You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is confusing to think about when you have "pre-hash" in both the raw
crypto layer, and the protocol layer.
I like to think about this problem from the perspective of what a client
can do.
Let the message / payload be a 1 TB LLM model.
Case 1
With HashML-DSA-65-SHA-256 and "normal cose-sign1" the client can do the
following:
Set the protected header to be { alg: HashML-DSA-65-SHA-256 } // crypto
layer pre-hash
Construct the Sig_structure as defined in https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : 1 TB LLM Model ]
Hash the Sig_structure with SHA-256
Send the result to a remote KMS...
A sha-256 hash moves over the network.
Server does not see protocol metadata / Sig_structure... cannot enforce
policy on it.
Client receives a raw HashML-DSA-65-SHA-256 signature...
Construct a complete cose-sign1
Case 2
With ML-DSA-65 and "COSE Hash Envelope" the client can do the following:
Hash the 1 TB payload to produce a sha-256 hash.
Set the protected header to be { alg: ML-DSA-65, payload_hash: SHA-256 }
// protocol layer pre-hash
Construct the Sig_structure as defined in https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : bytes (sha-256 hash) ]
Send the result to a remote KMS...
Protocol data structure moves over the network, and is larger than sha-256
hash.
Server sees the protocol metadata / Sig_structure... can enforce policy on
it.
Client receives a raw HashML-DSA-65 signature...
Construct a complete cose-sign1
Case 3
With HashML-DSA-65-SHA-256 and "COSE Hash Envelope" the client can do the
following:
Hash the 1 TB payload to produce a sha-256 hash.
Set the protected header to be { alg: HashML-DSA-65-SHA-256, payload_hash:
SHA-256 } // crypto and protocol layer pre hashing
Construct the Sig_structure as defined in https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : bytes (sha-256 hash) ]
Hash the Sig_structure with SHA-256
Send the result to a remote KMS...
A sha-256 hash moves over the network.
Server does not see protocol metadata / Sig_structure... cannot enforce
policy on it.
Client receives a raw HashML-DSA-65-SHA-256 signature...
Construct a complete cose-sign1
This is confusing to think about when you have "pre-hash" in both the raw
crypto layer, and the protocol layer.
I like to think about this problem from the perspective of what a client
can do.
Let the message / payload be a 1 TB LLM model.
Case 1
With HashML-DSA-65-SHA-256 and "normal cose-sign1" the client can do the
following:
Set the protected header to be { alg: HashML-DSA-65-SHA-256 } // crypto
layer pre-hash
Construct the Sig_structure as defined in
https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : 1 TB LLM Model ]
Hash the Sig_structure with SHA-256
Send the result to a remote KMS...
A sha-256 hash moves over the network.
Server does not see protocol metadata / Sig_structure... cannot enforce
policy on it.
Client receives a raw HashML-DSA-65-SHA-256 signature...
Construct a complete cose-sign1
Case 2
With ML-DSA-65 and "COSE Hash Envelope" the client can do the following:
Hash the 1 TB payload to produce a sha-256 hash.
Set the protected header to be { alg: ML-DSA-65, payload_hash: SHA-256 }
// protocol layer pre-hash
Construct the Sig_structure as defined in
https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : bytes (sha-256 hash) ]
Send the result to a remote KMS...
Protocol data structure moves over the network, and is larger than sha-256
hash.
Server sees the protocol metadata / Sig_structure... can enforce policy on
it.
Client receives a raw HashML-DSA-65 signature...
Construct a complete cose-sign1
Case 3
With HashML-DSA-65-SHA-256 and "COSE Hash Envelope" the client can do the
following:
Hash the 1 TB payload to produce a sha-256 hash.
Set the protected header to be { alg: HashML-DSA-65-SHA-256, payload_hash:
SHA-256 } // crypto and protocol layer pre hashing
Construct the Sig_structure as defined in
https://datatracker.ietf.org/doc/html/rfc9052#section-4.4-4
Result is Sig_structure = [ context : "Signature1", protected_header:
bytes, payload : bytes (sha-256 hash) ]
Hash the Sig_structure with SHA-256
Send the result to a remote KMS...
A sha-256 hash moves over the network.
Server does not see protocol metadata / Sig_structure... cannot enforce
policy on it.
Client receives a raw HashML-DSA-65-SHA-256 signature...
Construct a complete cose-sign1
The text was updated successfully, but these errors were encountered: