IETF Logo Mail Archive

Re: [CFRG] compact representation and HPKE

John Mattsson <john.mattsson@ericsson.com> Fri, 06 November 2020 21:51 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E3B3A0D79 for <cfrg@ietfa.amsl.com>; Fri, 6 Nov 2020 13:51:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3VKp2Pa9-FSJ for <cfrg@ietfa.amsl.com>; Fri, 6 Nov 2020 13:51:41 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80041.outbound.protection.outlook.com [40.107.8.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 914063A0D93 for <cfrg@irtf.org>; Fri, 6 Nov 2020 13:51:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UdHm0to0Knqv323IZRIzwZ7OBX9PTsER9XLOa3QbVUo71Btx7c9Nk6ekj/6d0SlKNzq8oZ1zULnT/DbZmjcL5t4iE9Dqk9XyuU29lKOzSkEsltyLtpMFNF1KWMI/aNwJWe5emxp8OBeBxgX2pmWwINTzAHd8bJJxanRVtRazipY44WuhqCQs6GFQJHeInrF2TsMBXygTr3pGepJ9tUnuBy//j8VzWpvAgCbuWwrV0v+hNYUUh2d2thTdvYwvVex5kqZoKjInVA2urLlJeCkdq93416WNzNF+u52VwU4BajIH90/EhAJZs8kardoSqgi/Y6Otfj8VIWIEZWO0Obmrhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=no/tdrXlU90fG1iAKb7o6jt2s+dlQlmW+j9FAHTVEAs=; b=XK8Uf6QUr+jjYfzmWhpq7F/bJRek8qUMs+oaTO8ub3fOMrhAt23PsQPVh8zEIdo5ehzzV29hygeEq+h5rUuIc4ak1qBXeq2Tueychxo6vIa3A8BhPscEq4rO9SkyCvC/rH2S52WUWEWO/HthR54OYkNMrhmCEqCWM1VD4VzxKtcyScsQLSgm0c46RBySo7omNU4/fkDjbOVjjcwk/rMKBQ8uyY5ZMm9W4RTiJ6kT/uiKJcdDUwwlS9EJN6VcP2eFTsxTywJFuZztStBddzVjd3MyjH568A8eXHx5KeDSLLz3EuLtyA1UXkWtQ5wRH9XAiaoEz2ZClIY2h4fZg7Bd1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=no/tdrXlU90fG1iAKb7o6jt2s+dlQlmW+j9FAHTVEAs=; b=bugCPTZzyEsBdbBL/hlGGuT7+gSGolYs0bbFikNp6mCRLGL0FdOeXnieuF5sxihCcqsF8qUXq3vGkfGsAHHHbK9UevuxlXtJx6OFsrDivS4n3Ohy66Mvjai3yjpowEGsxS0O9SvAjm3B26g+eTQPmSnA33IS+ouqQrLI0XlNjUA=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM7PR07MB6788.eurprd07.prod.outlook.com (2603:10a6:20b:1be::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.10; Fri, 6 Nov 2020 21:51:36 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::951:a4c3:7f39:e39c]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::951:a4c3:7f39:e39c%5]) with mapi id 15.20.3541.019; Fri, 6 Nov 2020 21:51:35 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Dan Harkins <dharkins@lounge.org>, CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] compact representation and HPKE
Thread-Index: AQHWtHd/qk8nkHIbjU6W/w1XmEnRGqm7tdKA
Date: Fri, 06 Nov 2020 21:51:35 +0000
Message-ID: <4C4DE4EC-1A5B-48F5-871E-B7D323EF63D5@ericsson.com>
References: <0fcfb0ed-249b-7cd3-09ba-ed1c73122383@lounge.org>
In-Reply-To: <0fcfb0ed-249b-7cd3-09ba-ed1c73122383@lounge.org>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: lounge.org; dkim=none (message not signed) header.d=none;lounge.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cc1c6d19-4a9d-43d4-04ff-08d8829e21fa
x-ms-traffictypediagnostic: AM7PR07MB6788:
x-microsoft-antispam-prvs: <AM7PR07MB67883BD9003867A9430BE92D89ED0@AM7PR07MB6788.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4Avb7Kdaf3ah7gvXJr2ZOp0yFP7/PqK0yzvT1rWtomcfzTYxbYZtcUH3ugQSYWIuPPNQZTvT44iEyIvd0cE7gtBYphPq5rYYAFIL3375397BG5yaL9NACrHwek5IojP/QhBzgt9okvEzO97XccMyBlGmpDpe9M3iQUHsVd0u/BojHAkXQY4grwREbaxkMXrxgRZoqtHraxeHv3K7Bf0n77iR04IjFkW4URlb+DlW/Go8nhTERgOERgtTpmSHtDyXCyANxvRimX1/o1WRUU3fEn3l8IOAVog9mIbB0mOPWojBUe+00egx1jC4tI5SIX/rDJJjCFPsPWWway40WKQ3wsBUqyc7mzpK3S7WSn99tFfWowCg2/u4YfWRxm5cNpmTaZfrxVYpM+/Va9p0jleZqA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(39860400002)(346002)(396003)(366004)(83380400001)(186003)(26005)(44832011)(33656002)(6512007)(2616005)(36756003)(66946007)(5660300002)(86362001)(8676002)(66556008)(966005)(66476007)(53546011)(64756008)(91956017)(8936002)(6486002)(76116006)(66446008)(2906002)(110136005)(71200400001)(6506007)(316002)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: n+fHJGH+7PZi1tEqNAuFiZZeiwck1hPAFffw1WnPUwnqRK93AlYTk3lSWdx8v6KYFyYgpUVdjO1D2Zl6f3K+rTHyXG1SWHQBO12x9TeY+uONXMhiChQ+XaWJwbaE5tBQtpo6/nZWokHNyY7XcW6kLTXBii8/u4HJ4jmWum2oEqqCLMTkqHFsIOBrsp9Kg40TJyxULcxDXiy8RUtMGdYzB6SxJJOEQQ5GtcRc4EudT1EJmRusSIAdpQlZTado/tkNXiZiZjqZp2CYiF/RX6T6n1yS2fniwdoa0+v7ZryqhntFnBkF2x6ks43GYznnwTo3YH+xIsbJWogIndfX09H5kxB4UQ/7yeEIR4lpcwdfwB3T3idWa9V9pnb/SQj/sVEvFJbSlrUaXo2kmUgLilw+v3TkOmthlRdUi/UieNC/s/5RMHgUrcip5s5LfwhM3Jb8VEpKWA39aViW3lxzaS4HzaIyK8gIRKoBdccDAVlVYGoeqExKR7HNIJ+eOVxm6ByMpGhu6QBd5YX84HM9s19EPIr0BRNDXCV53iJ+nmCKDcJLy85B2I/6XP5P1spCV7l06GqxUgdTHFWSDcstSAp2FVu/+eyh7ACIYGgjdBe3hyQaYNc1Dkt30fxlibVJZTpZg8roiOwWYS+nx0D62vr2bQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <9A7736626C030242888CE260B9EDC386@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cc1c6d19-4a9d-43d4-04ff-08d8829e21fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2020 21:51:35.8202 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q8FDgf5qTiSPCEn3MRs1UaHc2kE7wdRlsWN/mjMst1xZY6uZG9AxB6RMZlDbnX9nYnMs6qEIzSjx7y7T/8/nfjiQehPHjgLlWQyRLmm1prk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6788
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Z7t_u2JDy9ra55MZQCq_PF5Y8s0>
Subject: Re: [CFRG] compact representation and HPKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2020 21:51:42 -0000

+1

Sending the keys uncompressed makes HPKE unsuitable for constrained IoT.

-----Original Message-----
From: CFRG <cfrg-bounces@irtf.org> on behalf of Dan Harkins <dharkins@lounge.org>
Date: Friday, 6 November 2020 at 21:00
To: CFRG <cfrg@irtf.org>
Subject: [CFRG] compact representation and HPKE

   Hello,

   When doing a DH-based KEM with the NIST curves, HPKE specifies that
SerializePublicKey and DeserializePublicKey use the uncompressed format
from SECG. This ends up using 2*Ndh+1 octets to represent the serial
form of the public key.

   Since compact output is being used in DH-based KEMs-- that is, the
secret result of DH() is the x-coordinate of the resulting EC point--
it would also be possible to use compact representation (per RFC 6090)
and have SerializePublicKey merely do integer-to-octet string
conversions of the x-coordinate. DeserializePublicKey would then
do octet string-to-integer conversion for the x-coordinate and use the
equation of the curve to choose the y-coordinate. The sign isn't
important because we're doing compact output.

   This would make the interface for the NIST curves and the Bernstein
curves be uniform-- Serialize would produce an octet string of Ndh
and Deserialize would consume an octet string of Ndh-- at the cost
of some CPU inside DeserializePublicKey.

   Please consider this suggestion.

   regards,

   Dan.

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius

_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://protect2.fireeye.com/v1/url?k=513cd874-0ea7e231-513c98ef-867b36d1634c-ce26b08a2499b9a3&q=1&e=4f2b4ce0-8d52-4a80-b41e-0f7537355d35&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg

v2.23.0 | Report a Bug | By Email