Re: [CFRG] HPKE and Key Wrapping
"Kampanakis, Panos" <kpanos@amazon.com> Fri, 08 April 2022 16:47 UTC
Return-Path: <prvs=090dfa279=kpanos@amazon.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 050243A0E3A for <cfrg@ietfa.amsl.com>; Fri, 8 Apr 2022 09:47:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.607
X-Spam-Level:
X-Spam-Status: No, score=-9.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnWNc97IaVpJ for <cfrg@ietfa.amsl.com>; Fri, 8 Apr 2022 09:47:24 -0700 (PDT)
Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 749373A1763 for <cfrg@irtf.org>; Fri, 8 Apr 2022 09:47:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1649436444; x=1680972444; h=from:to:cc:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=084ywfSTC8L9AxcoW64HT4zyfC3E/ab9YgW84vTFsAE=; b=ur8fw5fohBn2xg8vep7y1jrk6Z74vpE36YN6W7h16WlgX+amuOAqTit5 yDqf6FTERAPiB1Wp3WpKinZ1MdlImAZs+nWrk0zrTv3NjimB9fVsM5qFQ c7R+o5GVnbmXUYpSSCGPnqR27aMVk3gwZx8Nt6vZfTgI92wPeKIE3JNFC w=;
X-IronPort-AV: E=Sophos;i="5.90,245,1643673600"; d="scan'208";a="78025910"
Thread-Topic: [CFRG] HPKE and Key Wrapping
Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-pdx-2c-a264e6fe.us-west-2.amazon.com) ([10.25.36.214]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP; 08 Apr 2022 16:47:06 +0000
Received: from EX13MTAUWB001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2c-a264e6fe.us-west-2.amazon.com (Postfix) with ESMTPS id 50EE14180E; Fri, 8 Apr 2022 16:47:06 +0000 (UTC)
Received: from EX13D01ANC001.ant.amazon.com (10.43.157.154) by EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Fri, 8 Apr 2022 16:47:05 +0000
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13D01ANC001.ant.amazon.com (10.43.157.154) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Fri, 8 Apr 2022 16:47:03 +0000
Received: from EX13D01ANC003.ant.amazon.com ([10.43.157.68]) by EX13D01ANC003.ant.amazon.com ([10.43.157.68]) with mapi id 15.00.1497.033; Fri, 8 Apr 2022 16:46:58 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Russ Housley <housley@vigilsec.com>
CC: IRTF CFRG <cfrg@irtf.org>
Thread-Index: AQHYQ0u7KP9IsmRXD0Kbvf1+Gh7oQ6zXFHKAgAFK1QCADd3psA==
Date: Fri, 08 Apr 2022 16:46:58 +0000
Message-ID: <29f8a7f6f6404d218ef346e8c4967ebe@EX13D01ANC003.ant.amazon.com>
References: <HE1PR0701MB3050AFD941AABAB80D7EC31E891E9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <7c67e7a0-ddaa-4f2e-9a1e-91af4956c0f1@beta.fastmail.com> <4627F814-4AE0-4E13-ADA3-2C30AF258385@vigilsec.com>
In-Reply-To: <4627F814-4AE0-4E13-ADA3-2C30AF258385@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.156.94]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/LUNTOIhuDyEmAHKdtcbTAX6S5Dc>
Subject: Re: [CFRG] HPKE and Key Wrapping
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2022 16:47:30 -0000
Jumping in late. > I think HPKE is the future of asymmetric encryption including asymmetric key wrapping. +1 on what John M. said > So, it would be really nice to use a Key-Wrap algorithm in HPKE to encrypt the KEK. +1 on what Russ suggested. Imo, HPKE is what should be used in CMS for asymmetric encryption as well. Just FYI, since wherever asymmetric encryption is discussed the PQ thread can be brought up, https://eprint.iacr.org/2022/414.pdf includes some work we did on adding PQ KEMs in HPKE. Nothing earth shattering. Just experimentation with PQ-only and PQ-hybrid HPKE to show that if the PQ KEM has OK performance, PQ HPKE is still fine. There are still gaps in terms of proofs which are not addressed in the paper. -----Original Message----- From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Russ Housley Sent: Wednesday, March 30, 2022 4:16 PM To: Martin Thomson <mt@lowentropy.net> Cc: IRTF CFRG <cfrg@irtf.org> Subject: RE: [EXTERNAL] [CFRG] HPKE and Key Wrapping CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Martin: > > On Tue, Mar 29, 2022, at 20:05, John Mattsson wrote: >> Would it make sense to standardize AES-KWP for HPKE or do CFRG >> believe that AES-SIV is the future of key wrapping? Irrespectively I >> think the CFRF should produce a good recommendation on how to use >> HPKE for key wrapping. > > What is wrong with the existing HPKE cipher suites for protecting keying materials? That is, aside from not carrying a NIST approval stamp. If you try to apply HPKE to the COSE or JOSE structures, it just does not quite fit. However, by using HPKE to deliver a key-encryption key (KEK) to the recipient, the structures fit. So, it would be really nice to use a Key-Wrap algorithm in HPKE to encrypt the KEK. Russ _______________________________________________ CFRG mailing list CFRG@irtf.org https://www.irtf.org/mailman/listinfo/cfrg
- [CFRG] HPKE and Key Wrapping John Mattsson
- Re: [CFRG] HPKE and Key Wrapping Russ Housley
- Re: [CFRG] HPKE and Key Wrapping Dan Harkins
- Re: [CFRG] HPKE and Key Wrapping Martin Thomson
- Re: [CFRG] HPKE and Key Wrapping John Mattsson
- Re: [CFRG] HPKE and Key Wrapping John Mattsson
- Re: [CFRG] HPKE and Key Wrapping Taylor R Campbell
- Re: [CFRG] HPKE and Key Wrapping John Mattsson
- Re: [CFRG] HPKE and Key Wrapping Christopher Wood
- Re: [CFRG] HPKE and Key Wrapping Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] HPKE and Key Wrapping Russ Housley
- Re: [CFRG] HPKE and Key Wrapping John Mattsson
- Re: [CFRG] HPKE and Key Wrapping Richard Barnes
- Re: [CFRG] HPKE and Key Wrapping Dan Harkins
- Re: [CFRG] HPKE and Key Wrapping Martin Thomson
- Re: [CFRG] HPKE and Key Wrapping Martin Thomson
- Re: [CFRG] HPKE and Key Wrapping Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] HPKE and Key Wrapping Ilari Liusvaara
- Re: [CFRG] HPKE and Key Wrapping Ilari Liusvaara
- Re: [CFRG] HPKE and Key Wrapping John Mattsson
- Re: [CFRG] HPKE and Key Wrapping Ilari Liusvaara
- Re: [CFRG] HPKE and Key Wrapping Neil Madden
- Re: [CFRG] HPKE and Key Wrapping Kampanakis, Panos
- Re: [CFRG] HPKE and Key Wrapping Dan Harkins
- Re: [CFRG] HPKE and Key Wrapping Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] HPKE and Key Wrapping Shay Gueron
- Re: [CFRG] HPKE and Key Wrapping Dan Harkins