Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Atul Luykx <Atul.Luykx@esat.kuleuven.be> Tue, 14 February 2017 21:52 UTC

Return-Path: <atul.luykx@esat.kuleuven.be>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0AD61298D0 for <cfrg@ietfa.amsl.com>; Tue, 14 Feb 2017 13:52:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6AJxotZGKkhU for <cfrg@ietfa.amsl.com>; Tue, 14 Feb 2017 13:52:08 -0800 (PST)
Received: from cavuit02.kulnet.kuleuven.be (rhcavuit02.kulnet.kuleuven.be [IPv6:2a02:2c40:0:c0::25:130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BE4012994F for <cfrg@irtf.org>; Tue, 14 Feb 2017 13:52:07 -0800 (PST)
X-KULeuven-Envelope-From: atul.luykx@esat.kuleuven.be
X-KULeuven-Scanned: Found to be clean
X-KULeuven-ID: D7BC51280A8.A9609
X-KULeuven-Information: Katholieke Universiteit Leuven
Received: from icts-p-smtps-2.cc.kuleuven.be (icts-p-smtps-2e.kulnet.kuleuven.be [134.58.240.34]) by cavuit02.kulnet.kuleuven.be (Postfix) with ESMTP id D7BC51280A8 for <cfrg@irtf.org>; Tue, 14 Feb 2017 22:52:04 +0100 (CET)
Received: from hydrogen.esat.kuleuven.be (hydrogen.esat.kuleuven.be [134.58.56.153]) by icts-p-smtps-2.cc.kuleuven.be (Postfix) with ESMTP id D3CC520098; Tue, 14 Feb 2017 22:52:04 +0100 (CET)
Received: from cobalt.esat.kuleuven.be (cobalt.esat.kuleuven.be [134.58.56.187]) by hydrogen.esat.kuleuven.be (Postfix) with ESMTP id CFB5D2002C; Tue, 14 Feb 2017 22:52:04 +0100 (CET)
Received: from webmail.esat.kuleuven.be (localhost [127.0.0.1]) by cobalt.esat.kuleuven.be (Postfix) with ESMTP id C7C5940; Tue, 14 Feb 2017 22:52:04 +0100 (CET)
Received: from c-73-71-218-252.hsd1.ca.comcast.net ([73.71.218.252]) by webmail.esat.kuleuven.be with HTTP (HTTP/1.1 POST); Tue, 14 Feb 2017 22:52:04 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Date: Tue, 14 Feb 2017 13:52:04 -0800
X-Kuleuven: This mail passed the K.U.Leuven mailcluster
From: Atul Luykx <Atul.Luykx@esat.kuleuven.be>
To: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <BD6FC1F4-F2ED-46F8-9E53-862B69D9C00A@gmail.com>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com> <D4C331C7.86224%kenny.paterson@rhul.ac.uk> <VI1PR8303MB0094D686941D99290BB431FCAB590@VI1PR8303MB0094.EURPRD83.prod.outlook.com> <D4C73D19.2FB4B%qdang@nist.gov> <D4C85054.2FDA4%qdang@nist.gov> <be49d59e37339cbaea8fef9bdb2a8971@esat.kuleuven.be> <D4C8AE28.30145%qdang@nist.gov> <CY4PR09MB1464278F1845979862CA9C8EF3580@CY4PR09MB1464.namprd09.prod.outlook.com> <BD6FC1F4-F2ED-46F8-9E53-862B69D9C00A@gmail.com>
Message-ID: <e7c9bc1fb1b57333bacbe2def2687d18@esat.kuleuven.be>
X-Sender: aluykx@esat.kuleuven.be
User-Agent: ESAT webmail service, powered by Roundcube
X-Virus-Scanned: clamav-milter 0.99.2 at cobalt
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/RMa_SWq-HQVtObCrSz0lMRDLtTg>
Cc: IRTF CFRG <cfrg@irtf.org>, tls@ietf.org
Subject: Re: [Cfrg] [TLS] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 21:52:11 -0000

> Why is that 2^48 input blocks rather than 2^34.5 input blocks?
Because he wants to lower the security level. The original text 
recommends switching at 2^{34.5} input blocks, corresponding to a 
success probability of 2^{-60}, whereas his text recommends switching at 
2^{48} blocks, corresponding to a success probability of 2^{-32}.

Atul

On 2017-02-14 11:45, Yoav Nir wrote:
> Hi, Quynh
> 
>> On 14 Feb 2017, at 20:45, Dang, Quynh (Fed) <quynh.dang@nist.gov>
>> wrote:
>> 
>> Hi Sean and all,
>> 
>> Beside my suggestion at
>> https://www.ietf.org/mail-archive/web/tls/current/msg22381.html [1],
>> I have a second suggestion below.
>> 
>> Just replacing this sentence: "
>> 
>> For AES-GCM, up to 2^24.5 full-size records (about 24 million) may
>> be
>> encrypted on a given connection while keeping a safety margin of
>> approximately 2^-57 for Authenticated Encryption (AE) security.
>> " in Section 5.5 by this sentence: " For AES-GCM, up to 2^48
>> (partial or full) input blocks may be encrypted with one key. For
>> other suggestions and analysis, see the referred paper above."
>> 
>> Regards,
>> Quynh.
> 
> I like the suggestion, but I’m probably missing something pretty
> basic about it.
> 
> 2^24.5 full-size records is 2^24.5 records of 2^14 bytes each, or
> (since an AES block is 16 bytes or 2^4 bytes) 2^24.5 records of 2^10
> blocks.
> 
> Why is that 2^48 input blocks rather than 2^34.5 input blocks?
> 
> Thanks
> 
> Yoav
> 
> 
> 
> Links:
> ------
> [1] https://www.ietf.org/mail-archive/web/tls/current/msg22381.html
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls