[Cfrg] A new generalized version of SESPAKE RFC draft

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 05 May 2016 04:30 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA56012B014 for <cfrg@ietfa.amsl.com>; Wed, 4 May 2016 21:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Saq8x23rbLJ for <cfrg@ietfa.amsl.com>; Wed, 4 May 2016 21:30:24 -0700 (PDT)
Received: from mail-vk0-x22e.google.com (mail-vk0-x22e.google.com [IPv6:2607:f8b0:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94CA812D54D for <cfrg@irtf.org>; Wed, 4 May 2016 21:30:21 -0700 (PDT)
Received: by mail-vk0-x22e.google.com with SMTP id r16so12437245vkf.3 for <cfrg@irtf.org>; Wed, 04 May 2016 21:30:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=4eq2SNxSCRMKwX/b1nQNW0eaBoe9uOxS4DkFlgjojig=; b=o1Z0uGA1Y3+dNaAi7bGVYP6iOhVYhel/+HNgn1wpXMtVCUSIzODl9vEpvprJRc9DJn Vtcd5H1fPa2xy4vwPeB7Der2G+/rrT1dnduZPB2V2gOxBr8JM1/vcECL8SFrVrQvi8lB uBrTFfnBLwiXHduj73fGih8+rrpRIuZdRJpB+Xs1lLEcVPTjGt6BLVALrAcTSB6lMZ+O 7G+GbgaBn/+Ec1UfqnfdtQpHNq2j1jJhgaCT6O72NPzKIuop/LzlHNofWHNZm3iZXRUD YGfm+hNnAtI3z8HnQ23WLfJ7hZyDnZl1eHMRPHUwf1nCbPAXW4A0i0ctP0P1bvCyWTdT 1POQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=4eq2SNxSCRMKwX/b1nQNW0eaBoe9uOxS4DkFlgjojig=; b=P42cFA6+sYesETurlCd6fr3GJzTUgKUzPvo5g++cfqq8kOEHrrSPKynddpKiVg1wLS Dv7J8L8HCFR0Rchcnqf62mCaANz0EZfpA5TNA/4nppAszZXIYdJtVFQp2cyDXNUSazQC x7tPZM13y+v1vAZT7Mi497ai4mGVbgd8tn3KIb+5Blc/t9aziu7UNo3kW+Dc+lsQ6/xE ZN/hQcSYZE+52DK2DqEMODhhsMUGrEuoLEniGU0PBkhB/0vjoMORn/HkgIorMlzSDlHs OABDkErn7M36VWfnyy1xYPzw6TkkeKIaPoMCMiJw57dcjjRZoRXbIz9zeVr/D41Ch/TU 3LnA==
X-Gm-Message-State: AOPr4FUMuhE8Zu6u9Y+CciuTiRF21GB7KMCInX/uL/na+TCNyhpHB2Ua0xU/RDI+EpjJjTYUzPaC0lkPzD51Dw==
MIME-Version: 1.0
X-Received: by 10.31.50.8 with SMTP id y8mr1183472vky.77.1462422620755; Wed, 04 May 2016 21:30:20 -0700 (PDT)
Received: by 10.31.107.5 with HTTP; Wed, 4 May 2016 21:30:20 -0700 (PDT)
Date: Thu, 05 May 2016 07:30:20 +0300
Message-ID: <CAMr0u6nsRdPvxHqz6xF8QvTZ186KfSgS33mdEscrJ=2VwNyp4Q@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, "alexey.melnikov@isode.com" <alexey.melnikov@isode.com>, "Schmidt, Jörn-Marc" <Joern-Marc.Schmidt@secunet.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="001a1143e602d25fe6053210cc31"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/MMschcJrJm_I181UlmZURZyOQVM>
Subject: [Cfrg] A new generalized version of SESPAKE RFC draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 04:30:37 -0000

Dear colleagues,

we've updated the SESPAKE RFC draft (
https://datatracker.ietf.org/doc/draft-smyshlyaev-sespake/) to generalize
the protocol and to exclude strict conditions of GOST usage.

All our statements (posted by me previously to CFRG) about conformity of
SESPAKE to PAKE requirements remain true, as well as the full security
proof (http://eprint.iacr.org/2015/1237) – it is based only on the
conditions that the underlying primitives (hash function, elliptic curve,
HMAC) are secure (in the corresponding adversary models).

All test vectors remain based on GOST hash/HMAC and elliptic curves from RFC
7836 <https://tools.ietf.org/html/rfc7836>.


Thanks a lot to Jörn for his work on PAKE requirements RFC and for our
discussion – I hope, it helped to make both RFC drafts (PAKE requirements
and SESPAKE) better.


Best regards,

Stanislav