IETF Logo Mail Archive

[CFRG] Re: We would like to have your feedback!

John Mattsson <john.mattsson@ericsson.com> Mon, 09 September 2024 13:48 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECA4AC1654EC for <cfrg@ietfa.amsl.com>; Mon, 9 Sep 2024 06:48:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.254
X-Spam-Level:
X-Spam-Status: No, score=-7.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vRmIWDPmsN2d for <cfrg@ietfa.amsl.com>; Mon, 9 Sep 2024 06:48:20 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2061c.outbound.protection.outlook.com [IPv6:2a01:111:f403:2612::61c]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAE7FC151073 for <cfrg@irtf.org>; Mon, 9 Sep 2024 06:48:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KoFwfhHaWsXO88um9ZvSJcT8eDl4KQwOhQEXfTSHR7gGbU2AGuin3MijUJekThGBokAL4RCNNl7o9V2xkbzsO+yflq/rcrAx0OzzTflJKEqyVmP41TjTFFFD6guoj4TAYPfaf8+MT9oor63b+dXfzt/Q8UYJ2sVL5rmGQdOM2RkiBUFZBC9UiMTrBVmKA+DutXpuH8KxUO2kGS19ZRdLv2l7nYGszs7Vl9x+RCOjBXdlQNVEJ/eieixC6gykrjpAuDDSunWiZJnS4k3OzTW++tnRS7BKWegMdTw265md2ycSUBVXLnkxMNJRFTN9oY3oYGh+e4d6zljbA6Kb2VYDTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4rh9k1gekbiE2SKF5eAEWouSS2acYAHcTEPiGDolGkQ=; b=mZ5jJdQ3bZpL1Lp1+0ZZ/ibFLtkB1zEfsWLe5jJLu1PptpLxggagEkrmxDpO9Yn0Gpj8xXQNwSC/B4/5/tM8yFPyk6Yxt4j41pJwZKhmsg6OVXQw1/PTiBW4wbKIA9k0o+qg0ErdXTI+rqiQe+AJm/5oxMbfM5alnusO+AFq1lmMlKtBF2vqefwqfLblr+C6P/oMZjym3nl09JnkkolTXO/1yTIyPx8JJYgou/weVdYDdaerxGOjKXmf00Jsg2S1en3wHrFUxnVu3ZKT6UD2HheripGXhUbWKWxDesWzVXEMYB4uIXOJd7fmZ4DOxiPtD5t8UILbm0VJejtcLm8qdQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4rh9k1gekbiE2SKF5eAEWouSS2acYAHcTEPiGDolGkQ=; b=BUualgJe/THfQDdtvwT0pgNDtKPJ/0tbpSEMgY5GjWb98UtylqeaE92w80RcHzUrJnW6xKGcrMNWB/E0Nd397nqWRn8Yfpt3DBJQHuLCdd+kNMmuPIN2OoVh12munJCYRhXdHCVE8OR7lEdfAhKQhuSLYslVpbe0FRAsOBnLbwykgBMuigBIwWUtARxBxBpWMJEGJFofQ87lKwN0i1nkUuGwrmxDpkJTx0/P+AKuAaFztjepgB/VuN6ke3jBpdcCjYqea29JLY6Xh3K8SQPNELv8ziARbUWAx/TpXi/+A26cPDKiOhv7qciwn6YboagPrRcL3nvmPWCHYo90yDZAyQ==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DB9PR07MB8585.eurprd07.prod.outlook.com (2603:10a6:10:304::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.22; Mon, 9 Sep 2024 13:48:15 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%4]) with mapi id 15.20.7939.022; Mon, 9 Sep 2024 13:48:15 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "Dang, Quynh H. (Fed)" <quynh.dang=40nist.gov@dmarc.ietf.org>, "saag@ietf.org" <saag@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: We would like to have your feedback!
Thread-Index: AdsBCzwazaB6eA3JSESNP4+42W0QCABsK3lR
Date: Mon, 09 Sep 2024 13:48:15 +0000
Message-ID: <GVXPR07MB9678AEC4C66CA7D63104C97D89992@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <MW4PR09MB100597E3E1B42E76E553779D0F39F2@MW4PR09MB10059.namprd09.prod.outlook.com>
In-Reply-To: <MW4PR09MB100597E3E1B42E76E553779D0F39F2@MW4PR09MB10059.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DB9PR07MB8585:EE_
x-ms-office365-filtering-correlation-id: 81ae9902-3264-4712-105e-08dcd0d60e17
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: T/3sf2K9EBEmsNJ6aUMnLE9DY7mDZITX/e3bm692wwVbAxh4V4rZE6vS+w3wU7ZRVF1Vf4xBGPbYcgOKMe7XFjvSsUtF37GmC/7YYXF0iJ5mHcsllFn8KAemofkyQlqxjVMXISWnSWjtKw7osUu/fqLn3c6TuS8OkiGSN9YPjS9D0lh4eZnWqy+AHQdiIgqKANQOIGgTYjS4lXUij+j6nL1D2ZYoRY+1algJPgFw6eFO6Ftz+3hR6KcXjQJbEFb48JUWI9dFEOcCqgxhbe2+nm30v7KR6fT9/99DgJcUKlYOlfawvOZvjxvwP/+0hgTOsmWlXJ7damo9fPpI6uCbtsB7Egf9BpRqJVxY8Ylh8osw+E7KJqKd52iNSc8WlWxtkJSaTPS9ECPrI9oT8Vu0K3q7p7m5G3BqCQWBm3L2Qc81CdNTmJklCqmID9LWOr9sIzhjxvMxdeeqDsHPcK9cMDNo5w8RKEHunSC3D74DdPNYV6h2urPeXMSUBAfNftcdI/NpCW7PzMnvVC7ReD+tFnenP4VhlVGQ7rK/t2Cb/j7Zd3sglXxSTl/lzG/xCUNNeOWbqkWl2tVDYKXnXSB5f7q4awQ+UkUTkzdPTBcP8mjyR1qMszej8Okn1pCgnBpbE+bps+8z0wUkieNjpmU34LnnOpQRyCDi06Sr9ZkWBTOZ060lQgi9EabEPzDVDFEr6vaLmkG4X/0ty6h9ET2vPWdZa/wyNTYF99pogyH2A5S+K1hpSnzUb6H6dXjdF7VSfd1J9OL/ueKJ7SRas1KJOcq7u5anJ/5p8FUGeJ9vrHHeBAGhcloXN6WGLj5zYFU4UTxLeBMIc9gQmhddMpAwAdbcmfYg5g+IM9PUvZgn3Yo0z3YyVPtvF13TAyKcB+OxsFVvORh6iWokktakI/3P5xuA9mNC8DygkRIeGZyEYRIcwJ8kqBdsW3YnK3KUskT6AECyfvS7T9PPW37BWUP9QYgJLj3x2Dq3NQeL84bGWEqML0rVkuHqMqLiKPP4KNmkOL/jPqySa/G+6b4h0sPBh6xZLd6x4yFuOHUKXxaiaQyGk6n3NEIKBFlfkYkwXam8xcV4XxnYNT+hgk6ojMTT0UujIvxzX1t5JN/KQJcwDT2a7MprqOwueQavf3BtFylbjAYRT5qCwCfPsutdnzqdS52DqZrKS6U+Eq4KfhhkUnFMqXbJ7czdQNXY0F/ChzNXSs6pEv1QHc5yC7SEVALrip7VaFNRBHsHtnFEnkdtytiMtpPwLLkm7/GJh3+/bW2MWo1tUCgJ4S3mLp/XVxfatURelF5s/FFcnyoaEz140oHWipjVzxWUONrvAXOeGGP0RBr3dDXl+c1iRkT2rXsxDNPvcoWOqpmGVjlnreN5R6SYtb4sCWMMNqgXXlPD2q9VXmU58xPS9g9y3egsaRmb0w==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sczvl9HYImfDo05UsBbxqmbatKYMumxbIJtNW8Kp8a28/0K3Cx/5iEfFjXJIgCI/2WAPpXqdt1K9g2W+cGeVBZeVq1pm5mFvAFbwtIs/ACtknCW15I0Dp1zMLfSGeMPIFfOEXBg2OaUyo5C6y3RWKcAb0cTVcnHjTUeZhIDI+tZzqVV9TLyxvy/MDBN4Ydk5aoNb5dcEXoTCD7mjHP+UICSMBw1VW1qipwU5y0PHmsvVWkN+pElelSrnAvxxHF1rYbzPJ7iiXJPyImm43L/hWLFMvl351piPB7wGBqQ9XHtVEnJVILqiFNh1kwSxmfvc+tme0qgT6aVvxg6vSXXDft5aebX5sgMXBJrNxvAhpAbC29Uy038zrgpLUYIqEUWwiYmrMsxgcbN7EiNxfuQ4UQ475IcObE+nqSl6DQ4iWZYm3d+pBSHFw05v/09UxfTZHkPxKzpnT7/ZJVFJKCLqkfnN/HSDBgyyx0faiAoWLpuPlhSHzQcIyWbCKuRtZCKITb9OlJmoV3Aye9M8XZC8W9+e14FXGTUi/5awCxXd3D8uq3H1iOcFTOqs5S56Q6kzpzFUhJvz13rCeX6NNuAGxiVOaPeqkgMSTmRKOpDsguLg0LiPqH7bbqLmgbfdjEDKtUK00+fs1xzL63Pg/qSY+4BmjIuyCGMsqshsqouW9o7wWdxrsfF6tJlAiXsxDUZKvZz2i12TBY4ybPbLOU8vZzEL4LHQdBOAvdYJYnX4pgz2CYj9o8nOhl6xSNbCoCExhQKmOIn+QzA4SG75CsFRGEu1XX92vJ2s6IShKBReDWi57CHg1imsGNBdei1eWTzv8OTYSzN7EycsOwW1pyB16KDoFd+Nr6HHCcDCKd7cSjjI+s29aF6NLwBPHj6aySXnWOnoOiyDCh/IN1vBAGXndi542JSvHzJ2DxcIn40yrOhK/gWKH7DOdab0EPimROBJGQ/Nk6dw0BM8khsKXu9UuIAQVq9sBRWPbbkAWZlGUgqSDuRla9WL2/wmOoYeQua2ASvxdPRSapNmUF1TxIQhqgjXh7qZe9gNomA4H0KtU6Qk6LtkpjkXZ27hvzpJRMQ3NDx9tP8W31JhNPGrOKjEAwZssgNq6cxPEVqCsInCvIcHjayrdhMLxfe/ZPFV6VDgqE0n9pwJOjNTrlN55YMSsQYupiHXRLOsm8NS44Y01h8GTr2iC/qF6HU+IHRy5xiPck8pB6MTTk1UqWIqthSxiVdqcKXUjUHBzy5QZidaFGnpga+WQO4w9vFwu7HRhJXOmuDsjLND7pXatd6fCst5yZff19RgiP8awWJNTB16VvRsucfydlwTKlG5ZbClLDquAbKe6teOw4PU4Tq1sbuH39jl8aZFOVZrtTxechlRMlbFaI549NBLkvLAFSFKQK+IUhAIDHXo6ePVu1Cqeydd2xuj2fCzcuzt4wGlRS5speQFupLvzOh7XrCQCmsfhMdsPj65TOoMudTBXfbWLmwMfGYFPziSNx/a9FHw9Q22kuwI+62Ta0dVPHNA+dXrcLu9hHY0ifO7yGpKoTzuBFwFJW1RL7D26xGEhrlT5BMVP8Sv2JJIVel8dfGFYSyYEkd4iHx+mWRzy6eU9h9nNjhd/qPHgzK+6uWl8CNr6x+ifSM=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678AEC4C66CA7D63104C97D89992GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 81ae9902-3264-4712-105e-08dcd0d60e17
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2024 13:48:15.7608 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6lzOohJ2yhBljqdp9HJBGjCj8C8fRMEq7c0Yr0BVrvK+4sLkbrxYjALmMueegMy+NQnlJyP5M4Cfv+PHhn6ne+H/Fkf0dXvHPRbnaTetMQY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB8585
Message-ID-Hash: GDU3D4WMRU7CNMMD7WHVHUNYSBZSX7MJ
X-Message-ID-Hash: GDU3D4WMRU7CNMMD7WHVHUNYSBZSX7MJ
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: We would like to have your feedback!
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/P7wMt8cXDYp38Q5wNb2FsFDXGuQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi Quynh,

I think it is great that NIST is doing a lot of encryption again.

- Cryptographic agility is important. If AES is broken, NIST does not have any approved backup AEAD.

- Current encryption algorithms have a lot of limitations. AES-CCM, and AES-GCM are limited by the narrow 128-bit block size of AES and the 128-bit digest size of GHASH. This affect both confidentiality and integrity. 96-bit nonces are too short to be used with random nonces. Of CCM, GCM, and Poly1305, only CCM with truncated tags behaves like an ideal MAC (when the number of queries are limited).

I think an AEAD mode based on Keccak has the potential to solve some of these limitations. And even if it does not, making a Keccak AEAD is a step towards an Keccak-based accordion that can. In the future I would like see Robust AEs (RAE) with succinct commitment and very good bounds. It would be very nice with standardized encryption algorithms that can be used with many keys, many invocations per key, and long plaintexts without having to care too much about various limits and implementation/usage pitfalls.

I have not followed Keccak-based AEAD modes enough to give feedback. Do NIST have a list of constructions you are considering?

I think (docked) double-decker is a nice construction for a VIL-SPRP, I think NIST should allow TurboSHAKE, and I think a duplex mode of Keccak has use cases beyond encryption.

Cheers,
John

From: Dang, Quynh H. (Fed) <quynh.dang=40nist.gov@dmarc.ietf.org>
Date: Saturday, 7 September 2024 at 12:00
To: saag@ietf.org <saag@ietf.org>, cfrg@irtf.org <cfrg@irtf.org>
Subject: [saag] We would like to have your feedback!
Hi SAAG and CFRG,

NIST is considering whether to specify and approve one or more SHA-3 derived functions for authenticated encryption with associated data in a new, separate Special Publication. The announcement is here : https://csrc.nist.gov/News/2024/proposal-to-update-fips-202-and-revise-sp-800-185 .

We would like to have your comments/suggestions by October 7, 2024.  They should be sent to cryptopubreviewboard@nist.gov<mailto:cryptopubreviewboard@nist.gov> with "Comments on FIPS 202 Decision Proposal" or “Comments on SP 800-185 Decision Proposal” in the subject line.

More information is available on the website above.

Regards,
Quynh.

v2.40.4 | Report a Bug | By Email | System Status