Re: [Cfrg] Call for adoption for draft-wood-cfrg-aead-limits
Dan Harkins <dharkins@lounge.org> Sat, 25 July 2020 02:46 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349783A112B for <cfrg@ietfa.amsl.com>; Fri, 24 Jul 2020 19:46:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgAjERA1VBMM for <cfrg@ietfa.amsl.com>; Fri, 24 Jul 2020 19:46:56 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F7EA3A1127 for <cfrg@irtf.org>; Fri, 24 Jul 2020 19:46:56 -0700 (PDT)
Received: from trixy.bergandi.net (cpe-76-93-158-174.san.res.rr.com [76.93.158.174]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTP id <0QE00894A7Q8GH@wwwlocal.goatley.com> for cfrg@irtf.org; Fri, 24 Jul 2020 21:46:56 -0500 (CDT)
Received: from thinny.local ([69.12.173.8]) by trixy.bergandi.net (PMDF V6.7-x01 #2433) with ESMTPSA id <0QE000DG87LA5A@trixy.bergandi.net> for cfrg@irtf.org; Fri, 24 Jul 2020 19:43:59 -0700 (PDT)
Received: from 69-12-173-8.static.dsltransport.net ([69.12.173.8] EXTERNAL) (EHLO thinny.local) with TLS/SSL by trixy.bergandi.net ([10.0.42.18]) (PreciseMail V3.3); Fri, 24 Jul 2020 19:43:59 -0700
Date: Fri, 24 Jul 2020 19:46:54 -0700
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <9faed709-58bd-4720-b132-d5e8256dd49f@www.fastmail.com>
To: cfrg@irtf.org
Message-id: <932316cb-7df0-b59a-c673-3579f9f4b8df@lounge.org>
MIME-version: 1.0
Content-type: text/plain; charset="utf-8"; format="flowed"
Content-language: en-US
Content-transfer-encoding: 8bit
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=69.12.173.8)
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [69.12.173.8] (EHLO thinny.local)
References: <CAMr0u6kb1_o_DEuz=xDdkLF4zXARem3_mbwECLhu7E0TzZcwcQ@mail.gmail.com> <CACEhwkSyYAGUQkSy6KPz8tCaYRQsP=KqPFsYH2f+DjWCkG8OCQ@mail.gmail.com> <9faed709-58bd-4720-b132-d5e8256dd49f@www.fastmail.com>
X-PMAS-Software: PreciseMail V3.3 [200723] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-dtmJZooBkI4ip7EUuQG0hb61Ao>
Subject: Re: [Cfrg] Call for adoption for draft-wood-cfrg-aead-limits
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2020 02:46:58 -0000
Hello, I very much support adoption of this draft. But as I mentioned on the virtual meeting I'd like to see some analysis on the impact that the amount of AAD has on the integrity (and if applicable, the encryption) bound. I know this draft is motivated by the use of AEAD algorithms with QUIC and TLS where the AAD will be a fraction of the ciphertext, but it should address other uses of AEAD algorithms that may do things differently. regards, Dan On 7/22/20 8:48 PM, Martin Thomson wrote: > On Thu, Jul 23, 2020, at 05:32, Mihir Bellare wrote: >> A question about this. Shouldn't the integrity bound of 5.1.2 also >> depend on the number q of encryption attempts? Comparing to Eq. (15) of >> reference [GCMProofs], it seems the draft has set q=0. I was wondering >> what is the reason for that choice. > q as defined in the draft is the number of encryption attempts, so yes, q is indeed relevant. In the analysis we did for QUIC there were cases where this resulted in a limited that affected q as much as it did v (or q' as used in the paper). > > The authors have been discussing moving to an analysis based on https://eprint.iacr.org/2018/993 instead. Assuming that goes ahead, we'll have a different result to report there. > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Call for adoption for draft-wood-cfrg-aead… Stanislav V. Smyshlyaev
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Paterson Kenneth
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Salz, Rich
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Dmitry Belyavsky
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Russ Housley
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… David McGrew (mcgrew)
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Loganaden Velvindron
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Mihir Bellare
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Martin Thomson
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Dan Harkins
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Joseph Salowey
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Martin Thomson
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Hal Murray
- Re: [Cfrg] Call for adoption for draft-wood-cfrg-… Stanislav V. Smyshlyaev