC13rfFks1yvnw6Awbt5elWMKA6gaX+xnu
-HZibMS47s+ckB9TCGE94UZlzwFvqe288hfzaLNKYW5IGJVJlNQZdubVXry/c
-d+CAWL5goVuGfU/LoRPq/3RA7XkiYj7K46MMwz5dg1Egq+a3lXcpqlV731G9
-THF6chZ/uj70L8eZQBuKr3l+NoanJw6S76h+VFr8iOFE/ohikRoxFfzK1+fK
-8Ax+jPYJbPsLWhnmxRM3L2KUPOwffkeBE/AVjIfOe5E8uLkNWMFNDGM8vx0m
-D7meZjId+Z8kvvZ8Asv04NVQZKV89bym54YrDQeQpq5PF4U2oU8XwsCrMxdw
-P7rTqWRbMroCnoBwvkxF7zDu+mTh5PkkSylMMqba0dXRqS+T4TKJTP4ZgwOf
-ibNf8oOrzEjcfwCjuSQQExIAAA==
+H4sIAAAAAAAAA81YW3PbuhF+56/Y47xIrShLsiQ7OnGnjh3HnsRKJnYmDzlu
+DZEQhZoiOCRoWUmdX9a3/rF+C4C6JadzOu20zWQsEtgbdr+9gGEYBg8jOggC
+o0wqR7R3M5P0evyRbkQqC3pfaKMjne4FsY4yMQdFXIipCZNKmjKa6UVomDDM
+PWEQCSMTXSxHpLKpDgKVFyMyRVWaXqfzvNMLFrq4Twpd5UwRy1ziT2aC0hRS
+zLfX7uUS1PEoIArJ6rFPUbHMjU4Kkc+WdkFGopzZp1ws5+Asg+AZPciskiM8
+EBUy1yOaGZOXo/39RJl2klWZNG1dJPtpGXdgWhvL+5Y6xRFKs6YHwQ/o94NA
+VGamC5gXQjmR88+VutepUPT6739zHrJ7YBzRzcczOitkicPRx0w9yKJUZkl6
+SjcymmU61cnSUovJpJAPzFDT22X2kYRhFzKdz3RqvmChTd2O3YwgarRFHukY
+9pyFnW5n+NyvVJnh2LyWxVxkTpmcC5WOaO7sbq8i+0dThbET145lEGQaPAZW
+czw+nJ/2up2+fxwcDZ/7x2HvwK5evDk7h/J3l+1uB/87h/vPD4/Cg3DY74Xd
+PqjCwz8f9EF4fXG9oht2ekf748vrm/b55fvrdveoE/YBIQBppToIwjCEg3B0
+EZkg+OUz3bz8RL/cuo25iuNUcvgvcVIdV5FROtsieykXopBkZsLgjyoJ0K4Y
+NYTn0qg0JcZoqDJGdQIPlCSymOZiCQdmRqiMZFHoomwHH0tJELPUVUF6kVGh
+yvufWPtYG+E0h3Qn6K80uSM4UgNZUCpZEGdKZokYAYIWysxowsyna4CrCDmo
+5ooPz6je3bwA8um8yuwxLcEzePQk7A2G9PVZORN4eAqCb9++BX65MS+TJoV/
+oBknTXCZ5ZUZWSBgg3+QgliiOc4tEsm2pTJLYNtbekG9Pw27pCMjOcfeVWbF
+zNKsEM8WqwRJxNxT9SjjWgbb+xbwP6aDXi2HjQvuWMAdh4Ddo61k5q4PI0rK
+UZCupTsp9dvdFg34z5D/cICG7R5zfPYovG2v3THo9pw78LDhDrz9u+7o9gb/
+GX8M+7/ZH3ya7/3RY3/02B8HtT/6/8Qf1qsNVGYLxLhebq78FNq9/1Nv7aDn
+Zu0j77hIF8jcXGcxPKitE6eqgMwVJ0v/sW9jOVUZtCLRv371oHkaOUcYOc+h
+f9MfgbX+mHjrc2d00L11RqEGbJYZjXi5dI/VdIraT9NCz2tJ+x7kG7o/ozTe
+8gNbqTLUAJE6Tz2ItJIIJ9eDK++yEzQjFDEVOR2nKP6+HlxcnZwiqrO5qKPJ
+KyE7s4EW24Lhj8ZGFa5AXHIW4OJy4eMSbRUda8PUFx1Xt7wTt+O0BRBosgAp
+ZVRIY1/X6BDMKhCdmpMp2aw1pGJhhC2UxUQZUSw96zaOYAb5Xx/THYtcbmHb
+plYk0qhKLfx3XO/726138htYeyYL9eCcu1Nwudexg+/j6ZPDIquDpF9howZz
+NKkqnTY3ayluM3gtjUAYV43hs++vt4F1tFlojx/uWFuRAKB0YcHy6tF2R1sF
+Xj3m/FMamfMhyyrh1PLHZDtuR8Ed/4ae647tKunOggToBDjvWrSYqVRSTcgi
+d+kA4DtqRNM2ksZi7anZ9nADU6MUqWnR5Zurlp0MW/TWQu7dmysPk9KFkOls
+CC0MgXi7YBFPDUGZzkIPoQJGIIHsVvNny7z+p6YgNYQO/qBiGUOp6+/gQzkQ
+PEupLGEHo/B+kYVGN2c+GLhRx4BSpsLwgSiKNHA7U71lIA8FDFV2s8jztE7B
+MpeRmiJfVgOMznasbEQI+QQzhDUh9GB1tjUt7VtP6bdgr8f2jmkcTl8Rd1S8
+OKbeYPA71L1jOuoOO83tlHnnD/xrchtQ+daLbn5XbZn7u0Sa6jTVi9JXzPcf
+3kDzJsLWWGi66nHhCmhdfxubXbEZsI6VAEZeAyI3ULQrwja2zVbhza5TNbzS
+McZAwdmnXXW1GbxV9m0yP7Vc6V7VOsCuKjKbqGyVLe6MqrlIOYXxniGWCYY1
+hFUllFXzCdbHG4nA2hvjFu3kw4+TYVxHcS3sZxqjAG4Nk2tsjNl4bJdbqfS/
+zqXfkEz/hWz611C/FdLxBvCBEezXwwbk2E4SSzDOHXyM7fMPMl3SpAaZcHcv
+LvOukasvnCvGWtoKFjPUc7qLti8JXOtdWyxVkvHh0Rl2ppe1WMIF1V5cJkvM
+Hbg347psza5JjqmDazzhRaXWAS9o7Lzx6PNrt0jj3hK1KJIqbTDoyv2jZnPl
+vmMLxPIHFtpl2Pe4vnRC/e+PqVsnIu5HWfgyxWWfrsEokFX1tPIqRrXqPrdU
+P6b4cH0Snp9duMP5Fx7EWpRXEwTSptI0nm2nUj2g+hHTrjl6Yon8DKzZuQQQ
+LBVugg7Tc9wi06pEbjEkPZl8xGjJHVhu4wpqrZZplaYhMoovi7ZJsyBYoHHp
+92rbYz+NgGd3Glnhpq4YblZ0ZSmERU9P3xdaGzEE+XHQGxz0u724P+z38dvp
+Dwf9w87hweCw16XGnnPZCZ3f5OWnn/ZIZvylwFbujzfn4VEzsGXi2NeVRm1u
+E3DYXpK8VG+vH2XAbjheGb+SUFc9Gyxb9dZ5hfBWqfW5c4jPZTsj8QDP9wGR
+CJ6PkE3IThUpjbD42EF+MFkS3KumNpX94C0JN3j7QQdhnc95+kaGIVOFwbDU
+SKK4ybFxOjnAd7WxNiZdf2k6TQUsCa/5M01R8CWdbXaDm7uRr76VWeR+Qk+K
+C7EQ/Mq3tKrgTz2njKzY3wNK/1nizH6WeEaXJ+OT7yiQKDzp87eNiYju7ecB
+lCQM/KlO+O0kus/0IpVx4r58fR25PiHj472pSEu597Sl54YbGtcJWthxMM91
+4cfBXBRI3qX1mvtCROeSbUnpCmULhZRn9uBVXPmazP76IEspimhGjZdXL89d
+N/Z3FjSMv+B+ymfiJiP5wQ4A6A//AK8YASV6FAAA
 
 -->

	lsd0009 LSD0009: The GNU Taler Protocol
	Log \| Files \| Refs \| README

M	draft-guetschow-taler-protocol.md	\|	24	+++++++++++++++++++++++-
M	draft-guetschow-taler-protocol.xml	\|	120	+++++++++++++++++++++++++++++++++++++++++++++++++------------------------------