Re: [Cfrg] PAKE selection process: status after Phase 1 and following steps // Information regarding SPAKE2

Watson Ladd <watsonbladd@gmail.com> Fri, 19 July 2019 14:48 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 362C41203F5 for <cfrg@ietfa.amsl.com>; Fri, 19 Jul 2019 07:48:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2rZ1fsroowd for <cfrg@ietfa.amsl.com>; Fri, 19 Jul 2019 07:48:39 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 292431203DE for <cfrg@irtf.org>; Fri, 19 Jul 2019 07:48:39 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id c9so21917210lfh.4 for <cfrg@irtf.org>; Fri, 19 Jul 2019 07:48:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=XD+hD10343/5ciXjGOmcJiIviENVyIZm55s5yrVNd60=; b=HUIdRRf9Mb4IkrbtnUwDLwkkdyfsOpGZmiffkMemOtNlBcij36qguXnsryyqcWTm53 XKRnic3dh78RSfVqILMftB40TnSi40arjpD9jN7QRT/XrwdEcCwgfzZuv1FILCnx1GmI hads0Xt8Gf1qsjfCZm7tbBApPVuNaU1TZP3OL4npuqj07A2XM2RsWR8oXW9yeiBHixwj 52lQHZYyyb9s37dKgYH2fkLnSemmoMbdcY+MBkn7xdoPpB7am0UiTl8HmcQT68SQmh3m BN0tYmxvgScatE9eOOQ+RMPI/+Uf6aIpLi1JmBXbHCPCZraQVj8tzxyWJH87vOVmULm7 z95Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=XD+hD10343/5ciXjGOmcJiIviENVyIZm55s5yrVNd60=; b=C9G4LWK+lr5F2ISkVLBjvSqqvI0qaCjsS/RWsKnxbouFpcOKC9ICKf/j3eEDa6NsVk +vnT9nBEuQaANeZ9UdUoxO9qHf9Xv0t+GsWqH1Q3c//uL3aDkvMXGzgz/FNvOItng+7K Tgh5ZwY1J1c73dolf2adKpJBeMk1PEmpmSGaeH28sG1lPcso9RkQlwoX5MYckQBmRFAx 5A+GhCiRJftBfselPT+6ZKTyeOclZykDOEGcVJ0NeO9L7PsSV8iTA5xRo4JT6sRfde2p viW6T4KM4qNU9CfjYMEIaDnSdTfT/AYg5+RCPuVt9RYEUbJ/3rzAmMtV6kjEmuroYNmI +a9Q==
X-Gm-Message-State: APjAAAWk8zl6ZXp7Gsfn0tjaQ0AcyNDxuXsB/QSWZjfAyPqtlzLJpLiI 22b8h40rYVmKHRZcQ8ZSF9u0RLDrHfAAwMoUSMw=
X-Google-Smtp-Source: APXvYqwIeW2fpADld93jpJ5wnU4ivH/y1WkH5YzNZ3vbQDPFXvjOEmEyqLTHFTKg/qpPNX8mjkFG359o6IpgfcmZs/I=
X-Received: by 2002:a19:2297:: with SMTP id i145mr24004974lfi.97.1563547717271; Fri, 19 Jul 2019 07:48:37 -0700 (PDT)
MIME-Version: 1.0
References: <VI1PR0501MB22557E41BC4AE7373A60BC8F83CB0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
In-Reply-To: <VI1PR0501MB22557E41BC4AE7373A60BC8F83CB0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 19 Jul 2019 07:48:25 -0700
Message-ID: <CACsn0ckeLgK6LLzNxRKTyoLm5LDYR=5cSQVAb2Lr8hvRAbgYWQ@mail.gmail.com>
To: =?UTF-8?B?QmrDtnJuIEhhYXNl?= <bjoern.haase@endress.com>
Cc: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, CFRG <cfrg@irtf.org>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/96A0DatsPrNE0cEPn76FJBG9PJI>
Subject: Re: [Cfrg] PAKE selection process: status after Phase 1 and following steps // Information regarding SPAKE2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2019 14:48:42 -0000

On Fri, Jul 19, 2019 at 12:47 AM Björn Haase <bjoern.haase@endress.com>; wrote:
>
> Dear Watson,
>
> I am having two remarks regarding your description of SPAKE2
>
> 1.) Regarding request 2:
>
> >R2:
> >There is a security proof in
> >
> >Abdalla, M. and D. Pointcheval, "Simple Password-Based
> >              Encrypted Key Exchange Protocols.", Feb 2005.
> >
> >              Appears in A.  Menezes, editor.  Topics in Cryptography-
> >              CT-RSA 2005, Volume 3376 of Lecture Notes in Computer
> >              Science, pages 191-208, San Francisco, CA, US.  Springer-
> >              Verlag, Berlin, Germany.
> >in the ROM.
>
> I would like to add the pointer to the recent paper of Becerra, Ostrev, and Skrobot
> https://eprint.iacr.org/2019/351
> This paper addresses the problem that the proof from Abdalla and Pointcheval did not cover  forward secrecy.
> (I actually did not yet find time to review and analyze it in detail but it did pass peer review for ProvSec 2018.)
> I.e. since 2018 SPAKE2 provides has a proofs regarding forward secrecy.

Thank you for the additional reference!

>
>
> 2.) "Trusted Setup"
>
> I have the impression that we have a wording / language problem here. My understanding is the following: When using the term "trusted setup" most people on the list might explicitly be referring to special points as used in constructions such as TBPEKE, VTBPEKE, SPAKE2 (and CPace with patent circumvention from Appendix A of the AuCPace paper).
>
> Agreeing on this wording aspect might be important for the discussion, because this (in my opinion) is the specific advantage of constructions such as J-PAKE.
> My suggestion is: Lets agree on the wording  "Trusted setup" includes "Special points".

If we do want to address both I think 'parameter generation' would be
a reasonable phrasing including both. Trusted setup has implications
that don't apply to SPAKE2.

>
>
>
>
>
>
> Mit freundlichen Grüßen I Best Regards
>
> Dr. Björn Haase
>
> Senior Expert Electronics | TGREH Electronics Hardware
> Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
> Phone: +49 7156 209 377 | Fax: +49 7156 209 221
> bjoern.haase@endress.com |  www.conducta.endress.com
>
>
>
> Endress+Hauser Conducta GmbH+Co.KG
> Amtsgericht Stuttgart HRA 201908
> Sitz der Gesellschaft: Gerlingen
> Persönlich haftende Gesellschafterin:
> Endress+Hauser Conducta Verwaltungsgesellschaft mbH
> Sitz der Gesellschaft: Gerlingen
> Amtsgericht Stuttgart HRA 201929
> Geschäftsführer: Dr. Manfred Jagiella
>
>
> Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
> Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.
>
>
>
> Disclaimer:
>
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
>


-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.