IETF Logo Mail Archive

Re: [CFRG] Extract-and-expand with KMAC

Gilles VAN ASSCHE <gilles.vanassche@st.com> Wed, 18 November 2020 09:39 UTC

Return-Path: <gilles.vanassche@st.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51EA3A0C61 for <cfrg@ietfa.amsl.com>; Wed, 18 Nov 2020 01:39:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=st.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMYeV75eirHr for <cfrg@ietfa.amsl.com>; Wed, 18 Nov 2020 01:39:41 -0800 (PST)
Received: from mx07-00178001.pphosted.com (mx07-00178001.pphosted.com [185.132.182.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFE1C3A0A3B for <cfrg@irtf.org>; Wed, 18 Nov 2020 01:39:40 -0800 (PST)
Received: from pps.filterd (m0046668.ppops.net [127.0.0.1]) by mx07-00178001.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AI9bmKF023923; Wed, 18 Nov 2020 10:39:33 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=st.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=STMicroelectronics; bh=uIgUwWgk55vRa1eImcGwZcRfbDJpjK64RMRAmeFyqDQ=; b=eNYf9ODuhOHjjXyBJ9Vp+1ltRyEy86lASrMlJr3laVbftZ0Og2kl7IT7YI/a2XvUTfyX IjjLKE4S+sLw4ENBJvI8QNEX62jCslqHRlo2me4WgAYIQ+FPGGx/BMS7Sky3UFJK8A3t FpF6iskOIXTq1OwC0sS7YiwRhTVUEUc8AnT6IPTPJZIE719E3LESb7v+JdNkJ5Xesx30 be6KmFh0BRmL6DOmlAt9BmdjFZtT+3/azL5CqF/5TbVICY/ngEtz+FCeToER6z8z3/VU HEfx617Op4SnS/3I3sELXulogYhIwyeDDVp/AUj0BysnEe6LmSzk+j1lYoWXEgCTVdWh HQ==
Received: from eur04-db3-obe.outbound.protection.outlook.com (mail-db3eur04lp2051.outbound.protection.outlook.com [104.47.12.51]) by mx07-00178001.pphosted.com with ESMTP id 34t5k57gwg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Nov 2020 10:39:32 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X1u2aoM0St0IcwtWrbqH13vBMSUL66LSxuwtdUitlv6sZC9gOEFBLYmIWpP2wc6QpLZ6dFiCtAOhvZnc6d/H7Ri8zekaXRERttGaVVVUyYMU+Mg38OZCRXEAVRIXXfQyyZ8TYYEyuxnoU9lqiVzX/8mheq4newF/fgqE4VYePYWKtzF6PcPcWuDxdrd7SQkQ7WOL+X5yoD94AsuJdNjKlLF7YMs2xOo42Fe+putdirGK04AFLaHvbl2EO+JBPhTZEJVMM4l3TIOF7eiJ6K54JnxSCDoFkPfhuJuZJYXBpxIhxmd+rY7YEB4L8mBXfRqiZkWPbDWzMLX0+z2PETWnkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uIgUwWgk55vRa1eImcGwZcRfbDJpjK64RMRAmeFyqDQ=; b=g6kCkT4aWdp3ZyabSARTDJ8lxBEuNNfhBDA5IkJwRbQvDrmjhLWAYbhBd/r3FonbH5JPyoJDaDPCaeLO4TZ/FWNE3NBiGVk21xdiiXPm6Cc+d9TFJ7IHlXB+9jXiJ7nsOZf1Yu8Rlzvt+ebbNIiVbe/86ZbLH4X04prCI5XAFiCLPP1sb/Bq10FQ0Kq44z39kGS4QDv9nymI5ByBiCmJJCpKLuVLWh8M8sBClVfs/iZSkNavtPI2vzG+71MH1wTB+G5xXSx3LIvwgndgwq2I/45jxOrsTLH2E5NjzRuAs6g3uKuW2GgaFw7V+t64+HWVkMnlt/a6cPoxdIwWq/oqAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=st.com; dmarc=pass action=none header.from=st.com; dkim=pass header.d=st.com; arc=none
Received: from AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:266::24) by AM0PR10MB3556.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:152::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28; Wed, 18 Nov 2020 09:39:31 +0000
Received: from AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM ([fe80::6179:6016:73c4:ad62]) by AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM ([fe80::6179:6016:73c4:ad62%7]) with mapi id 15.20.3589.021; Wed, 18 Nov 2020 09:39:31 +0000
From: Gilles VAN ASSCHE <gilles.vanassche@st.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, John Mattsson <john.mattsson@ericsson.com>
CC: CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] Extract-and-expand with KMAC
Thread-Index: AQHWu1XkK+V8z67lR0WSuO+k6tbdQ6nJZAOAgAQ/YYA=
Date: Wed, 18 Nov 2020 09:39:31 +0000
Message-ID: <AM9PR10MB43541E50ABC210C17630FBFCF2E10@AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM>
References: <467DD0FC-FF7F-453F-98B2-ADC7F0F976B1@ericsson.com> <20201115163535.GA3384456@LK-Perkele-VII>
In-Reply-To: <20201115163535.GA3384456@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: welho.com; dkim=none (message not signed) header.d=none;welho.com; dmarc=none action=none header.from=st.com;
x-originating-ip: [165.225.76.182]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5d803687-6964-4b43-f683-08d88ba5d9e2
x-ms-traffictypediagnostic: AM0PR10MB3556:
x-microsoft-antispam-prvs: <AM0PR10MB3556371EC1507E9A869180CBF2E10@AM0PR10MB3556.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Plw79dv97bFwST8tyZAlWOtLUmiKMQe/Wb8J2bkGUnz/F4IU8d188mnER5eahJXT6IDdrgzg4u2GY/mxw0mcYe3Z+JqFk1a1IxTHmUU+fmLMeQ3yoGGWkQ/4RxFdfqKa5N1dS9BbGN3HQvsj+nvtB5Ag/OHqmayaM6/GFhqWiRElm6quCji6ULMd3c5aBYJQd1bWLd2XiSHPKQw1rsiiJ7xxauPc3rLyYLvNtKAI3bSjc84KdSgTgWzZm/Z/o4XDMSMcrls8BQlL2eQsFYs0BeJ8J0MG4+r1hWCB6fXF0cYUnmA09+iP9MdB79mU8u14TfixQU6bljww8aHSTWM0KA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(376002)(136003)(366004)(396003)(346002)(8676002)(8936002)(4744005)(33656002)(110136005)(71200400001)(5660300002)(186003)(52536014)(2906002)(66946007)(86362001)(66556008)(316002)(4326008)(66446008)(66476007)(64756008)(478600001)(76116006)(9686003)(6506007)(55016002)(55236004)(7696005)(26005)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: oyzHV6dubyCfRTTQNJIfV8yXlulNqC6ERR04mCi2i/fd3n2nmNp7BN2Fbus1zSB2py+RjPjwSgGUcLUVhgSPNSIzL2oXjvH0DKOY/MI+nWG6+JvsenGv7O4PZdXqlgolYKROw7pSYNHw9APSyaWU4YU65HY+t7s+oIwFbWYlJqBG5L0AGjfz/y7sZxpN92zT7G5fVPaXCIHSzHh+r+k1XpfybhGSCg/3z+7goOi55WRNLcYL/Yo3zrZfQrl1Ps5/h+RpdGoI90jbaBv4QVOdDVIhp9JyG6vqmsGxchMet6jmmS6y2eb1xjbHqm+IPupLHrqoMQA6Lh/hCOuBAa5A1Enc6PFZ+a5zpHhDmWfx8UgLgpdjT7AXSLC8LwpR2cK17GAgEKHAS1WlaB6xB6+jx+nOxU7jGmpfuoAs/gsads3axtC5Se1sbeCqDMwtObVgBLe3JlV7ANtOdEJiZ3mHm12lNSmiihKncIm+jGc4RMhAtBuQz02plmPBW/XpOCPk8VfeKO+JNnzP/jqB5DFyipGzIIGoS8/H/5u3w3FsXRr6Q/S0WsOhUukla/2HKX2AxaKgByWjikhdVvsCoCOxWHSWImQG0adsm44g1dbSw6YkPhgtASb5PQyMPWXQ3Fd9omO7tzpqhels1gP/pGr8Ffgrz7recoU2Id+4ViBH4T0cxtdh5eOstDjS1Kc7pGeMbegk5T6SGd2jLAazVC6GcnI/TDRG0t3C6YTuTF+MzJJ70u5A6mKxfNK9WTf8Cohc8/keLphFsOWRx+qnCcAXWredqpMlPrmxDLhDfocXYGsrjV0p+L/8dSttU4nxLJe4BsbTP7HXuECMdl89qsQEG0SjNq7MuK09tfUzMqmNC4Y7PQWxoWL+S3eVB/8iRAqBYCvLtSiVrBL0AWK2AAu6xA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ST.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 5d803687-6964-4b43-f683-08d88ba5d9e2
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 09:39:31.4061 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 75e027c9-20d5-47d5-b82f-77d7cd041e8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QHFurPwmOgmX0B2loTUBhL/f31q1iZPclkjMf9u6ztswElnat40nMJ/8JEaHboX4UFpiHEp8gBnd8w7wgTBCyg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3556
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-18_04:2020-11-17, 2020-11-18 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 spamscore=0 mlxscore=0 phishscore=0 mlxlogscore=834 priorityscore=1501 suspectscore=0 bulkscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011180065
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/b64MSaR6GWSVar6tJQT_k9qWg4Y>
Subject: Re: [CFRG] Extract-and-expand with KMAC
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 09:39:43 -0000

Dear all,

Ilari Liusvaara wrote:
> PRK = Extract(salt, IKM) = KMAC128(salt, IKM, 256, "")
> OKM = Expand(PRK, L, info) = KMAC128(PRK, info, L, "")

Is there a particular need to expose the intermediate value PRK in this application?

Otherwise, wouldn't it be simpler and more efficient to compute
    SHAKE128(salt ; IKM ; info)
where ";" stands for some reversible concatenation (i.e., from which the individual strings can be recovered)?

One could see the absorbing phase of SHAKE128 as the extraction step and, starting from the state at this stage being a PRK, the squeezing phase as the expansion step.

This solution is not incompatible with the case where an intermediate value PRK is required: (salt ; IKM) is padded to take a whole number of blocks, and PRK is the state value after absorbing it.

Kind regards,
Gilles

v2.23.0 | Report a Bug | By Email