IETF Logo Mail Archive

Re: [Cfrg] Balanced PAKEs: new paper on SPAKE2

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Fri, 25 October 2019 17:48 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4C01200DF for <cfrg@ietfa.amsl.com>; Fri, 25 Oct 2019 10:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VCTc++Lw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=NIeUE3cP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CThbndKmZILD for <cfrg@ietfa.amsl.com>; Fri, 25 Oct 2019 10:48:27 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC95B1200DB for <cfrg@irtf.org>; Fri, 25 Oct 2019 10:48:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10338; q=dns/txt; s=iport; t=1572025707; x=1573235307; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=6a8Tky2qH9pwM8paY72Ow1KdvlxOxKPKTEz2dJZgIUA=; b=VCTc++Lwce/Wn1uD1SOkBxNpEu8wCQo0PNKfUKhal7id61QM9RcuAHIP DhekFGR7LQE87jdGPreg3jeBZVCW6VHYmPQgG7tFCoOW/yEkR/U/eHWah Vsi7Khd+/5SWij6T8LmHWE1bZPCt2uoLjSg+qMSD69Nf6jHYzryUrwjk+ Y=;
IronPort-PHdr: 9a23:PbEPrRbwXz7UpRsKFNOHlRX/LSx94ef9IxIV55w7irlHbqWk+dH4MVfC4el20gabRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn1NksAKh0olCc+BB1f8KavxYSgnHN5PTndu/mqwNg5eH8OtL1A=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ARAABBNLNd/5tdJa1lGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBAYFoBAEBAQELAYEbL1AFbFcgBAsqCoQeg0cDimyCXn+SJYRhgS6BJANUCQEBAQwBARgBCgoCAQGEQAIXgygkNQgOAgMJAQEEAQEBAgEFBG2FNwyFUAEBAQEDAQEQEQoTAQEjBgMLAQ8CAQgRBAEBKAMCAgIlCxQJCAIEAQ0FCBMHgwGBeU0DLgECDKdkAoE4iGF1gTKCfgEBBYUOGIIXAwaBNgGFFYZ5GIFAP4ERRoIXNT6CSRkBgWQVFgmCWjKCLI94hTyYNQqCJJVImVOOPJlMAgQCBAUCDgEBBYFTATeBWHAVO4JsUBAUgwYLGINQhRSFP3SBKY4OAYEpAQE
X-IronPort-AV: E=Sophos;i="5.68,229,1569283200"; d="scan'208,217";a="430723265"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Oct 2019 17:48:26 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x9PHmPOu019456 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 25 Oct 2019 17:48:26 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 25 Oct 2019 12:48:25 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 25 Oct 2019 13:48:24 -0400
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 25 Oct 2019 12:48:23 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B7qwLnS7JBC42WmKAGuWbG2o/0JZo7um+gkalQxT24jmF1cXw0PLqJ0rRfdOecDuhOdcMPXnUYi+8nrqtUrGrGO/FZ7DcHvhTBYTcRnOscHF/PiB7BAIll6VDxlnBtPM/dZYHCmBdBTs+kkJM8ZLkaO5ZA9Qpgfkv3WzDFmwjMj2mKjAvPF8QbnyqZOetkAf00FlgemfEKbyGpY29t0uiLLeqjHGUnv7BqNEHSvseD9NEQEUmeJMrJdCWJt/zgUGskMYQgbbUo3Z+0oWFeQ973KrZzmPle3yY0Wvi1wlPcF/813p1BJyDlgKGLBpHnuk/nQHPESD4pU9MP/GTgFOKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6a8Tky2qH9pwM8paY72Ow1KdvlxOxKPKTEz2dJZgIUA=; b=Xm28yCDSTqZYGgxQs/OhB5Z05nU2FQLJRBEuNutK6RClEcTKqlw5am2HkJfjMc6tbxl7zudLfHekSA1UJff5C91UZpfJZ0ybur6XD7A7k2nu5H0qzV/kDe4agzoNHsD1IlVv2kcQL/Zh0aGJIbNyKT486YsOBMGqncySJZQ/TEZBrI1j/FikArgLC7pmZWFcl+Ll4Vln5ZmBoFdiV+qrPoh5YwMklcDId723sp4czQ3CaxN1r6SwL/rByMArvYxU3nfdQDh1AXcxchw1flJskAU4/QxqIao3M6HtMOKRQmuWNdMcy7qzo4Q9sAbNlXihI42t0WsI6a0kS/ZIqlqIrg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6a8Tky2qH9pwM8paY72Ow1KdvlxOxKPKTEz2dJZgIUA=; b=NIeUE3cPF5TidYOzVxrCVbi/5Gdn2FuQf3amlSc+DrPIYOGZhwUlCkc+UAwHfURMK/YE0A2yDQwoJTY823PcqSiBuNs5Z0YZmuzbb2H7SUUDKcsJY4h/t39ytWhGtQLkRD4YGLfARUwc5dRbxQ7XsF8TpCL71rPgFNIUher6fxk=
Received: from BN8PR11MB3666.namprd11.prod.outlook.com (20.178.221.19) by BN8PR11MB3649.namprd11.prod.outlook.com (20.178.219.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Fri, 25 Oct 2019 17:48:15 +0000
Received: from BN8PR11MB3666.namprd11.prod.outlook.com ([fe80::38cc:fcf7:a049:1c5b]) by BN8PR11MB3666.namprd11.prod.outlook.com ([fe80::38cc:fcf7:a049:1c5b%7]) with mapi id 15.20.2387.021; Fri, 25 Oct 2019 17:48:15 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Watson Ladd <watsonbladd@gmail.com>, Karthik Bhargavan <karthikeyan.bhargavan@inria.fr>
CC: CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Balanced PAKEs: new paper on SPAKE2
Thread-Index: AQHVixtufExypOu9BE+v24cmX9zwKKdrgl+AgAAbdZA=
Date: Fri, 25 Oct 2019 17:48:15 +0000
Message-ID: <BN8PR11MB36668614079D89B7F643B2BCC1650@BN8PR11MB3666.namprd11.prod.outlook.com>
References: <7A98E9E0-52B9-48E4-A160-3532E42DCD60@inria.fr> <CACsn0cmTcz_hqB0Dx_F1Bj6Fb9k1qgWU-r+LQAeoqfT4W=iCgA@mail.gmail.com>
In-Reply-To: <CACsn0cmTcz_hqB0Dx_F1Bj6Fb9k1qgWU-r+LQAeoqfT4W=iCgA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=sfluhrer@cisco.com;
x-originating-ip: [173.38.117.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 836c1136-6022-440f-969f-08d75973836f
x-ms-traffictypediagnostic: BN8PR11MB3649:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BN8PR11MB36497827AB86633217D42702C1650@BN8PR11MB3649.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 02015246A9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(136003)(396003)(376002)(366004)(189003)(199004)(53754006)(14454004)(33656002)(66476007)(66556008)(6436002)(790700001)(66066001)(229853002)(3846002)(5660300002)(71190400001)(606006)(8936002)(8676002)(81156014)(86362001)(6306002)(54896002)(9686003)(4326008)(236005)(256004)(55016002)(7736002)(81166006)(74316002)(14444005)(966005)(478600001)(99286004)(102836004)(11346002)(26005)(76176011)(476003)(76116006)(486006)(64756008)(71200400001)(66446008)(7696005)(52536014)(6506007)(316002)(2906002)(53546011)(110136005)(25786009)(186003)(6116002)(6246003)(446003)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR11MB3649; H:BN8PR11MB3666.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sPID2IZxaCGPNAMIMRd1q+Qu3R0RSgEBFoTODiopF0cE3fn9juJMwqfhvgHN7LsKwTKdIdi9Tw+C8SYbUg5oqaOnJPy2yjvibRQAaSOhThECoSX0B7e3xMKcCDZeinZLBJ/sH/PlpLsxSRUHH0SHvYlknwdluFDrToqGSgK+kgufKTm91cvvbwQO3RP3ZMEqiB/pFQm//hwoAinxDPgHGIRxkpT+d9GGMrufuP79004atOnLiMVgUGmnoLMZ7TkU0XkViVr9v1tCoGgyUeOJsblMHJGR7XsuCM19gIdhNxcw1eycHiq8pm5XNHI/iZBbVBoRqs8pZVixKZvM0HG3rrZL9HGNaJGM3I1g1fVDFOrXZ+uhpMYe75B6KOnbAFsMFzDviE8hC0zCGQ5twiedAvoPqXs5Bp968c6NcJdTfUQhqY6nRZXQZT6zR2VSTG/7fgzr2MS8MlyAIWPpes/Wgy8ir3aIJagarNI/igo7poQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN8PR11MB36668614079D89B7F643B2BCC1650BN8PR11MB3666namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 836c1136-6022-440f-969f-08d75973836f
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2019 17:48:15.5365 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: onSQ+W5guYxUF56jfQd35HzVBMmeqSYUNs+s9LMq/15mG0ekgfFxdeAH+f9LmcyREoy5nal515boiYN5L+FRsA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3649
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/O6X1IBnfeoJgfghtSWxVsD8zvNo>
Subject: Re: [Cfrg] Balanced PAKEs: new paper on SPAKE2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 17:48:30 -0000

I am personally not in favor in asking the higher level application to make security trade-offs.  The people working on those higher level applications need not be cryptographical experts, and so may not have the background needed to make the correct decision – that is why they are asking us.

If we, as a group, decide that the fixed N, M parameters are appropriate, that is, we are not concerned that a large entity might be able to compute the single DLog, then we should mandate that as the single option.

On the other hand, if we, as a group, decide that having fixed N, M parameters is too much of a valuable target, then we should mandate hash-to-curve, and have that as the single option.

If we feel that having a fixed N, M a concern, then why would we want to endorse a solution that uses that?  If we are convinced that it is not a concern, then why would we insist on the extra complexity?


From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Watson Ladd
Sent: Friday, October 25, 2019 11:53 AM
To: Karthik Bhargavan <karthikeyan.bhargavan@inria.fr>
Cc: CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Balanced PAKEs: new paper on SPAKE2


On Fri, Oct 25, 2019, 3:03 AM Karthik Bhargavan <karthikeyan.bhargavan@inria..fr<mailto:karthikeyan.bhargavan@inria.fr>> wrote:
Hello All,


I'll add both of these as options [both the fixed N and M parameters, and dynamically generating them via a hash-to-curve method] and the higher level protocol will specify which one to use. Will take some talking because SPAKE2 is integrated into Kerberos and this might present some issues if we remove the pregeneration.


Probably one can throw in a nonce as well.


Best regards,
Karthik
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org<mailto:Cfrg@irtf.org>
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email