Re: [CFRG] draft-irtf-cfrg-aead-limits lacks EAX and OCB

Martin Thomson <mt@lowentropy.net> Mon, 02 August 2021 00:34 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EA943A05AA for <cfrg@ietfa.amsl.com>; Sun, 1 Aug 2021 17:34:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=q8l79WAC; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cQX6mNV3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WplwJn1yEq9r for <cfrg@ietfa.amsl.com>; Sun, 1 Aug 2021 17:34:38 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28DDE3A05A6 for <cfrg@irtf.org>; Sun, 1 Aug 2021 17:34:38 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 629B95C00DF for <cfrg@irtf.org>; Sun, 1 Aug 2021 20:34:35 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Sun, 01 Aug 2021 20:34:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=ZEY0KcfXZHAN5ypiJ+b5Yi+SFJhb3f9 25ShHfhmNcos=; b=q8l79WACDnXSM2LEODUvw7RFZahkefHIi6UUkwwygPp8J+o tt3ROXTcEq1cp4YTC8A/UlqE16uv4k+98AAeqqE8A04zSaxOOGlP0D+uyuCVOLol Y0d+OZtd7dIe72sTrRpQm8ZM4ujLnY8reayrdct6yUE18rU3BxNN3roSfZix8Orq 0+gq0YXJl+bz1xzaXAmN/yV9sNBTBmDfWssPR0BQyPnGiB9XLl7c+87HvTeqdSY4 KMXsgGq2hrLZC8kld4Cs2rMMfyQBHBJkzmzVzm3Y6slyBaDmWSsLyY2mtEDPyE+u soH/luMkvA4rrV+gqmog/Kzs6TPFPXlpBtj7mMg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=ZEY0Kc fXZHAN5ypiJ+b5Yi+SFJhb3f925ShHfhmNcos=; b=cQX6mNV3dKHwbIGvcCOfJg p2J6EH2SsIJxrNa39bkIRhA+HtOfKQwHEoz/hpNtr6c136PcKZIWn1AsbQh+BLj8 k9B5PimNE/Iy8UVIALshDelVd6oudbmdI9lzJnemcB/XXJD8330A9T4+ACSJJ9Ze Osf5eBQDyC4ag25U7TsE5hYPewyj6DrmscITphXLz9wadDV3tAi6W0uVU0XR5+H8 fAe32V9141H5zOKY8X20gUD8NFF2SE4QnGzbzhxRPTfBfgLDYahRUrFCZye/aRbu Aa2VTmX3OTlPBcaK6QXff8SQIPyVfTU062JSRzM/qnjwDkJcZW+wqRfV9QspP/Ww ==
X-ME-Sender: <xms:mj0HYcJkGJhL98XYSPGdxMLR-ezy4n46dSC4d42pX26uXInPw5DIVA> <xme:mj0HYcJOtxMA7l49UCn7TWYXXdUa8_bA_RdDMWb53ZM0F29LUDQL9GFsJTuizrIu_ 1capo7J3BSbgHdQJhE>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddriedugddulecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepveeujefhgefggfffvdekve eggefgvdegfeefudevfeeujeejueefieffveeijeehnecuffhomhgrihhnpehgihhtlhgr sgdrtghomhdptghrhihpthhoqdhrvghfrhgvshhhrdhmugdpihhrthhfrdhorhhgnecuve hluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohif vghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:mj0HYcssB-Ta9TFmQGQ_1hehHL0xTmVlzO5rbPYphL7W9rq0T3QGEA> <xmx:mj0HYZbgUyOoe-Z2RlvO61hmnpCKjb6-C2NYDHI2ubmsQwZT3_rjLw> <xmx:mj0HYTYoCcGC1YF1_FLPSEgscJnGC8ZMBbZ1Ts6a5IXN1e22_rlH7g> <xmx:mz0HYcnlE1y1DyJV4r6uL4zzVo290CQ0jJWAWH1WLPlLMhQrBQ6emw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E1A2E3C0471; Sun, 1 Aug 2021 20:34:34 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-545-g7a4eea542e-fm-20210727.001-g7a4eea54
Mime-Version: 1.0
Message-Id: <22f3d165-c2ed-4531-99f9-2eeccfadb121@www.fastmail.com>
In-Reply-To: <87r1fful35.fsf@fifthhorseman.net>
References: <87r1fful35.fsf@fifthhorseman.net>
Date: Mon, 02 Aug 2021 10:34:13 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/GCOLzKyqLHipH_7otF4FBfmR7tM>
Subject: Re: [CFRG] draft-irtf-cfrg-aead-limits lacks EAX and OCB
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 00:34:43 -0000

I am not personally aware of any analysis of these modes that would be suitable.

The limits documented in RFC 7253 are generic, so there isn't much point in including them.  Or, stated differently, we wouldn't be improving the information available to a user of OCB if we did so.

If someone is able to contribute an OCB, EAX, or SIV, those would be welcome, but my preference would be to complete the work.

On Sat, Jul 31, 2021, at 15:08, Daniel Kahn Gillmor wrote:
> Hi CFRG and OpenPGP folks--
> 
> In the CFRG meeting today, i noticed that the AEAD Limits draft does not
> include a mention of EAX and OCB.
> 
> EAX and OCB are both candidates for inclusion in the forthcoming
> cryptographic refresh of OpenPGP
> (https://gitlab.com/openpgp-wg/rfc4880bis/-/blob/main/crypto-refresh.md).
> 
> I note that for OCB, RFC 7253 does include some suggestions of the kinds
> of limits that are appropriate.
> 
> I'm not skilled enough with the kind of analysis that's happening in
> these drafts to tell whether the guidance in 7253 translates into the
> same sort of answers that draft-irtf-cfrg-aead-limits is trying to
> systematize.
> 
> If it is, and CFRG folks find the limits in 7253 plausible, perhaps a
> new section in the AEAD limits draft could import the relevant figures
> and reference 7253?
> 
> I don't know of any comparable analysis for EAX, but if anyone can point
> to some, i'd be interested in seeing EAX analyzed as well.
> 
> Sorry to not have the chops to analyze this myself, but i'm hoping that
> someone in CFRG have enough capacity to at least look into it and tell
> me why it doesn't match.
> 
> Regards,
> 
>         --dkg
> 
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
> 
> Attachments:
> * signature.asc