IETF Logo Mail Archive

Re: [Cfrg] Please review/comment on draft-moskowitz-hip-new-crypto-02

John Mattsson <john.mattsson@ericsson.com> Thu, 03 October 2019 16:17 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 333211200E5 for <cfrg@ietfa.amsl.com>; Thu, 3 Oct 2019 09:17:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opepN4yTMy8b for <cfrg@ietfa.amsl.com>; Thu, 3 Oct 2019 09:17:53 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70075.outbound.protection.outlook.com [40.107.7.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69D92120020 for <cfrg@irtf.org>; Thu, 3 Oct 2019 09:17:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TdSCIqzcKGWKI1W5J5cz1i8T12wqfrBZeYpcOT7PSiaK3UjIupqir0LnIKFThoaW2U2FWYB6mduqJQMEQx1XIAnpEOBpatJJpj4FF3LVD1QdjiLJgp8lsQcCoKLMNNUU+BJSD7mJUpZuHttVIhNrzWVFWA9o4BuffX1muxXfvcelIT4jUNToeym8V7bCY1cqGrHjIgUJryhRQZJHJx16LkEzVPkAQB22IUTIp5AWC9cN08cdSPAI3Au5B7y2VGazReVVzEUD21XXotJYv/lzKUAEq8UIj97mssxOe/hrUWLUQCxk4o2mX+HtQTTi5CQJi4BpbvFURMWEuKDRU3u6Bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SWuRdM2stuNkGHbCZSD3gSUzZW9Re9PFsQnBO8ZpvEQ=; b=hHhfnndtGCYthkrb/oI31pVGeIWrLJJBy1DuQZysk8PqzcuwwNa3bgYnr/L/MGDR1gnhU1vSOmSe9d/mtsUjRE6oDuKowCFTGyM8Z2a4DyTywPtY3kw2S5C8NWep8FkhHuGzGMDQuVqOE8TMSX3vbP59+tJs/ef4QoefXQTGEScUriNeenleo3ahsoxVPqJiJbn+ghioaFol/pU89V6aeXRTbwq1mRwK5rcehSNukPDZJAYZVXkY+gmeFarQ7G1gQ63sEZILaH99OoZv+Ez7ss4kglMo8eh/e1EgwISstAUnO+BsM/SgKvRDh/aHk0WsJnCmIPQVvyj9sH9t4cGgdw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SWuRdM2stuNkGHbCZSD3gSUzZW9Re9PFsQnBO8ZpvEQ=; b=OMQfMUF1ekEiiMApJv3M+04rLqC/uTI6rQZsw7rts61bzAzwhvgd13LyvXja5Ur5EDbqZqal5f8kcUgnwGz4sWNtEWpmFsPT2QaIkH5Powcs4jVilFUqfg2V8E7LTFCwaU971B6sm9coiIewK60r5UWR1MRYoR9aIUIQEKy9st0=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB4377.eurprd07.prod.outlook.com (20.176.167.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.9; Thu, 3 Oct 2019 16:17:50 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2327.021; Thu, 3 Oct 2019 16:17:50 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [Cfrg] Please review/comment on draft-moskowitz-hip-new-crypto-02
Thread-Index: AQHVegHRaehQRwvSPUy/0KDuuxiZmqdJObcA
Date: Thu, 03 Oct 2019 16:17:50 +0000
Message-ID: <777D0CE8-45D8-44C5-B8C0-854E4B04812E@ericsson.com>
References: <9d0c79d6-3e98-9e24-9c32-e57e4fb23ae0@htt-consult.com>
In-Reply-To: <9d0c79d6-3e98-9e24-9c32-e57e4fb23ae0@htt-consult.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 261d845d-1c6b-4d34-cbd6-08d7481d3cd6
x-ms-traffictypediagnostic: HE1PR07MB4377:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <HE1PR07MB4377480E4017BA99FB857B75899F0@HE1PR07MB4377.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01792087B6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(396003)(136003)(39860400002)(376002)(189003)(199004)(86362001)(606006)(58126008)(33656002)(6916009)(316002)(966005)(81156014)(81166006)(11346002)(8676002)(446003)(14454004)(8936002)(76176011)(6506007)(53546011)(26005)(99286004)(476003)(486006)(102836004)(2616005)(186003)(478600001)(3846002)(6512007)(66574012)(71190400001)(66066001)(66476007)(44832011)(54896002)(6246003)(66446008)(236005)(64756008)(66946007)(66556008)(6306002)(36756003)(5660300002)(6116002)(7736002)(2906002)(256004)(6486002)(76116006)(71200400001)(6436002)(25786009)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4377; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: w9wmfoTWV5JtNNkV/XVkzTrflJ6Xrhl1jLxgyZHsOIlj+HG8rCYYkwFVlMHM84cf3/ZCvo/7/x/8qkqp+FUbkWwBP6sPV7IfCD/7QtThJR7isKOYtozW0izVXyIAdsUI72BsfwFQ1VVL94KQgnm9O3vxx+WtAglN/pQczM+aO2NFxfKrlulXx+cuf5ynZpb0lSQqSHtK4iRN9lvCQG4/ISBlSoSHnrsv9g6BPu1ClrC0gNDCC3jHXQX6f8SPPetaYS+l2t5tuiqZdPqB/6LmlQQy/i5CEsgPzVBqmZ2zivdJn7LRvirJu41/KINeOf5NRTT5+OMjd/3lFa7cEo2NBalwCBjSnWIAm+bAOoDYtYdTRKK119mByp1S7gBKAMd5Ldj1+ewFblbTIwPdUpVrLjM7QBYMEFPvIufSWflfEjptlLezvIxpe9GBhzEJFc4tfTavFjW85e6zrS4XpTl5tQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_777D0CE845D844C5B8C0854E4B04812Eericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 261d845d-1c6b-4d34-cbd6-08d7481d3cd6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 16:17:50.6736 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Da7hAdFd73+uDTSmHqbEo/gAHin5D84sV1zOQhSUHB0HSzZyksYVFCCfTahKzovGmi9vsccix7t8qqsZddhM3jZ7y+i2IjeZgpSjtp8L9KM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4377
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/YJFknNdl9niAA-fmSqKffhV80-M>
Subject: Re: [Cfrg] Please review/comment on draft-moskowitz-hip-new-crypto-02
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 16:17:57 -0000

Interesting! Specifing some AEAD based on Keccac seems to make sense.

I noted that Keyak was not chosen in the CEASAR final portfolio, do anyone know why? I cannot find any report from the
CEASAR competition…..

Are any Keccac based ciphers submitted to the NIST's lightweight crypto competition? If I remember correctly NIST was previously talking about standardizing a Keccac based AEAD, but I have not seen any info on that for a while.

Cheers,
John

From: Cfrg <cfrg-bounces@irtf.org> on behalf of Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Thursday, 3 October 2019 at 17:47
To: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] Please review/comment on draft-moskowitz-hip-new-crypto-02

This draft adds support of EdDSA, EC25519/EC448, and Keccak hashes and cipher (Keyak) to HIP (rfc 7401).

The interest to this group, is I believe this is the 1st? major adoption of Keccak (FIPS 202, sp800-185, and sp800-56Cr1) in IETF drafts.

KMAC vs HMAC is perhaps the simplest change.  It would seem that KMAC (sp800-185) is more efficient than HMAC and might be of advantage to high capacity situations.

Then there is the KDF based on sp800-56Cr1 (called KEYMAT in HIP lingo).  This is a significant change from RFC5869 and sp800-108.  But I have assurances? that it meets the needed strength requirements.

Finally I am perhaps 'jumping the gun' on NIST's lightweight crypto competition with specifying Keyak, but for a constrained device developer, it means one underlying engine to support.

TBD is a separate draft to amend RFC7402 to add Keyak to HIP's use of ESP (and include diet-ESP).

The only 'hidden' gotcha is EdDSA25519 using SHA512 rather than a cSHAKE256 with 512 bits output (see KEYMAT above).  This has code-size implications to constrained system developers.  Otherwise it is all 'new' crypto.

======================================

A new version of I-D, draft-moskowitz-hip-new-crypto-02.txt

has been successfully submitted by Robert Moskowitz and posted to the

IETF repository.



Name:            draft-moskowitz-hip-new-crypto

Revision: 02

Title:           New Cryptographic Algorithms for HIP

Document date:   2019-10-03

Group:           Individual Submission

Pages:           12

URL:            https://www.ietf.org/internet-drafts/draft-moskowitz-hip-new-crypto-02.txt<https://protect2.fireeye.com/url?k=f5f3e143-a97a3b6f-f5f3a1d8-0cc47ad93da2-a719c860baead1e6&q=1&u=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-moskowitz-hip-new-crypto-02.txt>

Status:         https://datatracker.ietf.org/doc/draft-moskowitz-hip-new-crypto/<https://protect2.fireeye.com/url?k=fffb3b7c-a372e150-fffb7be7-0cc47ad93da2-78d83682ccfc8b3a&q=1&u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-moskowitz-hip-new-crypto%2F>

Htmlized:       https://tools.ietf.org/html/draft-moskowitz-hip-new-crypto-02<https://protect2.fireeye.com/url?k=f062eb91-aceb31bd-f062ab0a-0cc47ad93da2-22cb8134989de627&q=1&u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-moskowitz-hip-new-crypto-02>

Htmlized:       https://datatracker.ietf.org/doc/html/draft-moskowitz-hip-new-crypto<https://protect2.fireeye.com/url?k=5d6da924-01e47308-5d6de9bf-0cc47ad93da2-5e91e8000092fe70&q=1&u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-moskowitz-hip-new-crypto>

Diff:           https://www.ietf.org/rfcdiff?url2=draft-moskowitz-hip-new-crypto-02<https://protect2.fireeye.com/url?k=d7be9813-8b37423f-d7bed888-0cc47ad93da2-ef6e3ea349ba4e7c&q=1&u=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-moskowitz-hip-new-crypto-02>



Abstract:

   This document provides new cryptographic algorithms to be used with

   HIP.  The Edwards Elliptic Curve and the Keccak sponge functions are

   the main focus.  The HIP parameters and processing instructions

   impacted by these algorithms are defined.









Please note that it may take a couple of minutes from the time of submission

until the htmlized version and diff are available at tools.ietf.org.



The IETF Secretariat

v2.23.0 | Report a Bug | By Email