Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf

Alex Davidson <adavidson@cloudflare.com> Thu, 09 May 2019 09:44 UTC

Return-Path: <adavidson@cloudflare.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADD89120291 for <cfrg@ietfa.amsl.com>; Thu, 9 May 2019 02:44:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xtPfdVjl9ylQ for <cfrg@ietfa.amsl.com>; Thu, 9 May 2019 02:44:17 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E3D8120284 for <cfrg@irtf.org>; Thu, 9 May 2019 02:44:17 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id h4so2071741wre.7 for <cfrg@irtf.org>; Thu, 09 May 2019 02:44:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=xHKYnf96zkAMzBGQmyegGjRUwW1gePLT+vY5n2yyHzE=; b=NZLjeTMpzIhVsgKEGZw8YrWcmAVxNYgi8XfD5BDR+tVxjDTP4YSLVLOwIGs7mKVooa du1wZghknAibAWGeHesO6p2//uZZlDZIM1HT1yrtBDJrY80EWTu3lg+peLkns4m0APt5 HQH1jO4Vu4Wn34QXolDuLaJrabYU089PDrS/c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=xHKYnf96zkAMzBGQmyegGjRUwW1gePLT+vY5n2yyHzE=; b=UJmOqaqrKs+IZsWraio66MhAK4Z2GxYoJa6Rmd3GTTBdN1u0biHY6eMQwy/Kiqo9rA 3DmnsUNi9MpYAZRExGA/Mg30aPxnb8zihfUtZVdg/LwXH/eQf4l7Sq1z6+0M6GDjQa1R pNeyrSkkH9rAbd42TO47dVc717vVQCu8x7MgNw75Wb6ZKl09Oik24tAIQFxV7gL5Aqf/ gD3NDDPrszaD0kiXFcIGJ/wqPC696Wl1rA+xI4MbgwQWhAL6p8DJLixa2mSrMFsD5fgm F8GSPCuykuElUS/7SCqqCN2l2JI+l7hpCROj/JVhDP8fkq/C+LbtyjHpJLD527AYqfGT Db4Q==
X-Gm-Message-State: APjAAAVhTXkRh54PnNcT4tjH2j6gekw1haLLG8uf9EruMkJCifkK4bIU RIsZW4N7XRY+8aqfJ4+I+n1pcA==
X-Google-Smtp-Source: APXvYqzUMMG9GMSalR3dl4EtyhSXWXNPtjWinCZu/FUE18122AiCXCCSaMqiq2Czd+JVVi2ryEmYnA==
X-Received: by 2002:adf:eb0c:: with SMTP id s12mr2150836wrn.229.1557395055544; Thu, 09 May 2019 02:44:15 -0700 (PDT)
Received: from [172.16.28.79] ([217.138.62.245]) by smtp.gmail.com with ESMTPSA id c130sm2365031wmf.47.2019.05.09.02.44.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 May 2019 02:44:14 -0700 (PDT)
From: Alex Davidson <adavidson@cloudflare.com>
Message-Id: <553170C6-11B3-4287-A033-9C051401F4C1@cloudflare.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2D66938E-BB89-4004-A092-D1EB5678299D"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Thu, 9 May 2019 10:44:13 +0100
In-Reply-To: <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch>
Cc: Rene Struik <rstruik.ext@gmail.com>, CFRG <cfrg@irtf.org>, "draft-sullivan-cfrg-voprf.authors@ietf.org" <draft-sullivan-cfrg-voprf.authors@ietf.org>
To: Paterson Kenneth <kenny.paterson@inf.ethz.ch>
References: <54235333-9FEA-4543-93B6-2D4B1C8FCC2D@inf.ethz.ch> <0a67411b-9a2d-9e08-ca06-08ea938c0c89@gmail.com> <B62E70D5-9BAE-4332-8CE4-4AB0E3B229C8@inf.ethz.ch>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ENoByr64pH9PTVE6emTEStVjwvo>
Subject: Re: [Cfrg] Adoption call for draft-sullivan-cfrg-voprf
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 09:44:27 -0000

Hi all,

I’m one of the authors of this draft.

> Perhaps the draft’s authors can clarify here on the extent to which there is a dependency on other drafts, especially the ristretto draft (which is not a CFRG document, currently).

The only hard dependency of this draft is on the specification of the hash-to-curve algorithm that is made in https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-03 <https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-03>. The dependency on the Ristretto draft is made only as a plausible cryptographic configuration for using OPRFs. We are happy to remove the dependency on Ristretto and specify a different set of ciphersuites focusing only on the NIST curves and others such as Curve25519, for example. In general, it would be useful for us to have a wider discussion with the community on what parameter/curve settings are suitable for our use-case.

>  
> I think this draft does fit with the CFRG charter, in that VOPRFs are an emerging cryptographic mechanism that at least some people here see as being useful in contexts traditionally associated with IETF. Again, the authors of the draft can explain their intended applications better than me, but I think a good starting point if you are interested in knowing more would be:
>  
> https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf <https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf>
Other applications that feature OPRFs as dependencies include password-protected secret-sharing (https://eprint.iacr.org/2014/650.pdf <https://eprint.iacr.org/2014/650.pdf>), password-authenticated key-exchange (https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01 <https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01>) and hiding password-storage (http://webee.technion.ac.il/~hugo/sphinx.pdf <http://webee.technion.ac.il/~hugo/sphinx.pdf>). In particular, the current version of the OPAQUE draft (draft-krawczyk-cfrg-opaque) lists draft-sullivan-cfrg-voprf as a dependency. There are also many applications in general secure computation research literature (such as constructions of protocols for private set intersection).

Thanks,
Alex