[Cfrg] PAKE requirements

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 09 October 2014 18:09 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0988B1AD461 for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 11:09:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.486
X-Spam-Level:
X-Spam-Status: No, score=-2.486 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Hi7bAUkdfkK for <cfrg@ietfa.amsl.com>; Thu, 9 Oct 2014 11:09:29 -0700 (PDT)
Received: from statler.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id 2836C1ACD33 for <cfrg@irtf.org>; Thu, 9 Oct 2014 11:09:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1412878168; d=isode.com; s=selector; i=@isode.com; bh=VlMI6r8tZHwB/MsRZ3criiOx0lrpBSr+8++SFYHyQQU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=k9TzqRpryVd0x8xzXtyOsKIxz56Jyj5Jx+aVLRxVMDAR8H21ycTfXKlKosjZL0d/JQ42qB b3mp17byk2bykUj6kOg7W5NROuK5t69BIZ/svxbfW8j9pKnz5an0aQQ1S4vgFLAsBktI+h AE/SWid8MU8YZUzY+uxXLUOjhHarqv0=;
Received: from [172.20.1.47] (dhcp-47.isode.net [172.20.1.47]) by statler.isode.com (submission channel) via TCP with ESMTPA id <VDbPVwAycEXw@statler.isode.com>; Thu, 9 Oct 2014 19:09:27 +0100
Message-ID: <5436CF60.5000602@isode.com>
Date: Thu, 09 Oct 2014 19:09:36 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
To: "\"Schmidt, Jörn-Marc\"" <Joern-Marc.Schmidt@secunet.com>, "cfrg@irtf.org" <cfrg@irtf.org>
References: <54357A2A.2010800@isode.com> <38634A9C401D714A92BB13BBA9CCD34F13E26818@mail-essen-01.secunet.de>
In-Reply-To: <38634A9C401D714A92BB13BBA9CCD34F13E26818@mail-essen-01.secunet.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-transfer-encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/aSkHOMYumrZhYcMu9T8Hvq3-nmc
Subject: [Cfrg] PAKE requirements
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 18:09:37 -0000

On 09/10/2014 09:31, Schmidt, Jörn-Marc wrote:
> Hi,
>
>> 1) keep in mind that CFRG chairs believe that the RG should work on PAKE requirements and after that on other PAKE proposals. This was suggested by our previous co-chair David McGrew
>> http://www.ietf.org/mail-archive/web/cfrg/current/msg03723.html
> So why don't we start right now with a discussion on the requirements (independent from the current dragonfly draft)?
I think discussing PAKE requirements in parallel is fine, although this 
CFRG co-chair was trying to channel limited RG energy to deal with one 
or two issue at a time :-).
> Some aspects I can think of right now:
>
> - Royalty-free use/Free of Patents
> - Security (What kind of model are we considering)?
> - Support various types of elliptic curves
> - Good performance, i.e. easy to implement,  number of exchanged messages (and sizes), computational costs
>
> Further, I think we should keep the requirements for a mapping if the scheme is used with elliptic curves in mind:
> - No mapping required
> - Mapping on the curve (e.g. SWU, integrated Mapping)
> - Uniform representation (e.g. Elligator, Elligator squared)
>
> Finally, it might help to collect also use cases for PAKE protocols (A look at the "curves" list might also be useful, e.g. https://moderncrypto.org/mail-archive/curves/2014/000077.html).
>
> What else do we need to consider? How should we prioritize the requirements?