Update draft-irtf-cfrg-det-sigs-with-noise.md

Editorial
cfrg · Feb 28, 2025 · bb2fb0d · bb2fb0d
1 parent aa3a2fe
commit bb2fb0d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/draft-irtf-cfrg-det-sigs-with-noise.md b/draft-irtf-cfrg-det-sigs-with-noise.md
@@ -179,9 +179,10 @@ informative:
         ins: "National Institute of Standards and Technology (NIST)"
     date: October 2019
 
-  Draft-204:
+  FIPS-204:
     target: https://csrc.nist.gov/pubs/fips/204/ipd
-    title: FIPS PUB 204 (Draft)
+    title: Module-Lattice-Based Digital Signature Standard
+    seriesinfo: FIPS 204
     author:
       -
         ins: "National Institute of Standards and Technology (NIST)"
@@ -444,7 +445,7 @@ Side-channel attacks are potential attack vectors for implementations of cryptog
 
 Fault attacks may also be possible without physical access to the device. RowHammer {{RowHammer14}} showed how an attacker to induce DRAM bit-flips in memory areas the attacker should not have access to. Plundervolt {{Plundervolt19}} showed how an attacker with root access can use frequency and voltage scaling interfaces to induce faults that bypass even secure execution technologies. RowHammer can e.g., be used in operating systems with several processes or cloud scenarios with virtualized servers. Protocols like TLS, SSH, and IKEv2 that add a random number to the message to be signed mitigate some types of attacks {{PSSLR17}}.
 
-Government agencies are clearly concerned about these attacks. In {{Notice-186-5}} and {{FIPS-186-5}}, NIST warns about side-channel and fault injection attacks, but states that deterministic ECDSA may be desirable for devices that lack good randomness. The quantum-resistant ML-DSA {{Draft-204}} under standardization by NIST uses hedged signing by default. BSI has published {{BSI}} and researchers from BSI have co-authored two research papers {{ABFJLM17}} {{PSSLR17}} on attacks on deterministic signatures. For many industries it is important to be compliant with both RFCs and government publications, alignment between IETF, NIST, and BSI recommendations would be preferable.
+Government agencies are clearly concerned about these attacks. In {{Notice-186-5}} and {{FIPS-186-5}}, NIST warns about side-channel and fault injection attacks, but states that deterministic ECDSA may be desirable for devices that lack good randomness. The quantum-resistant ML-DSA {{FIPS-204}} standardized by NIST uses hedged signing by default. BSI has published {{BSI}} and researchers from BSI have co-authored two research papers {{ABFJLM17}} {{PSSLR17}} on attacks on deterministic signatures. For many industries it is important to be compliant with both RFCs and government publications, alignment between IETF, NIST, and BSI recommendations would be preferable.
 
 Note that deriving per-message secret number deterministically, is also insecure in a multi-party signature setting {{RFC9591}}.