IETF Logo Mail Archive

Re: [Cfrg] PAKE review

"Hao, Feng" <Feng.Hao@warwick.ac.uk> Fri, 01 November 2019 11:42 UTC

Return-Path: <Feng.Hao@warwick.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B398120825 for <cfrg@ietfa.amsl.com>; Fri, 1 Nov 2019 04:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8Zj_BnvGz_Z for <cfrg@ietfa.amsl.com>; Fri, 1 Nov 2019 04:42:01 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40040.outbound.protection.outlook.com [40.107.4.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DEC5120822 for <cfrg@irtf.org>; Fri, 1 Nov 2019 04:42:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HP8xqr0a0yRwAB9qmVlDIdsUcYTTOxHprHiQ1mi4wAs8OGHeTIiSH4aGYwjVOU/B/mzUZg+kw78f+EFgtqmr0usTOeJqnpMvHtZi5spDHGA9G+3fRi7w7IdROCjPXbieTkqO3iKT4gQfC5UYczjmF8h8Y+adIup2Y9hf0Tl3vVhnTZTVQmrNGo4L+Hpun+5pwCaDWETzAvz5YuiHJtrcsgObk6Hxs29JVaYthn1XrtrgceQILfopscTgdfPz2xqcH1hbLQq32BTN7BD/ssJ2A+2DlBMvXqPvRWHEGqi0f6gHEX5cQD+hMQfUtX7GtYGIWEtYWAoMNIOGLf/SWd1dVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bCWiTUsCQ1HhuOp7PPhBeiJ6I520K8Xt1dDeT3aNr7o=; b=jSkaqRCW2m6OMjrOhCC8rgZDki8vHyBDWFcgOSVndVATl2MSomvjtceKgzGtls2K5zA1OBd5mZ4m27IKmO2iYyA8qqKN/xbZybNXFxRsTLXYwEL9Pl5xi9nZWIW51AsKSiNtHLfvJZt2CAqr1dS6qXE8yIA9zgtatYKOfQTs9RuYeLwl5/ij3DPWwjPYipCiVupBGjWGX/By81AS9X5w5qo95ybMM+qhRzMWBGeqI2i2m7u7y0IUYG3A7g2UBchhDAapxYAfC0URIMu7R+p35dPfaxBGMo/3SaQS1zNYxdBZx/Ylzb/8GZVUkiMURkBHaYGdgx29o9DFLuFnRGUplQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=warwick.ac.uk; dmarc=pass action=none header.from=warwick.ac.uk; dkim=pass header.d=warwick.ac.uk; arc=none
Received: from DB7PR01MB5435.eurprd01.prod.exchangelabs.com (20.178.104.28) by DB7PR01MB4107.eurprd01.prod.exchangelabs.com (52.135.140.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Fri, 1 Nov 2019 11:41:58 +0000
Received: from DB7PR01MB5435.eurprd01.prod.exchangelabs.com ([fe80::64bb:99b3:3e20:83ea]) by DB7PR01MB5435.eurprd01.prod.exchangelabs.com ([fe80::64bb:99b3:3e20:83ea%7]) with mapi id 15.20.2408.019; Fri, 1 Nov 2019 11:41:58 +0000
From: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
To: Bjoern Tackmann <bjoern.tackmann@ieee.org>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] PAKE review
Thread-Index: AQHVjp3cH7eP6Wd5k06wPWhputf3eqd2NYAA
Date: Fri, 01 Nov 2019 11:41:58 +0000
Message-ID: <35C7A2BB-3687-43EC-80B1-633B2B34C7C9@live.warwick.ac.uk>
References: <F3F5E4C7-1C0D-420F-8F6A-83A624602250@ieee.org>
In-Reply-To: <F3F5E4C7-1C0D-420F-8F6A-83A624602250@ieee.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.f.191014
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Feng.Hao@warwick.ac.uk;
x-originating-ip: [137.205.238.191]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 19abbaa5-f21c-4adc-b2f3-08d75ec080ed
x-ms-traffictypediagnostic: DB7PR01MB4107:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DB7PR01MB4107100268D6A0160A1AE673D6620@DB7PR01MB4107.eurprd01.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 020877E0CB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(39860400002)(396003)(376002)(366004)(189003)(199004)(6916009)(8676002)(66556008)(66476007)(6512007)(86362001)(256004)(26005)(81156014)(81166006)(186003)(64756008)(229853002)(66446008)(58126008)(8936002)(6306002)(786003)(316002)(7736002)(76176011)(99286004)(305945005)(76116006)(71190400001)(91956017)(102836004)(6506007)(6486002)(5660300002)(413944005)(966005)(3846002)(476003)(66946007)(33656002)(4326008)(486006)(14454004)(478600001)(25786009)(66066001)(2906002)(6246003)(6436002)(6116002)(71200400001)(11346002)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR01MB4107; H:DB7PR01MB5435.eurprd01.prod.exchangelabs.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: warwick.ac.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KzCV+srPZOzZfg7c5fbsb+ZFELfNXvAOXIuOLvBzDxAcxxaHKwHVQBQBjwuR0hBvaE2nC/mYuHGIPyThTaSuCeEXj0KPqCVermpuB6msjchqQRYIvl9dbgQAoG2DZRGA4NYwf1j17fdDlWbDOW4QQqtvd0bdfpwJnWQBTHx7NqAB+PbrepWFXAe1oEpYiqqP1pAXYbJyEVZ7ocHjMQWnHX5eKOfzPYH9X76q78uJEL+yv05xXAjJU4BwYXuiKDYDCzEggD19x78nr8GsrzxtGfLtgP7AQR1u2FqPuL26THdx7WMQO42xUwzDgtt6rVa6VNpSWEYdere9SJu6xOPhEtsQ95hLwNMg29EB1f2p9qzJsf8VYdNuY4OEWcR2MZQ4lZUJiO10f8isEWnR2QtmUVsNY/LsK9ix1+4s34o2/lSuDdSTe3KeenEsPWiSJb8qzDKaT7IMPxtSUjEJncTZ57oLfmUl13RGD/Mgfr9KBBg=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <7A5EF482FBCE56418979025C039DA6D4@eurprd01.prod.exchangelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: warwick.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 19abbaa5-f21c-4adc-b2f3-08d75ec080ed
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2019 11:41:58.4998 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 09bacfbd-47ef-4465-9265-3546f2eaf6bc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E6FLZCXhpBGN3OL22npyGlzNfJp8+sPXU8JdTtv2V7HyblDhEQlqIOMq7c4fr+rB3634Fz1MzdSrDtiiEyrChJCqU/kSHlkCR2hX4BJvTC4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR01MB4107
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Y8slcZV_32Fuw_uGfau4DD7aWaw>
Subject: Re: [Cfrg] PAKE review
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 11:42:04 -0000

Dear Bjoern,
  
> Efficiency. CPACE and SPEKE are the most efficient proposals, followed by SPAKE2 which needs more exponentiations. J-PAKE is far less efficient than all other candidates, both in terms of computation and communication.
   
I would like to stress the importance that a fair comparison on efficiency must be based on "fully specified" protocols. So far many hidden costs intrinsic to the construction of the protocol have been neglected. Therefore, I would suggest the submitters of the candidate protocols or their collaborators also provide reference implementations, so we can evaluate and compare efficiency more concretely. We can also evaluate possible side channel leakage as that's closely related to not only the implementation, but also the inherent theoretical design of the protocol. 

I did two basic reference implementations for J-PAKE many years ago for the finite field and EC settings respectively. 

https://www.dcs.warwick.ac.uk/~fenghao/files/JPAKEDemo.java
https://www.dcs.warwick.ac.uk/~fenghao/files/EllipticCurveJPAKEDemo.java

There are also a more formal J-PAKE implementation (finite field) in Bouncycastle and a commercial C implementation (EC) in mbed, done by third parties. The source code is all open. All these can be easily adapted for a fair side-by-side comparison with other candidates under the same test conditions.

Cheers,
Feng

v2.23.0 | Report a Bug | By Email