Re: [Cfrg] Fwd: Rev RFC 7539?

John Mattsson <> Wed, 18 January 2017 15:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2C106129489 for <>; Wed, 18 Jan 2017 07:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gQUuQ0vJY6-N for <>; Wed, 18 Jan 2017 07:39:34 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 08F8012948B for <>; Wed, 18 Jan 2017 07:39:33 -0800 (PST)
X-AuditID: c1b4fb25-9cfc898000002ee9-ea-587f8c34aad4
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 09.12.12009.43C8F785; Wed, 18 Jan 2017 16:39:32 +0100 (CET)
Received: from ([]) by ([]) with mapi id 14.03.0319.002; Wed, 18 Jan 2017 16:39:11 +0100
From: John Mattsson <>
To: "Paterson, Kenny" <>, Yoav Nir <>, IRTF CFRG <>
Thread-Topic: [Cfrg] Fwd: Rev RFC 7539?
Thread-Index: AQHSbO0yanP4VK3KwkmmPh8qpORx7qE8fSmAgAHrAYA=
Date: Wed, 18 Jan 2017 15:39:10 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLIsWRmVeSWpSXmKPExsUyM2J7oK5JT32EwblFfBbdPw4yWXTdOclq sfTYByYHZo+ds+6ye0zeeJjN48vrVWwBzFFcNimpOZllqUX6dglcGW0dRxgLLmhXTL/dx9zA eECri5GTQ0LARKJ5+hr2LkYuDiGBdYwS257MY4RwljBKrGk6xAZSxSZgIDF3TwOYLSKQJ7Fq w3IWEFtYQF2i6d9hFoi4hkT3xWdQNVYSx+b/BLNZBFQlPhxbwgpi8wqYSyxpnMMCsWAOo8Tp PwuAEhwcnECJXz/UQWoYBcQkvp9awwRiMwuIS9x6Mp8J4lIBiSV7zjND2KISLx//A5spKqAn sfz5Gqi4ksSK7ZcYQUYyC2hKrN+lDzHGWuJY3x9mCFtRYkr3Q3aIcwQlTs58wjKBUWwWkm2z ELpnIemehaR7FpLuBYysqxhFi1OLk3LTjYz1Uosyk4uL8/P08lJLNjECI+3glt+qOxgvv3E8 xCjAwajEw/uhqT5CiDWxrLgy9xCjBAezkgjvmw6gEG9KYmVValF+fFFpTmrxIUZpDhYlcV6z lffDhQTSE0tSs1NTC1KLYLJMHJxSDYzMfifkt7BGHjg6Z1nWZuNZqttPHNc0fsM6P8Wdb+mK V118pv5rjkfXbnlTmlIlva3Mx6mxe+82hobKhRPe/mv606C4btfxSB+9GSvarjxJy1a3F2k8 ZyTbf97j8yKb+VvtObZKHt6Xq7d09ZpD2x78SjMsXM5a2tFpPqVF/bCMYI5WtV2UaLwSS3FG oqEWc1FxIgAry3/asAIAAA==
Archived-At: <>
Subject: Re: [Cfrg] Fwd: Rev RFC 7539?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Jan 2017 15:39:36 -0000


Looks good.

Some comments:

- "RFC 7539, The predecessor of this document, did not introduce any new
   crypto, but was meant to serve as a stable reference and an
   implementation guide.  It was a product of the Crypto Forum Research
   Group (CFRG).  This document merges the errata filed against RFC 7539
   and adds a little text to the Security Considerations section.”

   I think "did not introduce new crypto" is wrong (nonce length,
    counter length, key derivation, AEAD etc.), I think the paragraph
    can be shortened to something like:

   "This document merges the errata filed against RFC 7539
    and adds a little text to the Security Considerations section."

- ChaCha20-Poly1305 has several good properties that the draft does not
mention. I think the draft should mention that ChaCha20-Poly1305 is Online
and Parallelizable.

- I think the discussions on TLS, IPsec and PRF distracts and would be
better in a separate section or appendix.

More editorial comments:

- OLD: "RFC 7539, The"
  NEW: "RFC 7539, the"

- The following sentences I think should have references:

- OLD "They have been defined in scientific papers by D. J. Bernstein,
       which are referenced by this document"
  NEW "They have been defined in scientific papers by D. J.
       Bernstein [X][Y]"

- OLD "This follows the use of these terms in Professor Bernstein's
  NEW "This follows the use of these terms in Professor Bernstein's
       paper [X]."

- "QUARTERROUND ( 3, 4, 9,14)"
  Spacing around functions are inconsistent (several places).

-       chacha20_block(key, counter, nonce):
         state = constants | key | counter | nonce
         working_state = state
         for i=1 upto 10
         state += working_state
         return serialize(state)

  I suggest changing to:

        chacha20_block(key, counter, nonce):
         state = constants | key | counter | nonce
         inital_state = state
         for i=1 upto 10
         state += initial_state
         return serialize(state)

  This align with text and make the state parameter to actually be state

- "ChaCha20 block operation" vs "ChaCha20 block operation was applied"
  The two bullets have different text.

- "the key"
  Which key?

- OLD "to generate the one-time Poly1305 pseudorandomly"
  NEW "to generate the one-time Poly1305 key pseudorandomly"

- "64-bit cipher" "128-bit cipher" "256-bit cipher"
Could mention that this is block size (not key size)



On 2017-01-17, 12:21, "Cfrg on behalf of Paterson, Kenny"
< on behalf of> wrote:

>Dear Yoav,
>Thanks for your work on this. Alexey and I have are asking the CFRG review
>panel to take a look at the revised document.
>And if anyone else from the CFRG wants to take a look at the document and
>provide comments, that would be great.
>On 12/01/2017 06:24, "Cfrg on behalf of Yoav Nir" <
>on behalf of> wrote:
>>Is there interest in pushing this forward?
>>Begin forwarded message:
>>From: Yoav Nir <>
>>Subject: Re: [Cfrg] Rev RFC 7539?
>>Date: 16 November 2016 at 9:09:11 GMT+2
>>To: Sean Turner <>
>>Cc: IRTF CFRG <>
>>Cycles found.
>>Attached please find two files:
>>  1. rfc7539_long.txt is RFC 7539 with page breaks and page numbers
>> 2. draft-nir-cfrg-rfc7539bis-00.raw.txt
>> is the unpaginated form of the new draft.
>>Couldn’t do much about the boilerplate, but this makes it easy to
>Cfrg mailing list