Re: [Cfrg] What are the goals of the AEAD bakeoff?

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Mon, 22 June 2020 16:33 UTC

Return-Path: <prvs=34424aef23=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 848D53A0F78 for <cfrg@ietfa.amsl.com>; Mon, 22 Jun 2020 09:33:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H9gZbo9elvn8 for <cfrg@ietfa.amsl.com>; Mon, 22 Jun 2020 09:33:26 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FDF03A0F74 for <cfrg@irtf.org>; Mon, 22 Jun 2020 09:33:26 -0700 (PDT)
Received: from LLE2K16-MBX03.mitll.ad.local (LLE2K16-MBX03.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 05MGXLCJ013367; Mon, 22 Jun 2020 12:33:21 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Dmitry Belyavsky <beldmit@gmail.com>, Paul Grubbs <pag225@cornell.edu>
CC: CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] What are the goals of the AEAD bakeoff?
Thread-Index: AQHWR/5ennqSqGghnkSlJA+uwd9mqajjhdEAgAGKZYCAAACcAP//xN4A
Date: Mon, 22 Jun 2020 16:33:20 +0000
Message-ID: <DF5BC246-33C8-418B-A139-92A8E6077A57@ll.mit.edu>
References: <CACsn0c=_fPUdoZ5x40AqZPMBN9rt=4ua9oDK8Di5znrUQQFAtQ@mail.gmail.com> <B557E263-8DD2-4BDC-B54D-FFF839D8E025@ll.mit.edu> <CAKDPBw8abCw022Fk4Thj2Cozt243ffTCJV58=SR68aq=sg8RnA@mail.gmail.com> <CADqLbz+y3Nw2hMfudCq14=WoYX3+KaNtVp7KEb=WjX5U1kxOUA@mail.gmail.com>
In-Reply-To: <CADqLbz+y3Nw2hMfudCq14=WoYX3+KaNtVp7KEb=WjX5U1kxOUA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
x-originating-ip: [172.25.1.90]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3675674000_1910459222"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-22_09:2020-06-22, 2020-06-22 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2004280000 definitions=main-2006220118
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/E6yUVzr4VTeXa63_TnNY73w90iE>
Subject: Re: [Cfrg] What are the goals of the AEAD bakeoff?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 16:33:29 -0000

Do we really need competition instead of classification?

 

IMHO, no we don’t.

 

 

On Mon, Jun 22, 2020 at 7:03 PM Paul Grubbs <pag225@cornell.edu> wrote:

I agree that there are a lot of potentially important goals, and that more clarity is needed before choosing design targets. This seems like a good use case for a multi-round competition: in the first round, people can propose design goals, then the CFRG can select a few goals for which people propose concrete schemes in subsequent rounds. 

 

On Sun, Jun 21, 2020 at 4:31 PM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:

I concur with Watson. Different use cases need different "winners".


On 6/21/20, 15:01, "Cfrg on behalf of Watson Ladd" <cfrg-bounces@irtf..org on behalf of watsonbladd@gmail.com> wrote:

    Unlike PAKE, where a multitude of designs all claimed to have achieved
    the same security and usability goals, the goals of this competition
    seem multifaceted and in tension. On the one side is a desire for
    larger encrypted data volumes, either via big blocks or beyond
    birthday techniques. Evaluating a big-block construction is likely to
    involve substantial symmetric cryptanalysis knowledge.

    On the other is a demand for key-committing schemes and nonce hiding
    schemes. Both of these are likely to have efficiency costs compared to
    potentially one-pass big block (or tweaked) schemes.

    I don't think it makes sense to have a competition. I think it makes
    sense to articulate the problems and present them to get people
    interested in proposing designs/understanding the tradeoffs, and then
    maybe have a competition once that is clearer.

    Sincerely,
    Watson

    _______________________________________________
    Cfrg mailing list
    Cfrg@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg


 

-- 

SY, Dmitry Belyavsky