IETF Logo Mail Archive

[Cfrg] HPKE, message lengths, and IND-CCA2

John Mattsson <john.mattsson@ericsson.com> Fri, 23 October 2020 08:53 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9FE3A0A80 for <cfrg@ietfa.amsl.com>; Fri, 23 Oct 2020 01:53:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1rnKe86COPJD for <cfrg@ietfa.amsl.com>; Fri, 23 Oct 2020 01:53:56 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80041.outbound.protection.outlook.com [40.107.8.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23F073A0A82 for <cfrg@ietf.org>; Fri, 23 Oct 2020 01:53:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n7mIS6eEjqbJfzDQUJiLkKhopdqqUkJydJJKPFpsVV8pHx7kVbootiZ9wCkWlVe/TZ/sx4ntFTeRzSIahlzqSod8/kUK7scV+SVlPA8CU7n78O4uO24vxjqLZZHVCipOC6nZZwPFJTtBd5y/C7LYmzIF4YxBwvSS+11UxgHakPJcy8bUQdmXGXNT7V7H1rc4ZeUFSFOJGb28ytkHfLUlQULfdXddFWf34G8G1L5ji482QlgN8heNMw4abfvXpxegRvUtOK30ouJ1PIaCoQSgeLrTwlJr6G7zbCAP8wacbMNPSQOtYRURJkETLipgzOC9sS28NvQ1aRGWXQFi4M+U9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rmp9slIXc19tWbKiZDl1V5q0PciXDRXIBGZ8uPjzpjA=; b=TfsWjFMM4CxYDOvw+qzioltwEqX/bW/MW8p6k2gPRrfraxbN5lNLZ/0Jeas5/4nxgpDi+c+I+hWOy6aXAbp9ga5dur758uJPY43gideVmPHA47v7IhpcJSmEM1CWvVdNOyUR2jh7HkUomCDG76pJIKBngWpBBaWl8EYfPQyslIorVUZVhXX4vdmfRK6AxrUlYGzdGQ0u6CKbHLHgGL7Xpyltdp0eKO/V325JeMb9HsVyfmhR4/awDkrr45AW3bd6CqGwYLscuypdi9si9Kv1jGldEVB+c1CuWb6C/D27obBO2S93EQNvy1yPfc4DWaTsknhv3Q4s/2qWJ0X9GHkePA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rmp9slIXc19tWbKiZDl1V5q0PciXDRXIBGZ8uPjzpjA=; b=lZ7NL/TxlxzQkuK51u2PUyPecb9MoiWoGMiXaSkjpUWxBGTzcBVJiz7b8DRevFNZn/+gt1itCIxT2TVBsseYdiJdnBVucSnOjWuvhOZCSgzkAnKyWoR2fkGMHe61Q0oRwtW6lM8f22DiNP139SXLc7HFBX8ieLRpRzUCHIOIIlQ=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM6PR07MB3877.eurprd07.prod.outlook.com (2603:10a6:209:39::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.8; Fri, 23 Oct 2020 08:53:53 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::951:a4c3:7f39:e39c]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::951:a4c3:7f39:e39c%5]) with mapi id 15.20.3499.015; Fri, 23 Oct 2020 08:53:53 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: HPKE, message lengths, and IND-CCA2
Thread-Index: AQHWqRoIcf98Ch0U9E2yqWaidpfqqw==
Date: Fri, 23 Oct 2020 08:53:53 +0000
Message-ID: <D699F2B4-A7A1-476A-BB8A-CEA91988E843@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 284bef1f-ffef-4795-d6a9-08d877312b5c
x-ms-traffictypediagnostic: AM6PR07MB3877:
x-microsoft-antispam-prvs: <AM6PR07MB3877D48B8118C90D2FEC5A4E891A0@AM6PR07MB3877.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7aZCLRb6zFf8WqgJBhxndtwkjocp+cXT8hiMJjQcQ97ESesduzJD58vAt8jGunXi1gj+onj4B5D+pdd7Gs93tQB/1yVR1GtkkBACcCvcCYU+gsD1xTktsn1TiLlLMuC3T6C/OezXDGlnwbciIKmRZuLMFpvkWe5Cgt9zyes/xP7SmU9/wxLDoOpSXBqpWXuc0YQIE5F4LOYaTJvAsxCCv0qwq0MI1x+Ig7lmJ6/uSX4shSJI2C13HtRkZYKEzp8fjmh9ZV+hYdbJjdwroPZE6pnb2QxUYO2Ev/HCRAaxFi5tsk/JzfnME41TvNgM4dWY/RTSvNeqH0NzluwJ/VnYsXq/2QTr5owEN28JhZ7xIw3+pCoEL08YpW4S9qFZ8UuJyVeEIhTsRy2s/M5sXi1qZ1YV8aAnj3jGp5RuXMmaQp+y21IBTjoU3f7/osy5wFAQsyq7DiK7mgx8YmYXBxlljw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(376002)(39860400002)(136003)(346002)(4744005)(6916009)(316002)(36756003)(44832011)(966005)(478600001)(8936002)(71200400001)(33656002)(186003)(66476007)(66946007)(64756008)(66446008)(15650500001)(26005)(8676002)(6512007)(5660300002)(2906002)(43170500006)(6486002)(76116006)(83380400001)(86362001)(6506007)(66556008)(2616005)(91956017); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: q6/AaaLcGDzRiwqFKfTTYTMkMdtCZRmAmVzAkaMkN97ZwBOgAKmc0idXrKsxDjmimhGGwSJG+myQ6B08eUbvL8V907E8CtXAsFAmAif5uBRTGU0O8jOp4L4RO0+NNYN5/70zL7B9+tARxs91zuQq7G1MUiCKVF1U9y8bUFz54kwYAkLaUwlhK5lG3GF5N3bEm0n61JRpBcQQYtlnAbLBetiuSDg/KvTIAWd75kgvbsKuJc8LWVxeuLONcQ5C0AyBc87ChuMgKRBbP6OH49Wxjraym56xscyWmnb6DVl004V64vi2wDekK4jO+DtBPVvqXn9w7DgWqVVaXYbxlPs0slR/Ny3vk8aoQRaVgzpy9Bz6lYZqSW0EFPfngWPaM+/QuhUyXoBbifStnJCka1dCtRWCKCb+RWBjdZ50hqCQkuftFtvjtw9btxNgPyPV/oLps/w5s57GI3NKKDlLWLSKJt74PoHvNXKxp7cL8YFaF0JLyTAuCzwSuGqxojEXpDWn/cqIOnCEcV7eksryfjRiX+syr7Gr+MNgRhlDKayMgtMu8wJYwoZLVXnFnZccwIndNyDLou9VBHgQYU668SuNaqaOPt+r1dv7gtMshSSJkXGgKbQkRk5xsyMHLbGVyvpPifseY+RWy/mWEPNYsjrGqA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <A17FAD1DBDAE9E408659D2E22E788FEA@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 284bef1f-ffef-4795-d6a9-08d877312b5c
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2020 08:53:53.6912 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xmE0PYnf1HOytS4D7llVgh1bQghIP9XpZMT6ZciAYLtjWXDUs+Prq/H3RAu1cC/XzvUY6cNXHKBSuYEOYjIiXNYMcNN5h8YPmzE+QKfLkxQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB3877
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/67D-qlKwuGsGY_H_ImGoTWnGjnM>
Subject: [Cfrg] HPKE, message lengths, and IND-CCA2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2020 08:53:58 -0000

HI,

While the theoretical IND-CCA2 game assumes that the attacker generates messages with a fixed lengths, this is not very realistic in reality where messages often has variable length. It would be good to inform the reader that the specified mechanism does nothing to hide the length of the encrypted message, and if this is a concern, the user needs to use a padding mechanism The draft could also e.g. suggest how to do padding, e.g. the bit padding mechanism combined with one of the padding policies from

https://tools.ietf.org/html/draft-ietf-tls-esni-08
https://tools.ietf.org/html/rfc8467

Cheers,
John

v2.23.0 | Report a Bug | By Email