Re: [Cfrg] Re-review of the four balanced PAKEs
Björn Haase <bjoern.haase@endress.com> Thu, 24 October 2019 16:22 UTC
Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D754012011C for <cfrg@ietfa.amsl.com>; Thu, 24 Oct 2019 09:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=JZa67D8i; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=JEcb0WJJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1D7bcYbxXpq7 for <cfrg@ietfa.amsl.com>; Thu, 24 Oct 2019 09:21:59 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140052.outbound.protection.outlook.com [40.107.14.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B2EF1201AA for <cfrg@irtf.org>; Thu, 24 Oct 2019 09:21:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JBHAHa3yunVnEtvPjqLzbRnQc7TfpCfVo9GAyugWR60=; b=JZa67D8immLCPzW33/hHX5DgypfScIDY7/1CDtQxWLW+f0YBV0jnYv4NUd4dmD/WnWVRQtxAC5cs+/4h+EOb1wcmLoIVbipZ84Aq+tGhNPectbUKOTrTaa2fkc27Sob043bWi/Hcv8sngrJ0e27BxfApOeMe8H58OfYlIIQIrAk=
Received: from AM6PR0502CA0020.eurprd05.prod.outlook.com (2603:10a6:209:1::33) by DB7PR05MB4234.eurprd05.prod.outlook.com (2603:10a6:5:24::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.24; Thu, 24 Oct 2019 16:21:56 +0000
Received: from VE1EUR03FT049.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::208) by AM6PR0502CA0020.outlook.office365.com (2603:10a6:209:1::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22 via Frontend Transport; Thu, 24 Oct 2019 16:21:55 +0000
Authentication-Results: spf=pass (sender IP is 52.233.195.251) smtp.mailfrom=endress.com; irtf.org; dkim=fail (body hash did not verify) header.d=endress.com;irtf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 52.233.195.251 as permitted sender) receiver=protection.outlook.com; client-ip=52.233.195.251; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (52.233.195.251) by VE1EUR03FT049.mail.protection.outlook.com (10.152.19.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Thu, 24 Oct 2019 16:21:55 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Thu, 24 Oct 2019 18:21:54 +0200
Received: from EUR04-HE1-obe.outbound.protection.outlook.com ([104.47.13.53]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Thu, 24 Oct 2019 18:21:52 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ilpncBIeVorJxRJzl6TbbZ5FT4SJN1zO+hLrSrPr3AdB2FnvhBPpPJauxzMU6LDyCViisUZ4vi+SyYgyLM0XEj+OvIF+0Wp0VEGay2w/wgGLZTo0a+IHtiwczM4f7MeNOzMAjRokGN8s0WtYd2kNeGivSg4TyydlnyjSh0bry/qjy0Nzx45W7+GIFBUZfFXT5HyET2qc/uW499DeeHOYnF+sgKCT9dGB4oF4ycgQZNBRozAqIEsT4unKs6AYJHt9x5+YDMvqdfKhFP+xblo7aC2pwc+31Aioo8E98NU1orWRrtsE9zb4w83CetTYl3sxvYijuPQzHhK+7lfYFICwZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HZqAeYetKIhG4UCtUC8ZaFQadCu82O9VA9vqSPDEt4E=; b=HIr8QraNCLuAEul0AkjAScAJvnXRhGxAkjcq/Y3pAsFmJ+ngNgtavrgbMKXzBGdnT43UaoamtjEaCzf3Z4skmi6QFRSCUXshbRNijNskg8Dkx8bOpwjp+qaxd7tOzEciPDUa+EbJpBz9HQWSw1O2W6/4427LbfKiAKxTNBSQXYsxpbvweqiB+ozo9IP7s9HA0UMqki9lSwU9SG4CnaXpFST/iuQrUqflIzIEmK6qeX1PaINBoKclQRgRaHaSzZ7mm4jjFRsebgEyp8TNpZlod5dt0BC3JlCezDltB4s/YNGZ/VTIewlMuShUdCB53G9i9z5CwuQwgKWPbk2y5/7ajA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=endress.com; dmarc=pass action=none header.from=endress.com; dkim=pass header.d=endress.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HZqAeYetKIhG4UCtUC8ZaFQadCu82O9VA9vqSPDEt4E=; b=JEcb0WJJHpIFSqH3hlBcvF1dRVdPVuXC4uFeBG9rxzbnrteZhAyejee/shEjRG8dqPAag5g0E+eRqSig4Pl0zdsXQpMgZzVvv5RsfvfAaz0MO6SBM36hgZN3Gg5OoZYYnSdRWtcBfwN6cY/ClWPDRCDGilPvZi3GYt/PYBzeOlA=
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com (10.169.135.11) by VI1PR0501MB2223.eurprd05.prod.outlook.com (10.169.134.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Thu, 24 Oct 2019 16:21:52 +0000
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::d80e:9b04:5c7:8b6e]) by VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::d80e:9b04:5c7:8b6e%8]) with mapi id 15.20.2367.025; Thu, 24 Oct 2019 16:21:52 +0000
From: Björn Haase <bjoern.haase@endress.com>
To: Paul Grubbs <pag225@cornell.edu>, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Re-review of the four balanced PAKEs
Thread-Index: AdWKfpeNyowtemLATmKh32ioCi5OfQAB0c2AAAAMyoA=
Content-Class:
Date: Thu, 24 Oct 2019 16:21:52 +0000
Message-ID: <VI1PR0501MB22554D1AD154D03EEEED418A836A0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
References: <BN8PR11MB36665D2F38B0E91D734A96CFC16A0@BN8PR11MB3666.namprd11.prod.outlook.com> <CAKDPBw-fKQ_-GSCu=GHpEZjfv1WfqsTnK_DYPw-7akNGYm3tnA@mail.gmail.com>
In-Reply-To: <CAKDPBw-fKQ_-GSCu=GHpEZjfv1WfqsTnK_DYPw-7akNGYm3tnA@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-10-24T16:21:50.4622614Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=e679e8eb-f62b-4c89-a1a4-98f0ae63cda6; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=bjoern.haase@endress.com;
x-originating-ip: [62.154.199.77]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 3890b1d6-00d2-46b2-c89f-08d7589e4980
X-MS-TrafficTypeDiagnostic: VI1PR0501MB2223:|DB7PR05MB4234:
X-Microsoft-Antispam-PRVS: <DB7PR05MB42344098810DFEFEBF20B177836A0@DB7PR05MB4234.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 0200DDA8BE
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(376002)(136003)(346002)(39860400002)(199004)(189003)(76116006)(81166006)(81156014)(66066001)(4326008)(66476007)(66446008)(64756008)(66556008)(6436002)(5660300002)(52536014)(66946007)(478600001)(9686003)(6306002)(54896002)(4744005)(74316002)(19627235002)(8676002)(85182001)(296002)(316002)(55016002)(110136005)(8936002)(25786009)(256004)(76176011)(71200400001)(71190400001)(14454004)(2171002)(3846002)(102836004)(33656002)(790700001)(6116002)(11346002)(446003)(85202003)(186003)(99286004)(476003)(86362001)(2906002)(6506007)(26005)(7736002)(486006)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0501MB2223; H:VI1PR0501MB2255.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: endress.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 4xJHvkQOTER3cwKa9LJxkilCCxM09FshskJQnZoWQcH72c1w8OuaDO25buen531iOaJHzXzUUBvWatdfdUavReHO74WDy79CMNKTF2B06eKNrPOzlm02xwJ8oDJQgYpkwi69VQtTB+M/I71eqsbnaHNYRmkd3+7e8HneQ8mht5P4+hF9DDXto//xuJCTeZV7bAurZZZzRTB8I4GVDEzPM0zexxBVHjYX1GauIlG6uaXR+KBTY9ksU/w0nHHYNgfr1yLsyui54LcQ+ChMk/hE9vzBgYgYYs9ZBwQ/S/0v7ygakLWxFmkBxk/7h4KG3vD2djhMEBgtz7JwgyK+vI86h3nawziI0+I116vh3YQUTgkxVBTP3+RQmu+u2ExaMELn1x7ys1E8s9g6tPt81qkg1znm7ANO4Yb/dT4EotrlWyxZ1Dxjl2ILbF0aeZfXIfoF
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR0501MB22554D1AD154D03EEEED418A836A0VI1PR0501MB2255_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0501MB2223
X-OriginalArrivalTime: 24 Oct 2019 16:21:52.0709 (UTC) FILETIME=[253A3F50:01D58A87]
X-Trailer: 1
X-GBS-PROC: 3GiqwA1uv9gzso7Er5NCsYEYN3mHhvjcEuXdyyosGGs=
X-GRP-TAN: IQWE02@34093288B76440A9A8B8725746F43CD2
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT049.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:52.233.195.251; IPV:CAL; CTRY:NL; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(346002)(376002)(199004)(26234003)(189003)(336012)(70206006)(15974865002)(8936002)(76130400001)(356004)(4326008)(66574012)(25786009)(106002)(478600001)(85182001)(14444005)(33656002)(19627235002)(606006)(16586007)(9686003)(14454004)(316002)(86362001)(85202003)(55016002)(54896002)(74316002)(7696005)(76176011)(2906002)(70586007)(33964004)(5660300002)(99286004)(102836004)(486006)(6506007)(26005)(2171002)(66066001)(81156014)(81166006)(790700001)(71190400001)(8676002)(6116002)(6306002)(11346002)(476003)(7736002)(186003)(52536014)(446003)(236005)(3846002)(26826003)(110136005)(126002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR05MB4234; H:iqsuite.endress.com; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: b3d70793-bc62-4b4b-f501-08d7589e47bc
X-MS-Exchange-PUrlCount: 3
X-Forefront-PRVS: 0200DDA8BE
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: OtxY7nyxTKMiuqnFQeBEvhj/zUYAF7Cv/gF7WIZqw3E9dXKAyQx2sRxmbfbIyq827gE2bRlRF2F4MuyW5FngOAcOEq4lSx7x+1/zwO2KqRZL25VWWQfIfZ2RAZGSKcaEX+M27qQowZKZSq77f+XjlhoGB8ofdXnfZ30RKocVq+69xjloTVRZsDeJ6jsf5xffEycH+KtrSz6pA2B09ro9qa4eTPMEEe61fEKIBzqpYZEQxgMEtOcLmMhqgr3pqxGLH3BXp5nvy90ufyTUYH20wAO2IA57gotuUp9wgGoqVWVDtDNDylUXC4FrIRk4JQYDa+FvWBc50pgh8LhGbfAb9WvVk/GIjoaU0dtBpQTK+QHT0zgUi1a6W1CfEWdG6kwmOE6ARFFl6e3GP2Vu6EoflZL8Fy1hCQ+WYuLxL4swNG8y/S+u4Nk/r1mMd6kakpwvVDfE071xxTEvHqff7bWKBRzgVkjUEfLYua8W6If5Chw=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2019 16:21:55.6637 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3890b1d6-00d2-46b2-c89f-08d7589e4980
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[52.233.195.251]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR05MB4234
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4UGf8nwsePSWMk65vfShNtKVjSE>
Subject: Re: [Cfrg] Re-review of the four balanced PAKEs
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 16:22:05 -0000
Hello Paul, I am fairly convinced that Scott did mean to refer to an offline-attack. >While the M and N values in the SPAKE-2 RFC are claimed to be generated in a NUMS manner, the issue still remains that if someone were to be able to >solve a single ECDLog problem, they could then perform an on-line dictionary attack against anyone using that parameter set. It’s the same topic that has also be referred to as “Trusted setup” issue. Among the candidates, VTBPEKE and SPAKE-2 do have this issue J-PAKE and the protocols that use mappings don’t use special points and don’t have it. Basically, when the discrete logarithm of the chosen points becomes known, the adversary is able to mount offline attacks for VTBPEKE and SPAKE-2. Yours, Björn. Mit freundlichen Grüßen I Best Regards Dr. Björn Haase Senior Expert Electronics | TGREH Electronics Hardware Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany Phone: +49 7156 209 377 | Fax: +49 7156 209 221 bjoern.haase@endress.com | www.conducta.endress.com Endress+Hauser Conducta GmbH+Co.KG Amtsgericht Stuttgart HRA 201908 Sitz der Gesellschaft: Gerlingen Persönlich haftende Gesellschafterin: Endress+Hauser Conducta Verwaltungsgesellschaft mbH Sitz der Gesellschaft: Gerlingen Amtsgericht Stuttgart HRA 201929 Geschäftsführer: Dr. Manfred Jagiella Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben. Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach. Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
- [Cfrg] Re-review of the four balanced PAKEs Scott Fluhrer (sfluhrer)
- Re: [Cfrg] Re-review of the four balanced PAKEs Björn Haase
- Re: [Cfrg] Re-review of the four balanced PAKEs Paul Grubbs
- Re: [Cfrg] Re-review of the four balanced PAKEs Scott Arciszewski
- Re: [Cfrg] Re-review of the four balanced PAKEs Hao, Feng
- Re: [Cfrg] Re-review of the four balanced PAKEs Björn Haase
- Re: [Cfrg] Re-review of the four balanced PAKEs Scott Fluhrer (sfluhrer)