Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explain the relationship between crypto layer pre-hash and protocol layer pre-hash #26

Closed
OR13 opened this issue Aug 28, 2024 · 2 comments · Fixed by #27
Closed

Explain the relationship between crypto layer pre-hash and protocol layer pre-hash #26

OR13 opened this issue Aug 28, 2024 · 2 comments · Fixed by #27
Assignees
@OR13
Labels
has-pr

Comments

@OR13
Copy link
Collaborator

OR13 commented Aug 28, 2024

This is confusing to think about when you have "pre-hash" in both the raw
crypto layer, and the protocol layer.

I like to think about this problem from the perspective of what a client
can do.

Let the message / payload be a 1 TB LLM model.

Case 1

With HashML-DSA-65-SHA-256 and "normal cose-sign1" the client can do the
following:

Set the protected header to be { alg: HashML-DSA-65-SHA-256 } // crypto
layer pre-hash
Construct the Sig_structure as defined in
https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : 1 TB LLM Model ]
Hash the Sig_structure with SHA-256

Send the result to a remote KMS...
A sha-256 hash moves over the network.
Server does not see protocol metadata / Sig_structure... cannot enforce
policy on it.

Client receives a raw HashML-DSA-65-SHA-256 signature...
Construct a complete cose-sign1

Case 2

With ML-DSA-65 and "COSE Hash Envelope" the client can do the following:

Hash the 1 TB payload to produce a sha-256 hash.

Set the protected header to be { alg: ML-DSA-65, payload_hash: SHA-256 }
// protocol layer pre-hash
Construct the Sig_structure as defined in
https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : bytes (sha-256 hash) ]

Send the result to a remote KMS...
Protocol data structure moves over the network, and is larger than sha-256
hash.
Server sees the protocol metadata / Sig_structure... can enforce policy on
it.

Client receives a raw HashML-DSA-65 signature...
Construct a complete cose-sign1

Case 3

With HashML-DSA-65-SHA-256 and "COSE Hash Envelope" the client can do the
following:

Hash the 1 TB payload to produce a sha-256 hash.

Set the protected header to be { alg: HashML-DSA-65-SHA-256, payload_hash:
SHA-256 } // crypto and protocol layer pre hashing
Construct the Sig_structure as defined in
https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : bytes (sha-256 hash) ]
Hash the Sig_structure with SHA-256

Send the result to a remote KMS...
A sha-256 hash moves over the network.
Server does not see protocol metadata / Sig_structure... cannot enforce
policy on it.

Client receives a raw HashML-DSA-65-SHA-256 signature...
Construct a complete cose-sign1
@henkbirkholz
Copy link
Collaborator

tag! @OR13 is it.

@OR13 OR13 added the has-pr label Oct 16, 2024
@OR13
Copy link
Collaborator Author

OR13 commented Oct 16, 2024

#27

@SteveLasker SteveLasker mentioned this issue Oct 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@OR13 OR13

Labels
has-pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Pre 02 cose-wg/draft-ietf-cose-hash-envelope
2 participants
@OR13 @henkbirkholz