Re: [CFRG] Extract-and-expand with KMAC
rsw@jfet.org Wed, 18 November 2020 17:54 UTC
Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51DDC3A03AA for <cfrg@ietfa.amsl.com>; Wed, 18 Nov 2020 09:54:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgShMWZ-PxaV for <cfrg@ietfa.amsl.com>; Wed, 18 Nov 2020 09:54:37 -0800 (PST)
Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DDEE3A0EFC for <cfrg@irtf.org>; Wed, 18 Nov 2020 09:53:33 -0800 (PST)
Received: by mail-oi1-f173.google.com with SMTP id w145so3118536oie.9 for <cfrg@irtf.org>; Wed, 18 Nov 2020 09:53:33 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=PL4cSeerevTaVz2DGylSHvjkhYDLGZ8cV1NpHh0UFtc=; b=M1OylCCSocDUT1YfzBxPaS3wW3oPSWuwt+Io9wsq/Zm39Z1QYnNEPlPVDABBeacfps LhIF20cgeI0ciOdxlDCSwnPcTEJ3dtacTkXxXj+mdDM1myPALxCRbiAwWzlL8AQAzKwK 2prHxTlwKNzZzW6mUDRvor2uWYSNzSNpx0HtXr5P//gClx4W1DNQvjcSIurY3g7QwAbF fyA3CEtcebazOQBtvSZnn2hnBCKoLg/VOjQTUuOgHm4nIcwDdEHoT58imEYzWVEGBPFg Ges994/cM3OAkG1CGVNL+pJM/01lo0et/24WChzpJg8f5k0X3+Wl7DjcL7nfhMfNZWOu 1w5Q==
X-Gm-Message-State: AOAM5304PG74QP2U4sOF5Ouz+7aPHwRZzFsFbvFig8qUwh0H3LdRzAQV 3V8LptPmU+aJxjqbTfvHsJdfjQP5Org=
X-Google-Smtp-Source: ABdhPJyncbpA+KTV7fz5+vzLY44TGx59Sg16C5teWfjRxJr2EKIgdP7uMbWAVAPHbk5CMhXwdV7y/Q==
X-Received: by 2002:aca:4989:: with SMTP id w131mr198312oia.82.1605722012395; Wed, 18 Nov 2020 09:53:32 -0800 (PST)
Received: from localhost (76-226-64-225.lightspeed.sntcca.sbcglobal.net. [76.226.64.225]) by smtp.gmail.com with ESMTPSA id 68sm7773584oto.71.2020.11.18.09.53.30 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 18 Nov 2020 09:53:31 -0800 (PST)
Date: Wed, 18 Nov 2020 09:53:30 -0800
From: rsw@jfet.org
To: Gilles VAN ASSCHE <gilles.vanassche@st.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, John Mattsson <john.mattsson@ericsson.com>, CFRG <cfrg@irtf.org>
Message-ID: <20201118175330.nt4nb4jqvzsjtmjw@muon>
References: <467DD0FC-FF7F-453F-98B2-ADC7F0F976B1@ericsson.com> <20201115163535.GA3384456@LK-Perkele-VII> <AM9PR10MB43541E50ABC210C17630FBFCF2E10@AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AM9PR10MB43541E50ABC210C17630FBFCF2E10@AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/6ZqdKDUQyHuPc2rdreKEs2pBJ98>
Subject: Re: [CFRG] Extract-and-expand with KMAC
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 17:54:38 -0000
Gilles VAN ASSCHE <gilles.vanassche@st.com> wrote: > This solution is not incompatible with the case where an intermediate > value PRK is required: (salt ; IKM) is padded to take a whole number > of blocks, and PRK is the state value after absorbing it. I'll admit I am stating the obvious, but: while this proposal works technically, it requires access to implementation internals that may not always be available. (In particular: the SHAKE API, to my knowledge, does not include the ability to save and reload state. I'm aware that some implementations *do* provide this functionality, but strictly speaking it violates the contract. This could lead to implementation issues down the road.) Best, -=rsw
- [CFRG] Extract-and-expand with KMAC John Mattsson
- Re: [CFRG] Extract-and-expand with KMAC John Mattsson
- Re: [CFRG] Extract-and-expand with KMAC Ilari Liusvaara
- Re: [CFRG] Extract-and-expand with KMAC Jonathan Hammell
- Re: [CFRG] Extract-and-expand with KMAC Ruggero SUSELLA
- Re: [CFRG] Extract-and-expand with KMAC Gilles VAN ASSCHE
- Re: [CFRG] Extract-and-expand with KMAC rsw
- Re: [CFRG] Extract-and-expand with KMAC Dang, Quynh H. (Fed)
- Re: [CFRG] Extract-and-expand with KMAC rsw@jfet.org
- Re: [CFRG] Extract-and-expand with KMAC Gilles VAN ASSCHE