[Cfrg] Fwd: New Version Notification for draft-barnes-cfrg-hpke-00.txt

Richard Barnes <rlb@ipv.sx> Fri, 18 January 2019 23:09 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C6629131464 for <cfrg@ietfa.amsl.com>; Fri, 18 Jan 2019 15:09:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.04
X-Spam-Status: No, score=-2.04 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Z_IgHKSmXoDn for <cfrg@ietfa.amsl.com>; Fri, 18 Jan 2019 15:09:47 -0800 (PST)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 447CF130EF2 for <cfrg@irtf.org>; Fri, 18 Jan 2019 15:09:47 -0800 (PST)
Received: by mail-oi1-x22f.google.com with SMTP id t204so10267892oie.7 for <cfrg@irtf.org>; Fri, 18 Jan 2019 15:09:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=74IX4ObVZFj/61y9H0h1ADJ0E8fc3rHceQoqwczYXLM=; b=jrdqueaZmeN/B+iXslHKWSzWL5pp3l/nQ/4iE/T/a/TD1J8qWrL2PYGlvsvRX8r5++ PNOacCQX4W8sV9+5dNY2EGowp4hdNGJ12HhCBMcxCbR6B8R65yZ692oFy/irIh1+J4Yt ZDz29DRYOuwNo0DL9I5nwKdyrkUhlZm+Igz4WRaNTOr/MdEL2WAXC5nJwbAGYot/Pnel UHIupf5fjvZLFQobiu+VSLGNQt05gSPsBiCHja8faFl0wDWr7CvoHzxKuWIkTzeLL8E3 kzy4Ktae3sht0PpGiW3GQ4xNyqPaKK7o5BI7AO609cKneNrz86mZJt4HwWL1VFju5CUq aDLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=74IX4ObVZFj/61y9H0h1ADJ0E8fc3rHceQoqwczYXLM=; b=H6GStqzeG8jLS3IqMnJYN9LKUx9Fw6CZmTLDCHwD+8Mbp5vZHN8pg1wdHRlXD5hu/1 76o7TJv6CaBTK2rDMAJfCSPNaH9n8WCljFjnkeNasOLnvCAqwoR3mFMd2SfrfDbRXbS0 84iI3VgrDAXHw4zWALpBUpTe+wE0jK0fNKf7LtpVBhA/WylqGOXlyIXpIG/Gt54LI6kU 2+ZxYZGH1gjcwPMh6Fpo8ErkKXB+3tP9UaVcZi+MS63N3ZXddIDw5BAERbqRHnp0EEiI oQ+Yiyrl//M8Cv/W3cAKgIL9D/ERZvsTnqbaVwW845Qt5p2o40WA8+RDk6C+4AbktcIz qWfQ==
X-Gm-Message-State: AJcUukfOUP9ED3E+B3HtZrGGP+02M32GO5WRE0oI38JDa+BrqrHXuq2n +MQgmK/FlXZbmebwapyZpyrYdZQ2xHLvy1e5t8hEu/KYLZo=
X-Google-Smtp-Source: ALg8bN5uXy7HmaN+N/2w2ywc0MrD+4NHHKBmnjMvzVqIL80ZUF3jfvAttBxKXxFH9axOQXL/BsLkVP9NIQfSUUtjsxg=
X-Received: by 2002:aca:3708:: with SMTP id e8mr619171oia.51.1547852986243; Fri, 18 Jan 2019 15:09:46 -0800 (PST)
MIME-Version: 1.0
References: <154785288662.17422.6708791616711359704.idtracker@ietfa.amsl.com>
In-Reply-To: <154785288662.17422.6708791616711359704.idtracker@ietfa.amsl.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 18 Jan 2019 18:09:34 -0500
Message-ID: <CAL02cgSm_ih91HDDYrJmc1NW164fYiiyt3-uTfhVwHbHJPnxyw@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Cc: Karthik Bhargavan <karthikeyan.bhargavan@inria.fr>
Content-Type: multipart/alternative; boundary="00000000000068f401057fc39b3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/3SXM0I9jVs5i38SyahhMF1Q4fBc>
Subject: [Cfrg] Fwd: New Version Notification for draft-barnes-cfrg-hpke-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 23:09:50 -0000

Hi CFRG folks,

I've just posted this draft that Karthik and I have been working on.  You
may recall my having mentioned it at the IETF in Bangkok; it took us a bit
longer than expected to get our ducks in a row :)

The idea here is to write a clean, easy-to-use spec for hybrid public-key
encryption.  (We're using the name "ECIES", but as the draft notes, the
idea is clearly more general.)  This primitive has come up in IETF work on
MLS and ESNI [0][1], and in several other protocols, e.g., through the NaCl
"box" API [2].  The hope here is to have a single spec that unifies these
ideas and can be the target of formal verification.

I admit that there's a little bit of XKCD#927 here [3], but I think there's
good work to do here in terms of addressing some more modern use cases
(e.g., streaming / multiple encryptions from a single DH) and possibly
enabling better post-quantum support by generalizing to KEM instead of DH.

This is obviously still at -00 quality, but we wanted to go ahead and ask
whether this was a topic of interest to folks in CFRG.


[1] https://tools.ietf.org/html/draft-ietf-tls-esni-02#section-5.1
[2] https://nacl.cr.yp.to/box.html
[3] https://xkcd.com/927/

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Fri, Jan 18, 2019 at 6:08 PM
Subject: New Version Notification for draft-barnes-cfrg-hpke-00.txt
To: Richard L. Barnes <rlb@ipv.sx>, Karthikeyan Bhargavan <

A new version of I-D, draft-barnes-cfrg-hpke-00.txt
has been successfully submitted by Richard L. Barnes and posted to the
IETF repository.

Name:           draft-barnes-cfrg-hpke
Revision:       00
Title:          Hybrid Public Key Encryption
Document date:  2019-01-18
Group:          Individual Submission
Pages:          10
Status:         https://datatracker.ietf.org/doc/draft-barnes-cfrg-hpke/
Htmlized:       https://tools.ietf.org/html/draft-barnes-cfrg-hpke-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-barnes-cfrg-hpke

   This document describes a scheme for hybrid public-key encryption
   (HPKE).  This scheme provides authenticated public key encryption of
   arbitrary-sized plaintexts for a recipient public key.  HPKE works
   for any Diffie-Hellman group and has a strong security proof.  We
   provide instantiations of the scheme using standard and efficient

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat