Re: [Cfrg] Removing the magic constants from SPAKE2

Mike Hamburg <mike@shiftleft.org> Thu, 05 January 2017 14:04 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6486A12954A for <cfrg@ietfa.amsl.com>; Thu, 5 Jan 2017 06:04:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.101
X-Spam-Level:
X-Spam-Status: No, score=-5.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=shiftleft.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fgvZ5uazaTgI for <cfrg@ietfa.amsl.com>; Thu, 5 Jan 2017 06:04:39 -0800 (PST)
Received: from astral.shiftleft.org (vpn.shiftleft.org [52.40.228.30]) by ietfa.amsl.com (Postfix) with ESMTP id 27A1F12955B for <cfrg@irtf.org>; Thu, 5 Jan 2017 06:04:37 -0800 (PST)
Received: from dyn-160-39-206-110.dyn.columbia.edu (dyn-160-39-206-110.dyn.columbia.edu [160.39.206.110]) (Authenticated sender: mike) by astral.shiftleft.org (Postfix) with ESMTPSA id A1050A1659 for <cfrg@irtf.org>; Thu, 5 Jan 2017 06:04:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shiftleft.org; s=sldo; t=1483625076; bh=tIEsQdXnH5wAfXFRBW0wq4WrjZONdIlIeqqgl7h3VFI=; h=From:Subject:Date:References:To:In-Reply-To:From; b=i0FKRIOTubHdPm81VoaFTq+LUv90vy7o3u3H6cX8wrKsxYA3QqVuVTKnlidNgmLeX Yrrm8kFzqmS7++dEpXYmasBhhHEcXfuf2OMZRZtyZznZYAjWhOGATY49WI3sjQw0NM ZV3qEp2a1czW5TJubfZaX0QroGQQ2EUXR5MZAzRM=
From: Mike Hamburg <mike@shiftleft.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FDD8586A-CDF4-44D0-9A2E-D6E8ABC3EC50"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Thu, 5 Jan 2017 09:04:34 -0500
References: <333749FB-4D07-455E-9646-7A8C571E6226@shiftleft.org>
To: cfrg@irtf.org
In-Reply-To: <333749FB-4D07-455E-9646-7A8C571E6226@shiftleft.org>
Message-Id: <25C0679F-A9DE-4F09-91A4-7E586C22B082@shiftleft.org>
X-Mailer: Apple Mail (2.3259)
X-Virus-Scanned: clamav-milter 0.99.2 at astral
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/R8AL93dH9_PrOhvvsC0MZ6PBE1U>
Subject: Re: [Cfrg] Removing the magic constants from SPAKE2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 14:04:41 -0000

> On Jan 8, 2014, at 6:19 PM, Michael Hamburg <mike@shiftleft.org> wrote:
> 
> … The goal of this post is to suggest that a SPAKE2 variant might be a suitable standardized PAKE now that SPAKE2 itself is out of patent…

I have been reminded that I am not a patent lawyer, that I am not aware of all patents in existence, and in general that I should shut up about patents.  If you are thinking of deploying SPAKE2, a variant of it, or some other PAKE, please consult your legal team to do a patent search.  Please do not rely on my statement from 2014.

Also, the "Elligator version of SPAKE2” that I’d hoped to deploy is actually something very old: it is an elliptic curve instantiation of PAK:

http://www.iacr.org/archive/eurocrypt2000/1807/18070157-new.pdf <http://www.iacr.org/archive/eurocrypt2000/1807/18070157-new.pdf>

Happy 2017,
— Mike