Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Internet draft for balanced CPace subcomponent available
Björn Haase <bjoern.m.haase@web.de> Tue, 07 January 2020 22:18 UTC
Return-Path: <bjoern.m.haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA691200A3 for <cfrg@ietfa.amsl.com>; Tue, 7 Jan 2020 14:18:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RcMNqtTxjTH0 for <cfrg@ietfa.amsl.com>; Tue, 7 Jan 2020 14:18:45 -0800 (PST)
Received: from mout.web.de (mout.web.de [212.227.17.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E98C120025 for <cfrg@irtf.org>; Tue, 7 Jan 2020 14:18:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1578435520; bh=/zIHRJ2xHB2GQ1kedd6UpCCPFP5rGxM4MNf1AJMFbpM=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=Wqv3LSqK6fA0tiseEBVsNunuB4POKlS2/IpHvIOZ0G8DSAUyfWoDCFXrQX4jx6cux UcXlNSi9t/uEDFehNap516bMKegjqGzuG8We6Sp1OkAF108Y4OTEMqqGCTcIv0B5lY 1Y1cmBlRQENcSu8M7td0GVM1FMnmstBZ42wcGy4Q=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.2.161] ([188.110.251.139]) by smtp.web.de (mrweb101 [213.165.67.124]) with ESMTPSA (Nemesis) id 0M8i11-1jbqRn18FP-00wICK; Tue, 07 Jan 2020 23:18:40 +0100
To: "Hao, Feng" <Feng.Hao@warwick.ac.uk>, cfrg <cfrg@irtf.org>
References: <VI1PR05MB650941DEC988A4E3DD3D7E53833F0@VI1PR05MB6509.eurprd05.prod.outlook.com> <0A892720-D1F1-44A9-8E53-529453D566BD@live.warwick.ac.uk>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <f51d77f8-11ac-8b2d-6ec4-beca3f66a19a@web.de>
Date: Tue, 07 Jan 2020 23:18:40 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <0A892720-D1F1-44A9-8E53-529453D566BD@live.warwick.ac.uk>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:y4yJXZpSYAMItI2YWNxHfnGgXmm+26DkMocRUWrmL1rW5kYAMZD LALzLZxC1uYLl7lr7gUpMgitd5SAJxbbNy90NpBY8Uju52ReFO2CGsz+STwmSW2jn1lh+Tx x7j0Hd+psnZdc7pnS2hiIa/inOe59QVY0Ht5lfNcIXODjLXOoEyybXOfdplxHrh3+HWNQCa qZ56/+erAAufmK8B64s+Q==
X-UI-Out-Filterresults: notjunk:1;V03:K0:yAu8qkTsRdA=:3JbknRS83bE+AMdqPl/p0x dGb5EWfrtHY4PJvxevgAytpcfTgiZTWFYfW+sTCqBpsOZgmQLDkS8Ohg2KT2xRFtmZ0kNxTd/ LQ1tOFOulDMGPjriDu07oA44zvkkAcfa6MAul1XoozMK51ENh69uynm6+KGMzhQsZJQkVFUhm a01Cpuly/SSBqr8AdPUIvUiUvyBswi/UIEqHPFFiNtjmR5PihMj6W1yiJVVSeIpds1rcbQRZI wkTLgYx5+cJWJJSoBhsIGCCt/WRBzHVw2cqmS3bACF5S3ubngBB+wHiP55YYtDSEvxc7YuCpr eSbokfOzJ0qeu9oT1XI3R6iqgIa37VASAKjgtxcRoag9DEmFBmPlPlJpbgDNGVFOSHYo6wet9 zxlSCIaKlmZNLgQu+SNM9qMFIMr29Ou2fMCXKkdS2rCoyXIXqe8w/aQ418tsdHbqGdkzyQFl7 sk7YIhiDwSZqJ+CI0OJsDq+Z5ROuF9TKJorHfiQ25d7Pi1CUALdkJS1BVQ8Cb6N/wDhklV1kz oL1CimHCFpqvNYaJscjInLQU2VjI5RFsyNAf4cJ7ha29mY28RAIbpq0LDqo+92eoAN9t40y5w pmgDt0RxmNbMLaM1DFbWWZ5aKwGKWjzt1RGk6EOCWbqgcjgAQ9AgF3k63FUQOsA6IAFiniTD7 yhKGKgak7tJYJFEuaj0BLpOkE54iKrw+ov65FSo/ITPRlENajV/kHWzg8dEx553FieIKUkSDz mx9n9C1C6fvBe30+0gr+RYIVZ+bUjt6oNOF0PMJQIa5xabcTqHT4lJxzxm1uqlH+Yo556Mv17 JS2d8c+F90b0QTS16Zra8/xwJpMKmphXTjSPlCHVVlvjITHwWA3RYwKZYJkliWrdSqBBBvsGx XH+xGCE7vCyeFNyG1104bxVd77Vwqp/yQIhWryY0onM0SOTHHOheL1cuV1/tOZynGyqMDYs++ jQFY+x5EVZKRpZr6FN3tk0YgTqmHNOUoLcAUxCCtj996lUvTsYdzgsMprz6dkfnwX8d8+QuZN vYeKHAkOQJ+Oi/gfcyyd9mBaDsBNOrT/btTOzwGGXSxQWs73/t00AkqJ8vX6vvzYqIDSPojbQ pUehbmEjHt3XdW7764EgxLIxbfDXD+ZUhP/azaK/tIrwhOflOeqyT8GyZ6oESILaOvkOtQoRI 1r2B+iXZqAu1Ntc+InmAA+zOsTY9IiwlaKuMFZD/s/2/XruXQBYzBUJTpFRQ+YaPeEDoVKq3B Pohv4rPUDEnqH8lIs3KJuxm01EaqSupn1NXL/pAK9YgyG+kFWL0XcOtP3lug=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ZhWwpb_8znIh06Y_sHhQtfl1fkY>
Subject: Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Internet draft for balanced CPace subcomponent available
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2020 22:18:47 -0000
Dear Feng, >I can’t talk about other people’s reasoning... and also I'm not able to or interrested in reading other people's minds. I did not mean to be offensive. I aim at being fair to all candidates in the discussions and specifically also to J-PAKE. I agree with you that reasoning what other peoples did think is guesswork. Maybe let's better re-phrase my earlier statement more accurately as follows: J-PAKE beside the two additional rounds and the efficiency disadvantages, in my opinion has four outstanding points: 1.) The simple structure that avoids the risk to overlook errors and problems in the proof strategy (as pointed out correctly by Scott!) because with your construction, you don't need assumptions similar or close to things such as the "known-exponent assumption". You simply proove that the remote side did now the exponent and use this in the proof. 2.) with this structure, you don't need programmable RO 3.) you don't need the complexity of hashing to curves. 4.) and finally: It's not covered by the patents. Even if it was quite obviously not your main objective, I believe that from all of the advantages the feature 4.) might indeed have been the single one most valuable property of J-PAKE for industry. Yours, Björn. P.S.: FYI: With our company we have actually tried to get / evaluate the cost of licences. That did turn out to be extremely painful (already to find the right contact person, agree on commonly accepted NDA forms, agree on licensing contract frameworks, trying to setup the reporting process regarding production and number of uses of the patent, volumes in the specific countries with valid patent and without, what to do with apps and service software tools that are typically shipped for free, where royalty conditions of the patent holder might force you to *sell* individual licenses or require complex online registering processes for your own customers, such that you could report how many times the software is actually installed and used and in which country .... In the end, our legal department requested us to implement a solution not covered by patents ...
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Björn Haase
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Hao, Feng
- [Cfrg] [CFRG] PAKE / Hash2Curve First Internet dr… Björn Haase
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Hao, Feng
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Björn Haase
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Björn Haase
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Hao, Feng
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Riad S. Wahby
- Re: [Cfrg] [CFRG] PAKE / Hash2Curve First Interne… Hao, Feng