[Cfrg] WG: Comments on the CPace proof and the CFRG PAKE selection process

Björn Haase <bjoern.haase@endress.com> Wed, 10 June 2020 07:36 UTC

Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1634C3A0F7B for <cfrg@ietfa.amsl.com>; Wed, 10 Jun 2020 00:36:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=r8fNajOl; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=sTEE6Han
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Off8TmPb-VLw for <cfrg@ietfa.amsl.com>; Wed, 10 Jun 2020 00:36:07 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2052.outbound.protection.outlook.com [40.107.21.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0486D3A0F7E for <cfrg@irtf.org>; Wed, 10 Jun 2020 00:36:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dLNJwGELfXQnYBAMqD6ZMA3CdAzqZFXfg1/sNgDXPIE=; b=r8fNajOl46fgkiCJJ5zCOgpPVS845tIyQPGiuVHxKXWz4hfHXdeIQcmMiRGXTc8JnnSTCe23erjXOyoJieSM9W70AsTxBDLRXstuMAGi3CbwLyrUOvLJYNrz3TPDVXgzo0Fo7xoK+TMK1OzuhaFP+9nNh8r7mfJAnZ8FQ8UDPDU=
Received: from DB6PR0402CA0021.eurprd04.prod.outlook.com (2603:10a6:4:91::31) by AM0PR05MB5905.eurprd05.prod.outlook.com (2603:10a6:208:131::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18; Wed, 10 Jun 2020 07:36:04 +0000
Received: from DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:91:cafe::94) by DB6PR0402CA0021.outlook.office365.com (2603:10a6:4:91::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Wed, 10 Jun 2020 07:36:04 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 13.79.242.66) smtp.mailfrom=endress.com; irtf.org; dkim=fail (body hash did not verify) header.d=endress.com;irtf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 13.79.242.66 as permitted sender) receiver=protection.outlook.com; client-ip=13.79.242.66; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (13.79.242.66) by DB5EUR03FT064.mail.protection.outlook.com (10.152.21.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3088.18 via Frontend Transport; Wed, 10 Jun 2020 07:36:03 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Wed, 10 Jun 2020 09:36:02 +0200
Received: from EUR05-AM6-obe.outbound.protection.outlook.com ([104.47.18.108]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Wed, 10 Jun 2020 09:36:02 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M5R/X/LeHdVwgdkR+IQr3mRnPKq2De3w86RWw4hlKPFpUimuvoz/5U+NkEW91YoUGKUOmqFbsZ3pJTx8PHePj0vRdV+Ii2VCoLXdunS31dT2hE+41t6fV5H8FSMy4pG1xxJbj+SpKUkNdwa0T9j6SkjikqxXaM/oJ6hibF3ydAzEJUQknEGuNfuCycSEhsZqGH+kaAktzIuRCKGXmfo/UoaQX9FgyQQJLldXI17cQeHkUhAlI5H2aBrxdR/oguogvh8ZNt94E+71HWzfG47k3knu7dfE8Fpo1obrjz9B+LFNAofvPTCjZ5kd6RPfkku7PYwalI+YyTwA0CjmUKZY1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6LhR0Ugue0TUBw+1mlW6mcC//Vrr3uofGB5j326BIQE=; b=Msa5/j+yu/sb2O9hUlEyUGJ2VM85aG+tGgtxtUZY1KWr/tu3j2rNuzRbIQ79yw95ct2gTRvw2wCBr+wQ+J5RHD6dg5PtL/okr7dCKCD/1EfSzxODZi/vlk7kDgbZIMwGGcI0mSDiQ/yNEA+NaTRfQlMHgBkJ32G6rsf2V9eJ8YwBpUg/pUTvLKwS5ZEw9Ss3etqmJaapvsW3LXLoaEjRJV7n4VbryMZdzGNS6YCNZX6IfR8YKdWB62q4xFR/YZh7bi1q+9eVseMCjI3sAIeNc9dXQAlJ22mZVVij4on+vteiRrDEjXoEz0y9a5C49I/9Pgvhi77S+dC2cgeSZwxASA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=endress.com; dmarc=pass action=none header.from=endress.com; dkim=pass header.d=endress.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6LhR0Ugue0TUBw+1mlW6mcC//Vrr3uofGB5j326BIQE=; b=sTEE6HanWJyfjp/cbf01Vfaai3sq6nPQswO7NZiFBRrbjpBUResmsiymx/0W5feTflDYOQjf9PHmA1C5q1tJKjxO2gIlIkfR1WziCXbD+ROueZjfz00Iz23pNg64v/IPOs6h7iibFswNrmcML9/fCIAA3X/jRLzwEsnv4awhW9U=
Received: from AM0PR05MB4786.eurprd05.prod.outlook.com (2603:10a6:208:b3::15) by AM0PR05MB5891.eurprd05.prod.outlook.com (2603:10a6:208:133::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.20; Wed, 10 Jun 2020 07:36:01 +0000
Received: from AM0PR05MB4786.eurprd05.prod.outlook.com ([fe80::e00a:324b:e95c:750f]) by AM0PR05MB4786.eurprd05.prod.outlook.com ([fe80::e00a:324b:e95c:750f%7]) with mapi id 15.20.3066.023; Wed, 10 Jun 2020 07:36:01 +0000
From: =?utf-8?B?QmrDtnJuIEhhYXNl?= <bjoern.haase@endress.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Comments on the CPace proof and the CFRG PAKE selection process
Thread-Index: AQHWOGXcRoTfZUvFBUOPLbNZGozXjqjKopMAgAWLVYCAADBuMIAAgyaAgACfOjA=
Content-Class:
Date: Wed, 10 Jun 2020 07:36:01 +0000
Message-ID: <AM0PR05MB478691E9D9727449220FD5E383830@AM0PR05MB4786.eurprd05.prod.outlook.com>
References: <05097F26-F564-4817-B121-F4C9547DBFCD@ens.fr> <050425a7-de53-18a6-664e-2879da7cf5f4@web.de> <07293BD9-6F9E-4048-AE0F-40B272000403@live.warwick.ac.uk> <AM0PR05MB47867A4BBA50D21D9B93E52283820@AM0PR05MB4786.eurprd05.prod.outlook.com> <00487315-00F5-46DC-8201-AE8969BEB967@fc.up.pt>
In-Reply-To: <00487315-00F5-46DC-8201-AE8969BEB967@fc.up.pt>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2020-06-10T07:35:59.4722625Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=665be35d-7323-41e8-a03f-763d7246dd75; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=endress.com;
x-originating-ip: [165.225.73.27]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 1a5cfd68-4ec4-4fea-1224-08d80d10edc1
x-ms-traffictypediagnostic: AM0PR05MB5891:|AM0PR05MB5905:
X-Microsoft-Antispam-PRVS: <AM0PR05MB5905B1E277F6ABF133FCB1DA83830@AM0PR05MB5905.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000;
x-forefront-prvs: 0430FA5CB7
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: sbEorOQf3ENj3OWPlWog+U+/dqa+Bttl1IZfiuj2ynemjNLyrkA+o182zOcu4ScA123+un9bZV4v82vph3DOsBezFCnv6NJ4IfT/DBKbcFhA/ZB/Y9GCmVLljZ+JO0VZIPs8XvbbIkX32Q2+SwwZG2bDZvdf8PgRA613t2zigF1bXdHaS0jQhIwSkTb/TSOfd3c5fqG0fZkVt9KGfvy5wsecOOEx3AF+atToSE11rNaqF3qwKZGwbgbdgFh70bTMwkNUrM00c39q+sWtjJYUPX0WV7YulY9c1hXRwyVdwKk2cLF186JXfGEadlS+xLzxnA5ftvPk4pKMh0spvliQE8gR/eR226mt8k/dAINCM7HOkzZs1FW2075rHPyHJFy7I5GNYsFQxf/apyyG96CtFA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR05MB4786.eurprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39860400002)(366004)(376002)(396003)(346002)(66446008)(86362001)(4744005)(7696005)(2906002)(52536014)(8676002)(8936002)(33656002)(26005)(966005)(66946007)(55236004)(186003)(5660300002)(64756008)(316002)(66574014)(478600001)(85182001)(66476007)(6506007)(85202003)(66556008)(76116006)(83380400001)(6916009)(71200400001)(9686003)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: jdRj49bw93bvuPw47lD0Gt3s5b8U58hWBSDnSgCB7zpPPtXJ+jtTn1GHD2/O6i5kOgODfWTvqenGJgKCopvpejlgguqLr1/+mx2RW/k+Onx/oBB81i6k4qNDv4xXMwiWO4qCDQIc/I29gsh+NyP8I/IzVY+SYnAchyeomWJNp5cU1FjaMf4AR/Fag/aGHk3ZdHT5NITlxdG55xssdYFSWz0zYtvfQ4TMPbJ6LOeVJ5FrU0GzvzCkyIAYRD8cFxRn+0rJtrldjfMJIQ707ujNjotphwR671t/5ARhoDs7HLCjcWjyIQ2zUXCc8kjz8Z0Zh1tTFrrJAbKWAI5Gyhpz6ze16R1JOQ0wKBYX+eEWWq43ZHFuUBY4B5LH2jGK9pQl81Swll6FcD++OM0zbyK9CSWbwLAHvoONI5XyrRj5aG3UrOoCykM3VL7/4Uj2ehId4IoJFgVWYPaLKKk5uXE+C4wJonHiW1xzRqpobhbhRjY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR05MB5891
X-OriginalArrivalTime: 10 Jun 2020 07:36:02.0216 (UTC) FILETIME=[CAAD9280:01D63EF9]
X-Trailer: 1
X-GBS-PROC: OT+CgPIUXq1iEofT1iginWvXfC8y/C9tGjy3oiVy2MY=
X-GRP-TAN: IQNE02@39592CB340A24CBAA60A33395E591F0A
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:13.79.242.66; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:iqsuite.endress.com; PTR:InfoDomainNonexistent; CAT:NONE; SFTY:; SFS:(4636009)(346002)(396003)(136003)(376002)(39860400002)(46966005)(15974865002)(8676002)(7696005)(8936002)(85202003)(85182001)(186003)(2906002)(6506007)(26005)(82740400003)(9686003)(47076004)(33656002)(83380400001)(66574014)(336012)(52536014)(966005)(82310400002)(6916009)(81166007)(86362001)(55016002)(356005)(478600001)(316002)(70206006)(70586007)(5660300002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 8157759b-521d-4bf8-e18d-08d80d10ecd7
X-Forefront-PRVS: 0430FA5CB7
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: WMLa3R/kXShJmDhARidftA+dj13/u1FKn5GVhZcjNSCwIPZP5hdIX8zz1RbLZgp2MVxbmsnSDf/oGFKwuL7aqCbtpGu2sVo9udewg1ZVvRXflwBDbN4ibZ24KiseBHK8SJeNQKGJ7IgVs9MWxBtzwRT+Kvviba6kURg66ZwAJEoyIQZGpz/N2Kq3Kn7gH7GecVKhYfPypBDwTyRgOAuIXslj7gnnp0wy2FgSyuis+ae+DVdjWL9C4Dkc7cQK21eAp/ongN2dqGRNrM+BVLeTOnPkZJ0eLampdJINPAzyQfh7P9/yWa/OirBB5vCpSrBjXPN3qv25xakY8AB3/0W5VMJ9W2SWgSpJyQ1j7l0UHfNceNelEeapssrsBWi9D+D1ldQf4f5a4Q+TpEKvqbvxmEAAYSIJ7rOWkps573XRQUQ0+QJzkppknEbIh0FowuHXhjzWz8G4DXtnkJKER/8+RwleAiiQU56no1PyXSnOMJg=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jun 2020 07:36:03.2376 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a5cfd68-4ec4-4fea-1224-08d80d10edc1
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[13.79.242.66]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR05MB5905
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/rMdbWugFC9ekwX8X-SYq7ylaNQI>
Subject: [Cfrg] WG: Comments on the CPace proof and the CFRG PAKE selection process
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 07:36:10 -0000

Dear CFRG, 

after a very productive meeting yesterday with Manuel and Michel there is a clear path forward. Michel, Manuel and me concluded that:

1 - We agree that CPace (when the final hash includes the full communications trace but not the password) can be proved secure with respect to the security definition that is presented in [2], and which is essentially the same as that in [1] restricted to static corruptions.

2 - We concluded that the simulation strategy in [1] is very close to that in [2], which means that the proof in [2] can be adapted to fully justify CPace as above. This will be done for the proceedings version of [2] and then a separate self-contained document will clarify implementation-specific issues that are not explicit in the proof.

Yours,

Björn

[1] https://github.com/BjoernMHaase/AuCPace/blob/master/aucpace_security_analysis_20200208.pdf 
[2] https://eprint.iacr.org/2020/320 


Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 


Senior Expert Electronics | TGREH Electronics Hardware

Endress+Hauser Liquid Analysis

Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com |  www.conducta.endress.com 



Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 

Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.