IETF Logo Mail Archive

Re: [Cfrg] Requirements for PAKE schemes

辛星漢 <seonghan.shin@aist.go.jp> Wed, 22 July 2015 10:49 UTC

Return-Path: <seonghan.shin@aist.go.jp>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58CE11B29CF for <cfrg@ietfa.amsl.com>; Wed, 22 Jul 2015 03:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n0yF87bxq1X3 for <cfrg@ietfa.amsl.com>; Wed, 22 Jul 2015 03:49:19 -0700 (PDT)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0048.outbound.protection.outlook.com [104.47.126.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB9F41B29CB for <cfrg@ietf.org>; Wed, 22 Jul 2015 03:49:15 -0700 (PDT)
Received: from TY1PR01MB0079.jpnprd01.prod.outlook.com (10.161.133.145) by TY1PR01MB0079.jpnprd01.prod.outlook.com (10.161.133.145) with Microsoft SMTP Server (TLS) id 15.1.219.17; Wed, 22 Jul 2015 10:49:12 +0000
Received: from TY1PR01MB0079.jpnprd01.prod.outlook.com ([10.161.133.145]) by TY1PR01MB0079.jpnprd01.prod.outlook.com ([10.161.133.145]) with mapi id 15.01.0219.018; Wed, 22 Jul 2015 10:49:12 +0000
From: 辛星漢 <seonghan.shin@aist.go.jp>
To: "Schmidt, Jörn-Marc" <Joern-Marc.Schmidt@secunet.com>, Paul Lambert <paul@marvell.com>, "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [Cfrg] Requirements for PAKE schemes
Thread-Index: AQHQsyTLGvKyZPKkQUKzsy2M6NFzkp3PoR1ggBfFmg0=
Date: Wed, 22 Jul 2015 10:49:11 +0000
Message-ID: <TY1PR01MB0079A0575764C072885CAEC8C2830@TY1PR01MB0079.jpnprd01.prod.outlook.com>
References: <D1B7C462.6E7C4%paul@marvell.com>, <38634A9C401D714A92BB13BBA9CCD34F1665158B@mail-essen-01.secunet.de>
In-Reply-To: <38634A9C401D714A92BB13BBA9CCD34F1665158B@mail-essen-01.secunet.de>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: secunet.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:67c:370:160:d30:3e4b:da0f:cc73]
x-microsoft-exchange-diagnostics: 1; TY1PR01MB0079; 5:a2T4CZDYwb+AdJWLAW4/0Q/R3AKcHfh8EcfbMU5LUDtjtW4ApfcAeZcTRbT2BvsU2a/alFJ9FZ1bKlfMINuOJMpKj9CnJqS+pTO0ZPD0QPK8zpOu9TljWMOWAPt4y3W6pYkUxBOcgTTpSfmiE8okpg==; 24:22wIbmfKsj/dOz3O55Xrl4+2ilOKdW5Rz9qwPQq3Kjof8+1c5BTq5oQ8LQ5xZNbeBFOHM4DRY6NtcqsWF7nb2e8bjTwt7qmlCkflOyzKhLA=; 20:0fJnFcEsVG+RoBnr9qx3kbagzuxfLGQhLO40a/F4hFRj9buUrWbdyGbOoqYGgiV7cvGrOawemAYrJvzPHtKJdw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:TY1PR01MB0079;
ty1pr01mb0079: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <TY1PR01MB007962CA4A1F1560001CF0F3C2830@TY1PR01MB0079.jpnprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(5005006)(3002001); SRVR:TY1PR01MB0079; BCL:0; PCL:0; RULEID:; SRVR:TY1PR01MB0079;
x-forefront-prvs: 0645BEB7AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(377424004)(33656002)(74316001)(5001770100001)(46102003)(76576001)(106116001)(2501003)(551544002)(74482002)(92566002)(5003600100002)(2900100001)(76176999)(19580405001)(77156002)(2950100001)(62966003)(102836002)(5002640100001)(50986999)(2656002)(5001960100002)(86362001)(40100003)(54356999)(85182001)(107886002)(122556002)(77096005)(189998001)(19580395003)(87936001)(3826002); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR01MB0079; H:TY1PR01MB0079.jpnprd01.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: aist.go.jp
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2015 10:49:11.2667 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 18a7fec8-652f-409b-8369-272d9ce80620
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR01MB0079
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/BW7zB2LU21g7wzvRQyjIQFbY1EU>
Subject: Re: [Cfrg] Requirements for PAKE schemes
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 10:49:20 -0000

Dear Jörn,

Thank you for the document.

Here are some comments:
1. It is somewhat misleading to differ balanced and augmented by a type of password storage in Section 3.1 because in balanced PAKE protocols passwords can be stored as elements generated with a one-way function. As you already wrote in the second paragraph, the difference is whether it is providing KCI or not.

2. In Section 3.3, “~ while the second one proposes a generic construction that allows transferring any two-party PAKE into a GPAKE protocol.”. However, there are other papers to convert 2-party PAKE to group PAKE (e.g., [ACGP11]).
M. Abdalla et al., “Contributory Password-Authenticated Group Key Exchange with Join Capability,”' CT-RSA 2011

Best regards,
Shin

------------------------------------------------------------------------------
SeongHan Shin
Information Technology Research Institute (ITRI),
National Institute of Advanced Industrial Science and Technology (AIST),
8F, AIST Tokyo Waterfront Bio-IT Research Building,
2-4-7 Aomi, Koto-ku, Tokyo, 135-0064, Japan
Tel : +81-3-3599-8001
E-mail : seonghan.shin@aist.go.jp
------------------------------------------------------------------------------

________________________________________
差出人: Cfrg <cfrg-bounces@irtf.org> が  の代理で送信Schmidt, Jörn-Marc <Joern-Marc.Schmidt@secunet.com>
送信日時: 2015年7月7日 16:20
宛先: Paul Lambert; cfrg@ietf.org
件名: Re: [Cfrg] Requirements for PAKE schemes

Dear Paul,

Thanks a lot for your feedback.

>Nicely written Š A couple general comments, in section 5 it states:
>"This technique can be used  to parlay a short one-time code, into a
long-lived public key.²
>This seems much more interesting than just setting up shared secrets.
Perhaps it could be included in the MAY comments to help promote the
>addressing of this capability.  A PAKE plus long-lived public key is an
important building block for pairing/setup of devices that use public keys
for authentication.

I'll add a MAY requirement in the next version.


>Where long-lived public keys are used, a requirement should also be added
to discuss the privacy properties of the scheme.

Good point - I'm happy to address privacy in the next version.

Cheers,

Jörn

v2.23.0 | Report a Bug | By Email