[CFRG] OPAQUE AKE instantiations
Christopher Wood <caw@heapingbits.net> Thu, 03 December 2020 05:06 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91F7D3A0B1D for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 21:06:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=bhYhuJzU; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=b0SdU/Qz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtrU6g66ASwx for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 21:06:26 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A0E43A0B1A for <cfrg@irtf.org>; Wed, 2 Dec 2020 21:06:26 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 9B2105C0067 for <cfrg@irtf.org>; Thu, 3 Dec 2020 00:06:25 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute4.internal (MEProxy); Thu, 03 Dec 2020 00:06:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm3; bh=gKbmzfCw6x9omp51moPFD7Ro7pcthgZhnBF3/gVhj+U=; b=bhYhuJzU 4Of3kY0zrlSEXsUAPWvb0YOhC/Ufle1ODy8MbiXm3WrtdqqxCzTb2riLBVoZwJy/ 2Cs/u3L5wiWsY/bpOxTxYoPaPU5Afmz0B2QWBf/FNodAKXOSqFEiOtmYr5dvYpOm 1naHsiChyhHLtYFLFoYt0kHwPF10QfLOy4Pj+L+7eP4tUjlJsHhyYIWnZ+7ucCps igf9D4ydTdlkMV+iba/QLgmKpHn/cRXszHePDtlht91dX9wmjMw+WgddItXm1vuJ rJmoS9VM945s36IF4p9lI5dT0OSDKzIULliyPZ6DkGvJOtdmOz9fa4iNRsDRlK18 TDUYbomX7SQSOA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=gKbmzfCw6x9omp51moPFD7Ro7pcth gZhnBF3/gVhj+U=; b=b0SdU/QznV8Vr0Gh2okqu0gg8RknpTd8CwdoxeJ8N7t1G iJWhM5OvyI2buYTPSiAJROsyx4c55842BuGZ7Q5v2cpvpmmBfWFX3sSxgyXnn2ul 4wELjlmmo2m0TDZ3xsGS7G3XYFrCvGiw+x7ObOscARuTOveVqmLrHUSXJPUeCbf9 ZPP9iHU0LrXCsK7uTIf97+0iUItaf1hP3TAVO9kXgULwQiU+rLguYEPeh9ayjrq+ gwYN4Fxuii9E73JQ9pBH+b/HDtFq1TyeRjF5/TI9FuQoMfNzrWHnjOvipMMJec/w P2OgZeVCDMXgEhllrxO76/20uJYip6HTJqGQj4x9g==
X-ME-Sender: <xms:UXLIX_fkkmQR73Wj-fawJSV3dxHua7iy5tKvpCkmjwirm5fuQWQy-w> <xme:UXLIX1OD61lfj15OxSm4OwR25MlEtWmoSIlT6Lmd_sqOBPxTky2Zua0HVLXFxB9vc 5zXGU_4vP8WZawj7cs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeihedgjeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeeviefhjeduleeuve dvfeefudduudeffefhtdegvdettedvvdfhudejueevueduudenucffohhmrghinhepihgr tghrrdhorhhgpdhgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:UXLIX4jUJ-N69wvY4WQkCiGKPpiknZFLyVINtcB-vN3oRwdUkTUQJA> <xmx:UXLIXw8aK6P9iJW_znASu93Udz8KtJX9EHrg5yiFvQUwXFcrRd5O7Q> <xmx:UXLIX7tW23bbFHS1G9x26haw2-Sq0hOlbhcFoitPIkGa9lvQrtmvGw> <xmx:UXLIX55XKEBWEJraJfv-YNwTZ2NPAom2i7dy1Qyi1CMy3znCW_hTFg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3F72F3C00A1; Thu, 3 Dec 2020 00:06:25 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-622-g4a97c0b-fm-20201115.001-g4a97c0b3
Mime-Version: 1.0
Message-Id: <4718ee94-c3c4-4687-8d6e-34708c7cef88@www.fastmail.com>
Date: Wed, 02 Dec 2020 21:06:04 -0800
From: Christopher Wood <caw@heapingbits.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/N5AsUuSTEBcrfGCgxirPI0xFkps>
Subject: [CFRG] OPAQUE AKE instantiations
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 05:06:29 -0000
Currently, draft-irtf-cfrg-opaque specifies the "core protocol," which effectively consists of the OPRF-based credential storage and retrieval functionality. An instantiation of OPAQUE glues this core protocol together with a specific AKE, such as 3DH, HMQV, or SIGMA(-I). For completeness, the editors think this draft should minimally describe one complete instantiation with wire format details. And we think this ought to be OPAQUE-3DH. It's a simple variant that's easy to implement. If we go down this route, this opens questions about how specific the other instantiations should be. For instance: - Should also specify a complete signature-based instantiation, such as OPAQUE-SIGMA? (A benefit of doing so is to give applications a choice over which variant they want. A downside is that this introduces yet another SIGMA-based AKE into the mixture of protocols, where something like OPAQUE-in-TLS would probably suffice.) - If we don't specify any other complete instantiations, how much information should we give for future documents regarding AKE integration? For example, what if one wanted an instantiation based entirely on KEMs, a la KEMTLS [1] There are undoubtedly plenty of questions to ask about particulars here, though we'd like to hear from folks here on the following two high-level questions: 1) Should we choose OPAQUE-3DH as the standard instantiation? 2) Should we specify another complete instantiation in this document? And if so, which one? Thanks, Chris [1] https://eprint.iacr.org/2020/534 [2] https://github.com/cfrg/draft-irtf-cfrg-opaque/issues/77
- [CFRG] OPAQUE AKE instantiations Christopher Wood