Re: [Cfrg] Encrypt in place guidance

Henry B Hotz <hbhotz@oxy.edu> Tue, 31 March 2020 21:44 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B783A09E3 for <cfrg@ietfa.amsl.com>; Tue, 31 Mar 2020 14:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.974
X-Spam-Level:
X-Spam-Status: No, score=0.974 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.972, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ll8NTQMcExl for <cfrg@ietfa.amsl.com>; Tue, 31 Mar 2020 14:44:23 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.200.34]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13D6A3A092E for <cfrg@ietf.org>; Tue, 31 Mar 2020 14:44:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 23193C0F0B; Tue, 31 Mar 2020 21:44:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo04-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo04-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0S6vR4PBnNl; Tue, 31 Mar 2020 21:44:17 +0000 (UTC)
Received: from [192.168.3.179] (66-215-86-135.dhcp.psdn.ca.charter.com [66.215.86.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id E79D8C0CD3; Tue, 31 Mar 2020 21:44:13 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
From: Henry B Hotz <hbhotz@oxy.edu>
In-Reply-To: <e29a545f-c191-0935-f758-32d8204b59df@htt-consult.com>
Date: Tue, 31 Mar 2020 14:44:11 -0700
Cc: cfrg@ietf.org
Message-Id: <DB474D36-EF01-4032-BA47-241582DC213F@oxy.edu>
References: <e29a545f-c191-0935-f758-32d8204b59df@htt-consult.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
X-Mailer: iPhone Mail (17C54)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/VWbkbpkInuaFXhu4xvFiESOB0bE>
Subject: Re: [Cfrg] Encrypt in place guidance
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 21:44:31 -0000

NIST SP800-38G. 

Personal email. hbhotz@oxy.edu

> On Mar 31, 2020, at 12:03 PM, Robert Moskowitz <rgm-sec@htt-consult.com> wrote:
> 
> 
> 
>> On 3/31/20 2:55 PM, Henry B Hotz wrote:
>> What about format preserving encryption?
> 
> Can you point me to info on this?
> 
> I am only marginally familiar with it.  Not something I have had occation to study.
> 
> Thanks.
> 
>> 
>> Personal email. hbhotz@oxy.edu
>> 
>>>> On Mar 31, 2020, at 11:30 AM, Robert Moskowitz <rgm-sec@htt-consult.com> wrote:
>>> 
>>> The problem is in the Unmanned Aircraft broadcast messages (see DRIP work).
>>> 
>>> In the System Message defined in ASTM F3411-19 there are 8 bytes of sensitive Operator Information that I want to encrypt.  I can get a shared secret via the PK mechanism in ECIES.
>>> 
>>> The challenge is in encrypting, then decrypting these 8 bytes.
>>> 
>>> There is no room for expansion in the message.  All we have are these 8 bytes.
>>> 
>>> There is nothing unique in each System Message to use an an IV. There are 7 bytes of mission information and 1 byte of flags that are constant for a given mission (but may be the same in a later mission).
>>> 
>>> There are 8 reserved bytes, but I feel they left out 4 bytes of important Operator Information (thus making 12 bytes to encrypt). So no grabbing those reserved bytes.
>>> 
>>> Since this information is of limited value for some period after the completion of the mission, I was considering just using AES-ECB.
>>> 
>>> Opps.   I need 16 bytes for the output of AES-ECB.  Or at least that is my reading of the ECB mode.
>>> 
>>> So I am seeking guidance here on what cipher to use in this particular situation.
>>> 
>>> Thank you.
>>> 
>>> 
>>> _______________________________________________
>>> 
>