Re: [Cfrg] [CFRG] PAKE selection process: Update on documentation regarding CPace and AuCPace

["Björn Haase" <Bjoern.M.Haase@web.de>]

 

>Is everything going as planned with your preparation of replies for the Round 2 questions?

 

Mostly. I will not be able to finalize all of the aspects that I wanted to cover myself, but I am confident to finish the most important topics by sunday.

 

Regarding the proofs, I will be reworking the following aspects

 

- Firstly I have added a discussion according to the guidelines given by Ran-Canetti regarding establishment of a session ID only by the initator of the protocol.

 

- Secondly, as Stanislav Jarecki has correctly pointed out, the CPace proof actually needs a different assumption set for the proof. CDH alone is not sufficient, but we need exactly the same SDH problem as used by VTBPEKE and analyzed by Pointcheval and Wang in their paper. In fact this is not actually astonishing that TBPEKE and CPace both need SDH, since both protocols have SPEKE at their core.

 

- The third aspect is that I believe that the method used by Jarecki, Krawczyk and Xu that they presented in their latest OPAQUE paper revision (with Interrupt queries and delayed test password queries) is superiour to the relaxed functionality that I did use in the last revision of the CPace proof. I am reworking this subcomponent.

 

My plan was to prepare two things by sunday. Firstly a second paper for an implicitly authenticated version of AuCPace and, secondly, a rework the present AuCPace paper with the explicitly authenticated protocol (with Ta and Tb messages) (including a proper latex version of the .csv style simulator description on the PAKE github).

 

I will most likely be able to finish the first aspect by sunday (implicit authentication version paper) but maybe not the second aspect.

 

Yours,

 

Björn

Gesendet: Freitag, 07. Februar 2020 um 20:13 Uhr
Von: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
An: "Björn Haase" <Bjoern.M.Haase@web.de>
Cc: "cfrgirtf.org" <cfrg@irtf.org>
Betreff: Re: [Cfrg] [CFRG] PAKE selection process: Update on documentation regarding CPace and AuCPace

Dear Björn,

 

Many thanks for the notice!

 

Is everything going as planned with your preparation of replies for the Round 2 questions?

 

Regards,

Stanislav

 

пт, 7 февр. 2020 г. в 22:05, "Björn Haase" <Bjoern.M.Haase@web.de>:

Hi CFRG,

I would like to give notice of the changes in documentation regarding CPace and AuCPace.
 
https://tools.ietf.org/html/draft-haase-aucpace-01" target="_blank" rel="nofollow">https://tools.ietf.org/html/draft-haase-aucpace-01
https://tools.ietf.org/html/draft-haase-cpace-01" target="_blank" rel="nofollow">https://tools.ietf.org/html/draft-haase-cpace-01

Differences in the CPace draft 01:

The CPace text is slightly rephrased and now refers to the acronym SDH as the
simultaneous Diffie-Hellmann problem (as defined and analyzed in the VTBPEKE paper).
Notation has been modified at some places in order to be in line with a reworked
paper with the security proof that considers the last recommendations of round 1.
(To be submitted this week-end).

Differences in the AuCPace draft 01:
 
I have added the process of AuCPace-authenticated transactions, such as useful for
change-passwords and "sudo"-style transactions. I moreover have fixed a bug in the
test vector section that stemmed from the fact that some python implementations of
scrypt seem to have problems with non-ASCII characters in the salt field.

Moreover, I have setup a repository with reference implementations for SageMath and C.
Code is available at
https://github.com/BjoernMHaase/AuCPace" target="_blank" rel="nofollow">https://github.com/BjoernMHaase/AuCPace

Yours,

Björn.

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg" target="_blank" rel="nofollow">https://www.irtf.org/mailman/listinfo/cfrg