Re: [Cfrg] Revive of draft-agl-ckdf?

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Thu, 02 November 2017 10:18 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D81DF13F627 for <cfrg@ietfa.amsl.com>; Thu, 2 Nov 2017 03:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ryGTqzcpG6SO for <cfrg@ietfa.amsl.com>; Thu, 2 Nov 2017 03:18:00 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F3BC13F567 for <cfrg@irtf.org>; Thu, 2 Nov 2017 03:18:00 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id z50so5727381qtj.4 for <cfrg@irtf.org>; Thu, 02 Nov 2017 03:18:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=czYwa28xTUqDK9LCaGFAWc/FINQ7rvA6LRVLMYM4RnE=; b=JQ5CIgK2mcVMsA9tfsjCKEWrPuJDGeg4VwoWz9XheC+vegVo0LUPz63uklMGqj0nzv G9ju+fTFa3E9KTij0APeXyp/Lmg/WjV8qVDQZ9bvdkKYhpbfitB/kAWhfUaR5RnR78t3 V9kjtgBSCdKvywZrqTH54NUblrvw1XW90bFXQGwsRYG5NN0CnlqhY8vizVW9Wr34VqjK yyyYPWpFmcP61QUfNOBP2N8zn6TeT/HS70SXfZSri2+QtbiYQggQyVs2HeUBubC6cG+o V5/5qEH+WGqkTrpLov0xPghnMam8IbF9RYX86w1kwCkob4+m1XSgbqCgihtjodtwKr8T kkfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=czYwa28xTUqDK9LCaGFAWc/FINQ7rvA6LRVLMYM4RnE=; b=JM4BSzSN/veFxTtCWB7QhxKu65sXjQWuZJ3BO8C+pwU1Y23NB3bGhX0/gJDJbsy8hT 5uDZHHLEJCD5gePnhGnrd0lQ40lFhjJhazLyQwVeIrWWnlK4RMEeBbIjEFWsigekyQFJ /x0JhlOWpYoRKRyinC443i7eXMPFIlP2MuTldAZd2HvVGbG8UQOMLFqUvdJXcLB8EbTN ajmYK5Np43D6YES+4hFvk8vJ7wLgT8IhMlRx4HazekJDGqSw/K5PQYTnFXx33UfSU2ac oRbJlS3jOHalNDr/tizVROm8/quyr5gEXDP49uo5IFy3tFrR31MFQhhtube5USAYZrgx QVvA==
X-Gm-Message-State: AMCzsaVYO0kz54fFP0JppOy2rz5IgvY2jJ+M8cAwX0ZmCKYxv09i7dbk 2t5SxcG6f9OVV+QVHlBUx2oJ24JHImeo4Qp3bOAZhg==
X-Google-Smtp-Source: ABhQp+TzklmG1YxLBT7q9Rl92hrB3XW7f+KzWfZWELUqHyl2DetUJ+ceuJjrrqo5j67hmelhdH3TfhGIhfBvS2+hAn0=
X-Received: by 10.200.26.15 with SMTP id v15mr4117513qtj.62.1509617879372; Thu, 02 Nov 2017 03:17:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.142.67 with HTTP; Thu, 2 Nov 2017 03:17:58 -0700 (PDT)
In-Reply-To: <59FAF029.1030109@strombergson.com>
References: <59FAEE31.4080300@strombergson.com> <59FAF029.1030109@strombergson.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Thu, 02 Nov 2017 13:17:58 +0300
Message-ID: <CAMr0u6=ydX=LkcsKREQz1+pPOxqoLrcR+Npy4zAcm0j5fJXz4g@mail.gmail.com>
To: Joachim Strömbergson <joachim@strombergson.com>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="f403045d61f87259f3055cfd4d10"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/YweB9JR58TQ9kczaQfi17GZu-Dk>
Subject: Re: [Cfrg] Revive of draft-agl-ckdf?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 10:18:04 -0000

Dear Joachim,

Maybe it would be useful to draw your attention to the
https://datatracker.ietf.org/doc/draft-irtf-cfrg-re-keying/  I-D, which
employs HKDF for external re-keying based on hash and a construction based
on Mihir Bellare's paper for external re-keying based on block cipher. Do
you think it will be reasonable to use CKDF instead of that construction?



Best regards,

Stanislav Smyshlyaev, Ph.D.

Head of Information Security Department,
CryptoPro LLC

2017-11-02 13:15 GMT+03:00 Joachim Strömbergson <joachim@strombergson.com>:

> Aloha!
>
> Relevant links that I (of course) forgot.
>
> https://www.ietf.org/archive/id/draft-agl-ckdf-01.txt
> https://tools.ietf.org/html/rfc5869
>
> BR
> JoachimS
>
> Joachim Strömbergson wrote:
> > Aloha!
> >
> > draft-agl-ckdf is a draft by Adam Langley specifying a block cipher
> > based version of the hash based HKDF in RFC 5869. More specifically,
> > CKDF use AES in CMAC mode to implement the extract and expand stages of
> > HKDF.
> >
> > The 01-draft expired Feb 25, 2016. I've had a brief contact with Langley
> > who stated that he had no further interest in it.
> >
> > But I think the premise in the introduction of the draft still stands.
> >
> > For many IoT devices with really constrained MCUs, if there is
> > cryptographic support in HW, it is an AES-128 core. CKDF would allow
> > these devices to use the same core for key derivation and session
> > protection.
> >
> > In pure SW solutions, having just one primitive makes the code size
> > smaller too. Performance-wise. the number of iterations and thus total
> > cycles will be much smaller for CKDF compared to HKDF, reducing the time
> > to establish sessions.
> >
> > For these reasons, I believe CKDF would provide use case advantages
> > compared to HKDF.
> >
> > Would it be possible to revive the draft?
> >
> > BR
> > Joachim Strömbergson
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>