IETF Logo Mail Archive

Re: [Cfrg] OPAQUE: Secure aPAKE (presentation and draft)

David Wong <davidwong.crypto@gmail.com> Wed, 18 July 2018 12:15 UTC

Return-Path: <davidwong.crypto@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33ED6130ED9 for <cfrg@ietfa.amsl.com>; Wed, 18 Jul 2018 05:15:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E3FUJiJlvz-6 for <cfrg@ietfa.amsl.com>; Wed, 18 Jul 2018 05:15:01 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23E69130DF0 for <cfrg@irtf.org>; Wed, 18 Jul 2018 05:15:01 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id b20-v6so4050111edt.10 for <cfrg@irtf.org>; Wed, 18 Jul 2018 05:15:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5ARi7xTE3pFEOCqt07FOcXtNLZsur7WV1SOPUzoP2aU=; b=BDoFs6N2DQyZhaf4ZjXhwgoj/zSI6fKU+VHMGQ7wiS+ee1o2UMO0fm22+6KJTF5kDs 8EXqNS4o+c/OALh6bCP0usyrdR9OfHZnQh/5TR6sjsOVcmkoW2AUDJWqQcaKD9+lT/Et 7fjWTs8QVo+DxORUgD7k/X2qhX4w4h7G3CaZd6HEfk86JDxcC49vP48xqByCVGfvsQRc BHhfDFiu549jrZ2FMI5ZyJINux5XoDhtb0n9Ak1Xtk2tjZBW80mvFLHmgEyUd+hyfiBV h2P3cVmSJ+/aKNlbPHnYY54nidGR7JJQ1jFoarZGkoqgytD8+X7Pkj63hvAdlVQDTBau DPEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5ARi7xTE3pFEOCqt07FOcXtNLZsur7WV1SOPUzoP2aU=; b=DHlK7W8u5JwsK4dMSG2bHjlO6h8l9sVejtGrJwIJoYq05+G2jSx3OJTAmeRWmi9fSm HJYVddQ3QL28UknNIdqqUQ41dRNXRFhrXpi7OTsEFBVH2MiJWhAO24yphfg+tXCfO4TV 7ddwsxg3w7jLS4x087JVCYXXK2QxGJe2vXJz0l2l6mT1m5Tu68FDUo7mK2hZkqnlhNTE Xv50Zaw+ZeqwOqfi2F4SFhydw0DK27a00bCicUeKHkfc26RLHfIGmrOQD/585KhWmaGv IGpYDqEPIdCisf61nxcZ1hrAGH9HfakfXoKMzX70/j3P1x9ai0wZFTGfslLZwZBc8FW2 2vlw==
X-Gm-Message-State: AOUpUlGZGwOJePxJpgDtDlPrVhXOyFEck84gRDqRzR/BSYmuXTD/ee0c dGCatUGblwA7soGdHDb81qO7hFstAtZVJXAOrsk=
X-Google-Smtp-Source: AAOMgpf6D007U5S40pvqVQ5Viv5ycrsTdtlpHGfvstwECKH6oSP+kKsF22Qw55CGQaib7HQS+zguScAgnqhpqJnkC0Y=
X-Received: by 2002:a50:b807:: with SMTP id j7-v6mr6710179ede.206.1531916099650; Wed, 18 Jul 2018 05:14:59 -0700 (PDT)
MIME-Version: 1.0
References: <CADi0yUM+rm6A-pPqxFUh_Hn+msVCo1TpbWL=e=vz+p7E3VaK3g@mail.gmail.com> <a3c93381-e5f7-7079-cfc2-7e7aad99cd5b@htt-consult.com> <CAO8oSXns7fn8dWr9kUMyYZn-QpitP+8H5hob_7Fui1HkjwbstA@mail.gmail.com>
In-Reply-To: <CAO8oSXns7fn8dWr9kUMyYZn-QpitP+8H5hob_7Fui1HkjwbstA@mail.gmail.com>
From: David Wong <davidwong.crypto@gmail.com>
Date: Wed, 18 Jul 2018 05:14:47 -0700
Message-ID: <CAK3aN2oWRiuxO8za-Mcbnwrx=5aLLfKmQTgLVm4y67ZjdqGiWg@mail.gmail.com>
To: Christopher Wood <christopherwood07@gmail.com>
Cc: rgm-sec@htt-consult.com, cfrg@irtf.org, hugo@ee.technion.ac.il
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Eu3p7Ma6NIlGhkUF_iznUIgVkws>
Subject: Re: [Cfrg] OPAQUE: Secure aPAKE (presentation and draft)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 12:15:08 -0000

Hello,

Are there any slides of this presentation?

Thanks,
David
On Tue, Jul 17, 2018 at 3:27 PM Christopher Wood
<christopherwood07@gmail.com> wrote:
>
> The PDF link works (for me).
>
> Best,
> Chris
>
> On Tue, Jul 17, 2018 at 6:24 PM, Robert Moskowitz
> <rgm-sec@htt-consult.com> wrote:
> > Hugo,
> >
> > The link below to this draft is not working.  :(
> >
> > Bob
> >
> >
> >
> >
> > On 07/11/2018 03:13 AM, Hugo Krawczyk wrote:
> >
> > During the CFRG meeting in Montreal I will have a short presentation about
> > the OPAQUE protocol, the first PKI-free aPAKE ('a' is for asymmetric or
> > augmented)   to accommodate secret salt and be secure against
> > pre-computation attacks.  In contrast, prior aPAKE protocols did not use
> > salt and if they did, the salt was transmitted in the clear from server to
> > user allowing for the building of pre-computed dictionaries.
> >
> > OPAQUE was presented in a recent paper at Eurocrypt 2018
> > https://eprint.iacr.org/2018/163
> > that includes a full proof of security in a strong aPAKE model that
> > guarantees security against pre-computation.
> >
> > I believe OPAQUE to be a good candidate for standardization as an aPAKE. It
> > compares favorably, both in actual security and proven security, to other
> > aPAKE schemes considered for standardization, including SPAKE2+, AugPAKE and
> > the old SRP. In particular, none of these protocols
> >
> > has
> >  a proof of security (*), not even in a weak model, and none can accommodate
> > secret salt.
> >
> > I have not made the deadline for posting a draft before the IETF meeting so
> > I am posting an unofficial version (that I will submit after the meeting)
> > here:
> > http://webee.technion.ac.il/~hugo/draft-krawczyk-cfrg-opaque-00.txt
> > http://webee.technion.ac.il/~hugo/draft-krawczyk-cfrg-opaque-00.pdf
> >
> > Comments are welcome (although I may be slow in responding)
> >
> > Hugo
> >
> > (*) Clarification: Contrary to what recent drafts have claimed, SPAKE2+ does
> > not have a proof as aPAKE - the protocol was described by Cash et al with a
> > short informal discussion of its rationale and no intention to claim its
> > security formally (the paper does not even contain a security model for
> > aPAKE protocols). This is in contrast to SPAKE2 that does have a proof as
> > PAKE (without the augmented part).
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
> >
> >
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
> >
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email