Re: [Cfrg] Streaming AEAD
Jean Paul Degabriele <jpdega@gmail.com> Tue, 18 February 2014 23:29 UTC
Return-Path: <jpdega@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FAEB1A02AF for <cfrg@ietfa.amsl.com>; Tue, 18 Feb 2014 15:29:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBrZY24BrYtq for <cfrg@ietfa.amsl.com>; Tue, 18 Feb 2014 15:29:58 -0800 (PST)
Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com [IPv6:2607:f8b0:400c:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id E8F741A02AE for <cfrg@irtf.org>; Tue, 18 Feb 2014 15:29:57 -0800 (PST)
Received: by mail-ve0-f174.google.com with SMTP id pa12so13925555veb.5 for <cfrg@irtf.org>; Tue, 18 Feb 2014 15:29:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=eKW0C2DMoPVlB4LDcT5ATtHBYoQIFz6VDKF59ngs5E0=; b=LPzq3kqcQJafV/fu0AZwPrfaaE/+107EF7KXgLQnSUs/1nOkEQt/qZCo5yTsXkI6bK UaINUZizMqu7lBF+pRwM/roAZYsont1J5Co2+snAhNFZCxYK1Z0GiGjk0KraetB4y2hU FafAiA6DB+xfGDAlsMGlEJWXetkupHX2S6KwEmkx14xp86KX5pVvlq5hO+UGf2LH4YkG vUfeFoj3dJ0bCyvgF3YsSffTwIUmFG2J8LjU0hEYafk1B8711GHAc9iHhLsmA1IIC6jx jh5EFVkZotsKKJ9o8ihr/WTVhe18bzAAfomnCVyM4+FSge100+9IfBxfH+fdXQ13Hw7d +6kA==
MIME-Version: 1.0
X-Received: by 10.221.30.14 with SMTP id sa14mr102546vcb.44.1392766194615; Tue, 18 Feb 2014 15:29:54 -0800 (PST)
Received: by 10.53.7.234 with HTTP; Tue, 18 Feb 2014 15:29:54 -0800 (PST)
Date: Tue, 18 Feb 2014 18:29:54 -0500
Message-ID: <CADhQzStY6o_V9dpA8FKNOoL8+pf4Gj6crYjO28G96pamytkapw@mail.gmail.com>
From: Jean Paul Degabriele <jpdega@gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="001a11336a2e490b0804f2b6a671"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/FPC967lwpa57S2OYjm0hOJ3WPjQ
Subject: Re: [Cfrg] Streaming AEAD
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: jeanpaul.degabriele@gmail.com
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 23:29:59 -0000
Hi, The problem of streaming AEAD seems to be closely related to our paper "Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation" with Alexandra Boldyreva, Kenny Paterson, and Martijn Stam from Eurocrypt 2012. In it we consider the problem of achieving authenticated encryption over channels that may fragment the ciphertext in arbitrary manner, as is the case with TCP/IP. Protocols like TLS and SSH tackle this problem by introducing a length field in their respective data formats. Extending AEAD to support fragmentation raises a number of new security concerns. In particular, it can totally undermine the privacy of the scheme, as was the case with SSH-CBC (see Albrecht Paterson and Watson from Oakland 09). Additionally it may introduce new vulnerabilities that relate to Denial of Service. On the other hand, as David already mentioned, supporting fragmentation may provide a strategy for mitigating Traffic Analysis if certain additional security properties are met. In the paper we provide a formal treatment of ciphertext fragmentation addressing all of these points, and present some constructions which relate to some of the ideas that you mentioned in this thread. We are currently doing some major revisions on the proceedings version and an updated full version will be available on eprint soon. Best Jean Paul Degabriele
- Re: [Cfrg] Streaming AEAD Peter Gutmann
- [Cfrg] Streaming AEAD Manger, James
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD Jean Paul Degabriele
- Re: [Cfrg] Streaming AEAD Manger, James
- Re: [Cfrg] Streaming AEAD Mridul Nandi
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David Jacobson