ECDSA with SHAKE128/SHAKE256 using truncated digests #348
Comments
|
I'm pasting in info from @LikelyLee below (see #349 (comment)):
Current situation:
Expected behavior:
|
|
Thanks for reporting this @dghgit and @LikelyLee. The output lengths for SHAKE and ECDSA was something we addressed in a previous release, but we appear to have reverted those changes. We'll get this fixed and deployed in a release as soon as possible. |
Several curves and hashes were missing for FIPS 186-5 Note that currently ECDSA with SHAKE 128 is broken on the ACVP-Server: usnistgov/ACVP-Server#348
Several curves and hashes were missing for FIPS 186-5 Note that currently ECDSA with SHAKE 128 is broken on the ACVP-Server: usnistgov/ACVP-Server#348
|
Hi @dghgit, @LikelyLee, we just deployed the fix for this issue to Demo as part of the v1.1.0.36 release. Would either of you be able to test it to confirm? Thank you. |
|
@livebe01 Confirmed, works for us! Thanks, David. |
|
Great, thank you David! |
|
The fix for this has been deployed to ACVTS Prod as part of the v1.1.0.36 release. |
SHAKE variants of the ECDSA signature algorithms appear to be using truncated digests.
We've found we can pass on demo by truncating SHAKE128 to 16 bytes and SHAKE256 to 32 bytes.
FIPS PUB 186-5 Section 6.4 states "An approved hash function or an XOF shall be used during the generation of digital signatures.
Approved XOFs are SHAKE128 and SHAKE256, which are specified in FIPS 202. When SHAKE128 or SHAKE256 is used as an XOF in Sections 6.4.1 and 6.4.2 below, its output length shall be 256 or 512 bits, respectively."
The text was updated successfully, but these errors were encountered: