Re: [CFRG] Does OPRF/OPAQUE require full implementation of RFC 9380
stef <f3o09vld@ctrlc.hu> Sat, 30 March 2024 12:37 UTC
Return-Path: <f3o09vld@ctrlc.hu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BF95C14F68D for <cfrg@ietfa.amsl.com>; Sat, 30 Mar 2024 05:37:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-Gcg-KlJt0C for <cfrg@ietfa.amsl.com>; Sat, 30 Mar 2024 05:37:09 -0700 (PDT)
Received: from ctrlc.hu (ctrlc.hu [185.193.126.105]) by ietfa.amsl.com (Postfix) with ESMTP id 6EEBCC14F605 for <cfrg@irtf.org>; Sat, 30 Mar 2024 05:37:08 -0700 (PDT)
Received: from x2.ctrlc.hu (unknown [10.23.5.25]) by ctrlc.hu (Postfix) with ESMTP id 9FC8786565D; Sat, 30 Mar 2024 12:36:36 +0000 (UTC)
Received: by x2.ctrlc.hu (Postfix, from userid 1000) id 529C03D; Sat, 30 Mar 2024 12:36:24 +0000 (UTC)
Date: Sat, 30 Mar 2024 13:36:24 +0100
From: stef <f3o09vld@ctrlc.hu>
To: Stefan Santesson <stefan@aaa-sec.com>
Cc: IRTF CFRG <cfrg@irtf.org>
Message-ID: <ZggHSDs5bRweThW5@localhost>
References: <410a0800-78ff-422f-8ca3-5a0211478cbd@aaa-sec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <410a0800-78ff-422f-8ca3-5a0211478cbd@aaa-sec.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/GmOg8bn8UBmT4AKy9zPo3DwcZIY>
Subject: Re: [CFRG] Does OPRF/OPAQUE require full implementation of RFC 9380
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2024 12:37:15 -0000
hey, Stefan. On Sat, Mar 30, 2024 at 12:56:10PM +0100, Stefan Santesson wrote: > Note that there are not even a "MUST" expressed here. Just a "must" and > therefore not a requirement according to section 1.1. nothing really is a must, but if you don't implement the hashtogroup as per the rfc you will not be able to satisfy the test vectors, and if you don't satisfy the test vectors it is difficult to claim compliance with the rfc. and also compatibility with all the other implementations. if that is ok with you, you should be doing whatever you want. tbh i also think this is overkill since for some groups, like ristretto255 for example there is a widely used hashtogroup available in most big implementations (like crypto_scalarmult_ed25519 and crypto_core_ristretto255_from_hash in libsodium). but i do understand that for other curves this might be more involved, and seems to be also problematic as - afaik - there has been for 20 years attempts made at defining a hashtogroup that applies to all widely used - standardized - groups be it curves or dlog... > Finally, is there any support for G.hashToGroup being planned in any major > libraries supporting OPRF/OPAQUE? i don't quite understand what you mean with "being planned", as as far as i know all of the implementations that satisfy the test vectors have this implemented, and liboprf https://rad.ctrlc.hu/nodes/rad.ctrlc.hu/rad:z3P9keM4KFAMp8wZuULi71VS7cWwp/tree/src/oprf.h#L105 exports this also via the .h file. i suppose all others conforming to testvectors do so too. greets, stefan
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Michael StJohns
- [CFRG] Does OPRF/OPAQUE require full implementati… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… stef
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… stef
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Jack Grigg
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Mike Hamburg
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Mike Hamburg
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Hubert Kario
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Hubert Kario
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Stefan Santesson
- Re: [CFRG] Does OPRF/OPAQUE require full implemen… Sander Dijkhuis