[CFRG] Re: IRTF Chair review of draft-irtf-cfrg-kangarootwelve
Colin Perkins <csp@csperkins.org> Mon, 27 May 2024 23:00 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBBC5C14F705 for <cfrg@ietfa.amsl.com>; Mon, 27 May 2024 16:00:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xh3MVJse4H98 for <cfrg@ietfa.amsl.com>; Mon, 27 May 2024 15:59:57 -0700 (PDT)
Received: from mx2.mythic-beasts.com (mx2.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CAB4C14F68C for <cfrg@irtf.org>; Mon, 27 May 2024 15:59:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=eLgvIz2Qb6HmfwvS8LWIuQ1uLLy2zGc8zrcCjZyTOLw=; b=rOHZT+nQfa78C2C//tWUVnz2Uk vvyEcRDGgWeSBaggIHASEyS48YNPizvxbhQKZWe5vEgUDcRub3UV4UpkwKGucoWo1IQRtOPym7f0Z 1ZrnIP40h+qbZGz7ftUiH07K5VYFQSu/Y2r3ztRtSIK/KE0iCUi8bOxBkGluj8IgYzyzlz6l3NWOe XqqBMCrkxbBtIhSuRH3CvsZkfWU7MKd+fKyH3NOjgA4evZ4RQoIbrGFcESsDgSSOeSz+O5aQEUuwa tYRQ/qKfpETh68sSw0kRSDS1HWWqNEsI6LI9gdbQ/3CN73n+EX8+tDyf7/UpAiVn79QpQvtq3CiYI gx5y+NdA==;
Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1sBjJp-00A3ME-6H; Mon, 27 May 2024 23:59:53 +0100
From: Colin Perkins <csp@csperkins.org>
To: Gilles VAN ASSCHE <gilles.vanassche@st.com>
Date: Mon, 27 May 2024 23:59:45 +0100
X-Mailer: MailMate (1.14r6030)
Message-ID: <82481892-192D-4CC6-AC75-71FD7A34DB7F@csperkins.org>
In-Reply-To: <AM9PR10MB50057661F2B8AB6248B4DA5AF2E62@AM9PR10MB5005.EURPRD10.PROD.OUTLOOK.COM>
References: <DAC12E4B-9D0E-4E61-B02F-48E61A634026@csperkins.org> <AM9PR10MB50057661F2B8AB6248B4DA5AF2E62@AM9PR10MB5005.EURPRD10.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; markup="markdown"
Content-Transfer-Encoding: quoted-printable
X-BlackCat-Spam-Score: 0
Message-ID-Hash: VHNBYQLNXQIXOQEQLYVI3DTSTWSNUNAW
X-Message-ID-Hash: VHNBYQLNXQIXOQEQLYVI3DTSTWSNUNAW
X-MailFrom: csp@csperkins.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-irtf-cfrg-kangarootwelve@ietf.org, cfrg-chairs@ietf.org, cfrg <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-kangarootwelve
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/E3_gBYsTB4KeEPYS5SB3qNJKRSk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hi, Thanks, all - this addresses my comments. I'll move the draft forward to the IRSG review stage. Colin On 9 May 2024, at 15:06, Gilles VAN ASSCHE wrote: > Dear Colin, > > Thanks for your review. We have prepared a new draft (revision 14) addressing your comments. Please see below for some answers. > > Kind regards, > Benoît, Joan and Gilles > >> Following RFC 5743, Section 2.1, the Abstract needs to include a statement that the draft is a product of the Crypto Forum Research Group. Can you please add this. >> >> Following RFC 5743, Section 2,1, the Introduction also needs a paragraph describing the level of support for publication, the breadth of review received, and a statement that the draft is a not an IETF product and not a standard. This might be as simple as adding a statement that "This document represents the consensus of the Crypto Forum Research Group (CFRG). This document is not an IETF product and is not a standard." >> >> Section 1.1 references RFC 2119. Since the text also uses lower-case "should", "must", etc., would it be appropriate to also reference RFC 8174? > > We agree with these comments and addressed them. > >> Section 4 says "SHOULD use a HASH-then-MAC construction" and "recommends a method called HopMAC". Would it be appropriate for the draft to say why this is a SHOULD, rather than a MUST, and to describe when the recommended approach might not be suitable? > > We replaced the SHOULD with a MAY, as there are many other choices for generating MAC functions. > >> Section 5 contains test vectors. Have these been machine checked against a reference implementation to ensure they're correct? Similarly, what checks have been done to ensure the pseudo-code in the appendix is correct and matches the prose description of the algorithm? I believe that both are correct, but it's easy to introduce typos or other mistakes in such a long block of code and set of test vectors. > > We generated the test vectors using Python code [1] that is very close to the pseudo-code in the appendix. We also tested the test vectors against implementations of TurboSHAKE and KangarooTwelve in the XKCP and in the CIRCL library. > > Following your comment, we improved the Python code to make it match the pseudo-code line per line. This made us discover a typo in the pseudo-code that computes Keccak-p[1600, 12], that we corrected in version 14 of the draft. > > [1] https://github.com/cfrg/draft-irtf-cfrg-kangarootwelve/tree/master/py
- [CFRG] IRTF Chair review of draft-irtf-cfrg-kanga… Colin Perkins
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-k… Gilles VAN ASSCHE
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-k… Benoit Viguier
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-k… Dang, Quynh H. (Fed)
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-k… David Wong
- [CFRG] Re: IRTF Chair review of draft-irtf-cfrg-k… Colin Perkins