IETF Logo Mail Archive

[Cfrg] PAKE selection process: status after Phase 1 and following steps // Answers regarding AuCPace and CPace

Björn Haase <bjoern.m.haase@web.de> Sat, 06 July 2019 21:15 UTC

Return-Path: <bjoern.m.haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D8F11200EF for <cfrg@ietfa.amsl.com>; Sat, 6 Jul 2019 14:15:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KysnLpOixPA4 for <cfrg@ietfa.amsl.com>; Sat, 6 Jul 2019 14:15:39 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.15.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248FC1200EB for <cfrg@irtf.org>; Sat, 6 Jul 2019 14:15:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1562447736; bh=dhBkVGGVDPhP7LM5yzAxobk7E4c/1v9qgxGMrq9jGnQ=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=M4XKqWMWv8wFl8i0HsNhCbFheaqO8qLOrwS6deR4kw6GvBn2bt3vNUN3LQRf85qD/ oOeE4il2yap8xGC/G/IINa4tINlNdIXcuz6QICYArb2BYrFjh4J7KooYZ0Mp4A1ML6 p18T+HcYhNjbkir8Po2Fd2aFqvCt77okvUHtG1og=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.2.161] ([94.217.249.130]) by smtp.web.de (mrweb004 [213.165.67.108]) with ESMTPSA (Nemesis) id 0LzVMw-1iX4ab2rbu-014meA for <cfrg@irtf.org>; Sat, 06 Jul 2019 23:15:36 +0200
To: cfrg@irtf.org
References: <CAMr0u6kxgX+gL7ABxiyDG6KiWdH0qe48R_jL+GHbQNsS0h6yYQ@mail.gmail.com>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <3e07868d-0b9a-4634-b75c-3ad48a3c296a@web.de>
Date: Sat, 06 Jul 2019 23:15:36 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CAMr0u6kxgX+gL7ABxiyDG6KiWdH0qe48R_jL+GHbQNsS0h6yYQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:xj/cwFxsKUooxma4oCOjDrP2StXEOE5ANi9ps3OHks8R10Bq+16 R2aN8DQsGJBjFQ9VQDK6C35d2N5mXZU2gdfiIQApbtq7X3mGbpNTet6PZnqJnZEQS9duQbA L5eDwYmVvT1qK3mP/rOWwdDNpFrIGlB9lqBliBeReWrdXCajMvgXItM/TvgnAI9lOP3bwFe K0xmTFYoAn/KoJPUZHmfg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:CUPnnZZ2OOs=:WKPs3HdafWF3CzBi4VBymr //Z8mkaBxYNhw04vkaYz8wHcPLXmzfKyELSCctKkuCahMUeRoLRbhzuehu8PdOKQfrbEv/0ia I3r79P9EWWFAe8aQf16K6Z8rkMlul2G/22W7udJV4sGq58IklN51B4pbpQrFFO8ZfhrXew7XQ wG8x9/o4RIkPXD7yfrUpLwe3/r9k7J16kgDfXFsLummnRxYOMsoLvNpC3DZDab5atVMzCG/IA ZN/l1mZU6Gnpwk+hx+1RYBoZ+kQcdj60uSTCpW868sGdWsUa/RR6PEpezaXNdJ/wgWUkBdOgQ HhTg1jtTqo02ba3DKX4OdFbf8EAhwama6d/RSqLR6UDsXiy+FZ1/iB1ULQRpqQOr9hLLwhFIz gDdy5K3LAp3Fju8+fOV6nviUFMkgh1hrRHhP6MVEgbs0b7EIQmy+VnIZFJy8TH79+ULKxe9Du qBTKcsIAEtiYqcnlB1nBGtvqewJxWB0L94eOsO9SyNkU1MTOpcjYeivQ+ag/Mv8XC4Bn0+KiM bqlqAdOhkiWbgtv/ogzpcFHY1MUBTh2n5VNgU40oqg94zwHm3NWRA70RVVK+xayNyndYHFjyh +3MrujX1U5uGBJGIezb7y7siNEe96iMbKHqipGG0anCJApBeIWx1eVYH59Spn/qyAF2h++lQ1 VIPMe4PPI83bR1kI439OsJkND8jjgmsXudfrHzmpP+CEhZuu4+wsOCf07kv7xVgAOKTnLt6BN XIXJu09vZOset8+mL/lI4grDECBNHnMhHKe2M9J1vno5q/6HKLVwuu7jzYGvLm3e5L7GWgskp 4Z8Ri3zlqVBlX0fv0Ltb+bEc67NdLpmTVNddnI9TdjIWloL1tuLVZCEGlBLCVsFZL7+/Xb+d8 ikdRy7cifZ2ld9QrRWNH4jiHy719Ml9SqVizvT8DW8w77oIcjj3KZ8nP+QQcMd9qTYHtXO9SY pkQhVKiSFRKYhJot/Xy2Lrzyy9BiPr3YQojMJ2Za6pG5n++GOc6GVwJqQghUVfkWxCZ6TZm/K 2gj1YnN4EGY0HSMez3Th9cNn9fjsFYJhmMC8uhjJ4e9CKypKWb9XuWMj+0ICUdoSCiIZK8hRY aa/nASiQQq7IZS8qRfzFsVyz+xS7Za0rZLJ
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/QZ8337Y0H4H8Fu4Vs-bW-RK_ljY>
Subject: [Cfrg] PAKE selection process: status after Phase 1 and following steps // Answers regarding AuCPace and CPace
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2019 21:15:42 -0000

Dear CFRG, Dear Stanislav,

as requested I have prepared comprehensive documentation regarding the
questions from Phase 1. For this purpose, I have prepared a new revision
of the AuCPace/CPace paper on the eprint server

https://eprint.iacr.org/2018/286

This revised paper contains all of

- Design guidelines and Adversary model that was considered when
designing AuCPace
- Security proof of CPace and AuCPace
- Performance measurements on constrained hardware
- The information as requested in your Phase 1 status mail (Appendix D)

The advantage of compiling everything together is that all of the
information on the AuCPace and CPace nominations could be found in one
single file. The disadvantage is that the presentation got lengthy. For
the CFRG audience, I would like to suggest to start reading with the
Appendix D first.

Note also that this revised paper shows in Appendix C how to use the
method developed by Jarecki, Krawczyk and Xu for merging the key
features of OPAQUE, the pre-computation attack resistance and defense
against user enumeration attacks into AuCPace.

I would specifically appreciate your feedback regarding the suggestion
of a modular integration strategy for PAKE in transport-layer protocols
such as TLS.

Yours,

Björn

v2.23.0 | Report a Bug | By Email