IETF Logo Mail Archive

Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf

David Wong <davidwong.crypto@gmail.com> Tue, 14 May 2019 15:22 UTC

Return-Path: <davidwong.crypto@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED5C512016C for <cfrg@ietfa.amsl.com>; Tue, 14 May 2019 08:22:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y8IRhMpJVsWl for <cfrg@ietfa.amsl.com>; Tue, 14 May 2019 08:22:50 -0700 (PDT)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A096F120150 for <cfrg@irtf.org>; Tue, 14 May 2019 08:22:35 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id z26so9323385pfg.6 for <cfrg@irtf.org>; Tue, 14 May 2019 08:22:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=QSKd9CuzvAmS+8vs5NRP3bWqo6XWrngcsay4JX75Qu8=; b=FIOam4im4xZNSoyV1qv9knHfKxOgRM9IboZ7YzL+vB4owqVMKh7M1SBlefkLfPQm75 MYgtYXETjQEQ0p4cIqtk11ZMRk85PLV0g8Z81x0sjzC1ZbtBPYUATHmcLy6iEsy6PhMF M4Rki0yXb7heGt3xt5i0EudeNkwIiOCTOfzYq9W5ubq6qT1dPp2RIOAN03OIGp8mGDTt uXz/v97Cq+JPdGPg/eagG5V9PLLmURH5Y+Q9YxEC67dgYqZu2+mLglAyLJ48mOlkB65u 9m/lbgb3vORTTZqBVp+f83BIAMPC2274DhSwI9zW1LGE9jgGnnf8Dj7UmCtRScq7Dedz EW1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=QSKd9CuzvAmS+8vs5NRP3bWqo6XWrngcsay4JX75Qu8=; b=cEp/VGs8ZboMZU4DGnPeuSo83njmc2oC8wulSthAO1fLIoRiN2hewVNBx8Ian2PIIk DePqKA2A++Q8bHnysWSzJ97VhQuHoUccckx/RQWN9TC+EKx7esjrFJG6OzsWPd1FA5ET 0QKep2GqqGRQ6EpSF/Xv+5CPlP8jmvBxlJ3bvTDOFzuQs8MsJU4eNHD+tSwBPd8mm1qJ nv785mzEseSsBY2nnRE2a2/zdYkEQB7Wk8I2jDz9G78Nh1gp+auFUaUROBWCKHYZ6rqm mAezkRIYsLoGoq308WAuz+Mjon5JW5DdhvvibLnSjnymdCLikfkfPP1De/EozrEMcY60 m2dw==
X-Gm-Message-State: APjAAAWvMtiLvRDnDeBf6O7EXbsqcxgdV8tE7otm2auyqVzscUJIh7ys qbSRTxGMvTsK9q2acyrlKWY=
X-Google-Smtp-Source: APXvYqyG369Gw/he+LCGYlkOEGDjs4oCqf90sU9wjUDFHztmJdqWRtSG5YzoSYSUTRge+VaEd+iaHg==
X-Received: by 2002:a62:6582:: with SMTP id z124mr42743191pfb.0.1557847354895; Tue, 14 May 2019 08:22:34 -0700 (PDT)
Received: from [172.21.10.27] (mobile-166-171-248-246.mycingular.net. [166.171.248.246]) by smtp.gmail.com with ESMTPSA id x4sm21302460pfm.19.2019.05.14.08.22.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 May 2019 08:22:34 -0700 (PDT)
From: David Wong <davidwong.crypto@gmail.com>
Message-Id: <0E69ED80-2479-4048-BF18-8E1F16EF57CA@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_286519F0-AE78-42C0-8D25-510F116F9A23"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Tue, 14 May 2019 08:22:32 -0700
In-Reply-To: <553170C6-11B3-4287-A033-9C051401F4C1@cloudflare.com>
Cc: Paterson Kenneth <kenny.paterson@inf.ethz.ch>, CFRG <cfrg@irtf.org>, "draft-sullivan-cfrg-voprf.authors@ietf.org" <draft-sullivan-cfrg-voprf.authors@ietf.org>
To: Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org>
References: <54235333-9FEA-4543-93B6-2D4B1C8FCC2D@inf.ethz.ch> <0a67411b-9a2d-9e08-ca06-08ea938c0c89@gmail.com> <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch> <553170C6-11B3-4287-A033-9C051401F4C1@cloudflare.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/B1UqNDTiOWUOwPE3Pyh6pGZdins>
Subject: Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 May 2019 15:22:52 -0000

Hey all,

I’m very interested in the verifiability of the OPRF.
Note that OPAQUE also mentions this draft currently: https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01 <https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01>
I would be interested in knowing why OPAQUE doesn’t want to use a VOPRF

I support the adoption of this draft.

Cheers,
David

> On May 9, 2019, at 2:44 AM, Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org> wrote:
> 
> Hi all,
> 
> I’m one of the authors of this draft.
> 
>> Perhaps the draft’s authors can clarify here on the extent to which there is a dependency on other drafts, especially the ristretto draft (which is not a CFRG document, currently).
> 
> The only hard dependency of this draft is on the specification of the hash-to-curve algorithm that is made in https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-03 <https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-03>. The dependency on the Ristretto draft is made only as a plausible cryptographic configuration for using OPRFs. We are happy to remove the dependency on Ristretto and specify a different set of ciphersuites focusing only on the NIST curves and others such as Curve25519, for example. In general, it would be useful for us to have a wider discussion with the community on what parameter/curve settings are suitable for our use-case.
> 
>>  
>> I think this draft does fit with the CFRG charter, in that VOPRFs are an emerging cryptographic mechanism that at least some people here see as being useful in contexts traditionally associated with IETF. Again, the authors of the draft can explain their intended applications better than me, but I think a good starting point if you are interested in knowing more would be:
>>  
>> https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf <https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026..pdf>
> Other applications that feature OPRFs as dependencies include password-protected secret-sharing (https://eprint.iacr.org/2014/650.pdf <https://eprint.iacr.org/2014/650.pdf>), password-authenticated key-exchange (https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01 <https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01>) and hiding password-storage (http://webee.technion.ac.il/~hugo/sphinx.pdf <http://webee.technion.ac.il/~hugo/sphinx.pdf>). In particular, the current version of the OPAQUE draft (draft-krawczyk-cfrg-opaque) lists draft-sullivan-cfrg-voprf as a dependency. There are also many applications in general secure computation research literature (such as constructions of protocols for private set intersection).
> 
> Thanks,
> Alex
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email