Re: [Cfrg] using hash2curve in a protocol

Björn Haase <bjoern.haase@endress.com> Fri, 26 July 2019 08:07 UTC

Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 599E61202C5 for <cfrg@ietfa.amsl.com>; Fri, 26 Jul 2019 01:07:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=ltCabIna; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=EoiJVa4f
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbK5Y7PS8vhS for <cfrg@ietfa.amsl.com>; Fri, 26 Jul 2019 01:07:12 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10048.outbound.protection.outlook.com [40.107.1.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EBC81202C3 for <cfrg@irtf.org>; Fri, 26 Jul 2019 01:07:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SOKAzAHRJFzKDRJE9ouThhD48w1OoGmMW6tNMVC43f0=; b=ltCabInaru7MJY4XKbXKiq+byi/2k2edo2sJ7Xjpnwxo0u6UbQwEeFdXsvDFrUEFJhBQolUAgHhAze/Y2ZI5VyAC+HfNLsfGFJtFRFvAchGvhMTcU6O8FL9vEYq6DdQEYUO4uin4mf5LsVX8D1BlnPBHT/xUL2EkUymlUgLn6nk=
Received: from DB7PR05CA0067.eurprd05.prod.outlook.com (2603:10a6:10:2e::44) by VI1PR0502MB3936.eurprd05.prod.outlook.com (2603:10a6:803:10::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Fri, 26 Jul 2019 08:07:08 +0000
Received: from AM5EUR03FT058.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::205) by DB7PR05CA0067.outlook.office365.com (2603:10a6:10:2e::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2094.14 via Frontend Transport; Fri, 26 Jul 2019 08:07:08 +0000
Authentication-Results: spf=pass (sender IP is 13.79.242.66) smtp.mailfrom=endress.com; irtf.org; dkim=fail (body hash did not verify) header.d=endress.com;irtf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 13.79.242.66 as permitted sender) receiver=protection.outlook.com; client-ip=13.79.242.66; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (13.79.242.66) by AM5EUR03FT058.mail.protection.outlook.com (10.152.17.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Fri, 26 Jul 2019 08:07:08 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Fri, 26 Jul 2019 10:07:07 +0200
Received: from EUR04-VI1-obe.outbound.protection.outlook.com ([104.47.14.58]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Fri, 26 Jul 2019 10:07:07 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XLGHCrsgUw2LBE2rsHiHWHA4dvtIxPBVVPv7utMcmSWOX6Cy5xw+leFFzXD19kmvGfi7ppj9izZ+3Kp8/AgcErMCU06vMc1gIT4OKqiglrmw6cjq2nKPHdc5/rkY4pF7xwNPXQQJfkJ/0Aehf3YGCq82E3ZXAuqO34DNibUkFType910+5Ji7kB/Xq2MKFd75SuhgZKK5xiWKamfcDhKOWUccpJpbzNf3EjP16t38pgrPITeWJSVY5Ef3isImK1H/7Pbx56god+Fd8/nSR153eLtAmjhPUwMGnbzGqaYI+uR7VH56aNQU6QmKfo2opmdMn5SA1y92IbaxPMKd5z24Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6O1Vjuyr9OT2c9ttHlq85RRMwrIr/8ZO6TdsfhAZmQk=; b=OTtRN8fd4NZCDYcvok6GjeLYctcgdOFNNqiNRVTbD5A8ZIX8G3XOySUhXO+K6IVFkDXwbPjUmxnf4EcU14/sPuZmLsA74g4zSU9zJKk+aSv01+GGtq0BHgQfFLpiFlCQ9MJIXNxgsL7OAJWNm4dDIJtzWLe0kFDARRrrBSiDswZlzpSGpnhsU72CyitG/kruL3tz0nrfno+/fdyijB1aAzGBXOqsAc3tDyB5Q+4FXyBtnCDjgOdk9rkth9fQoPe9iTn+SrLhM43NQ9a7XivaDx34OG82QS+oetAKq0BTd/sbVTD83WMd5pSSVWVWO9QxGDPqGYT2ERC60tz57zb+Jw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=endress.com;dmarc=pass action=none header.from=endress.com;dkim=pass header.d=endress.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6O1Vjuyr9OT2c9ttHlq85RRMwrIr/8ZO6TdsfhAZmQk=; b=EoiJVa4f3lgCp16XKWCWfoLYJsenX4N61hEzspntTJFw3tSUeCs1QXG3pgkfpjD3HGgGPAb8PfwpE1Je9BR9P/0V3kmXa/9DEWWObed6ot7KI9Jjpnbv0NzqyTHHZtV34g34Hb7uRcFYXRdj01jK565dTgLQQ9xqyjeo3TaIflY=
Received: from AM4PR0501MB2242.eurprd05.prod.outlook.com (10.167.123.144) by AM4PR0501MB2787.eurprd05.prod.outlook.com (10.172.216.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Fri, 26 Jul 2019 08:07:06 +0000
Received: from AM4PR0501MB2242.eurprd05.prod.outlook.com ([fe80::bd1c:dfa1:d0bb:6e03]) by AM4PR0501MB2242.eurprd05.prod.outlook.com ([fe80::bd1c:dfa1:d0bb:6e03%9]) with mapi id 15.20.2094.013; Fri, 26 Jul 2019 08:07:06 +0000
From: =?Windows-1252?Q?Bj=F6rn_Haase?= <bjoern.haase@endress.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] using hash2curve in a protocol
Thread-Index: AdVDiPYp5L+erSrCRx6uJBjFwpW4vA==
Date: Fri, 26 Jul 2019 08:07:06 +0000
Message-ID: <AM4PR0501MB22423BCC5B27902E9F8E04A483C00@AM4PR0501MB2242.eurprd05.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-07-26T07:54:08.0611433Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=23c9b726-c598-4835-a033-57ebe57a1ff4; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=bjoern.haase@endress.com;
x-originating-ip: [193.158.100.19]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: aaf0895e-fa68-4626-b2a2-08d711a0412d
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:AM4PR0501MB2787;
X-MS-TrafficTypeDiagnostic: AM4PR0501MB2787:|VI1PR0502MB3936:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <VI1PR0502MB3936C29435F168853FC20C3D83C00@VI1PR0502MB3936.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 01106E96F6
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(366004)(396003)(39860400002)(346002)(199004)(189003)(66946007)(6436002)(8936002)(6916009)(229853002)(476003)(66446008)(81166006)(81156014)(14444005)(33656002)(6506007)(74316002)(2501003)(5640700003)(71190400001)(186003)(102836004)(486006)(2906002)(71200400001)(1730700003)(66066001)(99286004)(68736007)(316002)(7696005)(14454004)(5660300002)(53936002)(6306002)(86362001)(9686003)(478600001)(55016002)(966005)(8676002)(64756008)(45776006)(26005)(3846002)(256004)(66476007)(7736002)(25786009)(6116002)(305945005)(2351001)(52536014)(76116006)(66556008); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0501MB2787; H:AM4PR0501MB2242.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: endress.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: vCCilJGlJNXQEmzBX6DME/hkMXKHPlHrzkVLtjP+v2IGg6QzK2UromDpW/fq/wA0Z/jw73g4RkPUdNvt2+9N3BSt83UWuT2ecwScLxxqZ0S5Y+1cHTADC8spZddIUFlHLGJC/+cY/obJndgwGuv/obtUF9Fo9tG2lv9T1ABFIegoQRw+PeDssNyYlnwmi2NEAm57LfcY7PxyCGl+nQbYVPrr1XHPZsXVP/HK6pjmbsBQpIfUBkhALbVWs5cdm6I3n8//KLtTUsfyIfpNdJC02xYeprpVfZSiHfmVWjABhtsTcc4Xm0kc8UiLi/1Ird148cW+EasHcO06lYMvQlAcSc0jHFOANvN2OGb3iFBC9gBA4EERxMOmifnowKWGacr/V2heOKJnBHId5H3O9U7PHLpafuCwGAbDoOSS0wtMjQ8=
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0501MB2787
X-OriginalArrivalTime: 26 Jul 2019 08:07:07.0201 (UTC) FILETIME=[1E1BB310:01D54389]
X-Trailer: 1
X-GBS-PROC: pjdUDgD50Duv7nGNurBPMcOZko9K9HPI0S9jc6nPZGI=
X-GRP-TAN: IQNE02@31526C43EA88447DA48993AF504A60A1
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT058.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:13.79.242.66; IPV:CAL; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(346002)(396003)(39860400002)(2980300002)(199004)(189003)(26234003)(15974865002)(8676002)(74316002)(69596002)(316002)(2906002)(356004)(966005)(106002)(47776003)(50466002)(1730700003)(8746002)(486006)(14444005)(6506007)(7736002)(66066001)(8936002)(99286004)(6116002)(305945005)(186003)(3846002)(476003)(81166006)(68736007)(336012)(102836004)(5660300002)(9686003)(45776006)(55016002)(126002)(23746002)(76130400001)(2501003)(14454004)(2351001)(6916009)(26826003)(478600001)(52536014)(25786009)(70586007)(229853002)(86362001)(6306002)(70206006)(33656002)(53936002)(6246003)(81156014)(26005)(7696005)(66574012)(5640700003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0502MB3936; H:iqsuite.endress.com; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: a59f7779-5b53-49bf-7388-08d711a04005
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:VI1PR0502MB3936;
X-Forefront-PRVS: 01106E96F6
X-Microsoft-Antispam-Message-Info: aQhEyZkedG8wSvMVYWkxNTN4Q7vjnwo1nNbonHQUnXjwZJ0CWBXgF8TXZEgycBrRbKKFkR4hhZ8CF7OzVLyT01CrG0qas+nVZ4rBg/uB9+jLXQ75HetZC8/f0RcSEWWgKyy4hqUk0sFnTZ8x0XPnM+3prjoOLOV90bVZ2F7+ni0TtkVy3DknMzYl21sXVqFZvjlBpvebOyosIae+CxxfqwNbiEWVSuGHHO0Fk7pYJK/jXkhvN7X1do2JQ9rzUqFS/3NZFeG/YqnM1o/rzs2oAqva89haiBgqRNBZWtvt0ZuLXnvFuqp7dmHQbQGq6BezFHUQJ+d+8DPwrYeBzpdiwuD7oCimFkZBSZNze3fik4V0fPKgXkd1KE7olf2vDeihUr3E1NGuxOJJPiz7HkJk4T7B67AXxTwgOs6TnMYFOEg=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jul 2019 08:07:08.1597 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: aaf0895e-fa68-4626-b2a2-08d711a0412d
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[13.79.242.66]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0502MB3936
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/1y356oQ92D3jgOvEdtURETBTcaU>
Subject: Re: [Cfrg] using hash2curve in a protocol
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 08:07:14 -0000

>Why not use a PAKE that comes out of the competition?
Yes. Note that in my earlier post I did not refer to my own CPace suggestion but to a "SPEKE-based construction". This was not a typing mistake but intention.

My point was rather: If we spend efforts on writing a RFC, we might be better off using a new efficient construction rather than using an approach which is more complex because of patent circumventions for patents that already have expired.

Apart of that: Yes, I believe that CPace would be a secure candidate protocol, just as TBPEKE. With TBPEKE, we don't have the session ID complexity and don't need to bother with the mappings but it needs some form of trusted setup and is a bit less efficient. Since the paper of Jose Becarra, Dimiter Ostrev and Marjan Skrobot https://eprint.iacr.org/2019/351 also SPAKE2 might do IMO. This one however would be somewhat more complex. The only advantage of SPAKE2 in comparison with SPEKE-based constructions might have been in the past that it was not covered by the SPEKE patents.






Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 

Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com |  www.conducta.endress.com 



Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 

Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.