Re: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-06.txt

"Dang, Quynh H. (Fed)" <quynh.dang@nist.gov> Mon, 26 October 2020 16:49 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 735CB3A0D1E for <cfrg@ietfa.amsl.com>; Mon, 26 Oct 2020 09:49:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Utdk8LY-DgPS for <cfrg@ietfa.amsl.com>; Mon, 26 Oct 2020 09:49:17 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2107.outbound.protection.outlook.com [40.107.91.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D8C83A0A9D for <cfrg@ietf.org>; Mon, 26 Oct 2020 09:49:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hVqa4s0shgi5ZCIZPH+whDm5mMFpwmw5rjLaj9Jubz52h4E4Pxc+3zQl5WQRYNm/uoc7ozU7KZV+CKqAImEiMwzysDRDo6pNoBEq2SW6LXTxwohi6pooiRGQ+Zfi3BSnR6Xgm5qfR1p1a+6Ljnr8d8yjMbKWpDK/SRkQBy3wiraZJ2YQnXNZ1Nnt36E85V1gRC3/jieuayALH/w0NIIhDrLVTCTjZGD02HfTRL0RI0OQKTkJ9N9MdvBmdnn9VlKuwf6DbfdRPQt+/voaLFeUlUILP4FbDJj475fnuv0IaAhrnIekmh17TZjb3Z9WuVlnd5b9fCVdjnvxPuLCj9Tplw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/NZMxFzUBt0vgPPKOkYcsqYCKYQqOXlad79ecCuum7s=; b=c2FiKljYgHJj5QulIrHEBCyDIzENEEIUFTNe/0GxB34H/T2p0bTa41GhqMSA9ERMcUPpEtqf7WR/PV+tABm4IZcTfUQ1e47DQZ+tySFoVxdfiMT37adRvcXoSiW+IyTddGAcmf0mlLX2z8w1hl4zVOs3Jh3V8ZLC04GtRa15J51a+2lLWB2Enuq9fMvVUbZ6YNDv88iOl+MnAUUWko1VhPDJf3awUCOQYbTeVUEuhM82tKxSdgGFgx3Z07F1hqrY5NAdny2dJdN4VJASOsHacDgDjYrxXkcXqRy3ro2wKCa8CRXDZXxjQj2UK/nVhePL5s8MWyOZNDZvlTicQurSiw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/NZMxFzUBt0vgPPKOkYcsqYCKYQqOXlad79ecCuum7s=; b=E/Rlgxg4uYsAoxX437bEd5N5Rg+HzqOOX0gWWY6TI72iAbvFLfHjMhZzIUY7hEb6DPVessxT5IbNWlx8TZ55MpbBM0xYj8XXA9POUrMdpXPZwMD7pZKJa9arOK+c8HOrZ9VUJBzvvMq9mFW8N5GZiXz35aYh1/WLlNmAVzbd3wI=
Received: from SJ0PR09MB6848.namprd09.prod.outlook.com (2603:10b6:a03:25b::12) by BY5PR09MB5058.namprd09.prod.outlook.com (2603:10b6:a03:241::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Mon, 26 Oct 2020 16:49:14 +0000
Received: from SJ0PR09MB6848.namprd09.prod.outlook.com ([fe80::bd81:d465:9c2b:ef10]) by SJ0PR09MB6848.namprd09.prod.outlook.com ([fe80::bd81:d465:9c2b:ef10%5]) with mapi id 15.20.3499.018; Mon, 26 Oct 2020 16:49:14 +0000
From: "Dang, Quynh H. (Fed)" <quynh.dang@nist.gov>
To: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>, "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-06.txt
Thread-Index: AQHWq6GuVZCT986TcEmVOFZfQZa6QKmqE9vM
Date: Mon, 26 Oct 2020 16:49:14 +0000
Message-ID: <SJ0PR09MB684891C13A558A4E53E9DD84F3190@SJ0PR09MB6848.namprd09.prod.outlook.com>
References: <CAGiyFdejssUBrs3wmQL7QVKS_YkAr4aoOjow9wOgPHfcsPv+UA@mail.gmail.com>
In-Reply-To: <CAGiyFdejssUBrs3wmQL7QVKS_YkAr4aoOjow9wOgPHfcsPv+UA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [2610:20:6005:218::e9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ccb7ae2c-91be-438c-28ca-08d879cf1235
x-ms-traffictypediagnostic: BY5PR09MB5058:
x-microsoft-antispam-prvs: <BY5PR09MB5058FB9F4821D4C0A79CAEA7F3190@BY5PR09MB5058.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0xoR7elZxxTLRBlFFyqRfdi/EirVAEB4eiHiAsNvEHd6eQTd1CQUf+9MPMkr6OGt2QUrYDQeZEsRd+ghlP5+YcYwh0V4VueeW+kkmEB+saLdVk+VGWqHxB0EnVnjhicKab0fAV2WnWmH9sCAWLuz+J2iTxrFNONm651rW8LWuA4wbSw5ka7eQ6UsKDsCKLhhWNkRfVn0o56f2hWHeycHZl+ruwHgc0nakM2ZpMXpEXUDjvbPZRaHGD7CgB3J7qqZ+3OxlEtDwUM7yGQ3SZF+p/HZSWYYypz0q3U1Iic8OZY/SgwWpHOEpY82ADUTBGH6i8MhHgR4cA9c7FWnk9hxpMnsSejbtCPyrABPcx7WIk8NlHa7NcC8E34gcMzz/Guld4Ob5fViMwFFiE4y6Ys3Sw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR09MB6848.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(366004)(376002)(346002)(136003)(110136005)(83380400001)(76116006)(71200400001)(6506007)(19627405001)(8676002)(9686003)(53546011)(66574015)(4001150100001)(966005)(86362001)(33656002)(66946007)(91956017)(52536014)(7696005)(8936002)(478600001)(166002)(66476007)(64756008)(66446008)(66556008)(55016002)(2906002)(5660300002)(316002)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: i96RPd1nOU2GacQTj8goE0uUuWqW61zefA5WKqOTdcpBHndrn4cdNICaaTJ27eRT4fisIN9Y2aFLDH+1pYLgoUhX4t4iHVsQDkmIN7g1fG4ko8/w8vpIKY6E5oLUfZn8f1ky7cqqQwWZTBA0hvC8SCV9iAxvFx6WXwE3Y/h8iWFWnFqyj2r03CfJeW0ZENn3BI9meV7POp5J+wFXfNyKuYxoV2OmpLaMKfl61qYF85VYAhCqaM0HSk9JxaPZ/JYXpwPC91RvYM3rm6PCa21Q+UxXOdMov4RXd4CgEYpmfykpJ4VXdU9navCnR4+LaqlblN9d5RVghdW7M+4L60jAmedqZEXpjK0mnsxpLwwzyxJ3+fFQTT4bSFVQ1d8OGVbPvbkencu6tyO5VkkQnyBRWCR73+Dme5X4iYC1vISSJMsJL4DWlmGBwbauN6n/6WZ7m2YjvDKh76vPxA2NnzHxG1jXK8OwlFEYF6n+FsMAtTFyXLQ8TkX25xJQo5sQ+cwuLEty8LUDEdtEdD507eC7Sfle2VfiHll56GQKRWywVp0Ex7gP6UEOzOOpj6ejDahA5lzaOUjWBlJFEU1QbUgI/zOdjDWjTdlC30ypE66N0dDkz7eT+4dlFjufhi9lZPx4ZqnfpQeFw+/h6Wk/+ooO7HIxOJcfkwDRkfD0Zg/MRDk=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SJ0PR09MB684891C13A558A4E53E9DD84F3190SJ0PR09MB6848namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR09MB6848.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ccb7ae2c-91be-438c-28ca-08d879cf1235
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2020 16:49:14.2644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eNeRIOHFZ5YpjmKlqf9GE1aKqCB3x9i6t5HDAwfP7/mIQ3DlphhPFnoDEfCgCZev
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR09MB5058
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/hNCXe7-FaxShmBDjjAawZ6BhMGk>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2020 16:49:20 -0000

Hi all,

I agree with JPA here.

A sponge-construction hash function can be a good KDF such as a KMAC or SHAKE128 (or 256) (m, d) for any fixed application-specific value d where m is input and d is the length of the output.

Regards,
Quynh.
________________________________
From: Cfrg <cfrg-bounces@irtf.org> on behalf of Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
Sent: Monday, October 26, 2020 10:08 AM
To: cfrg@ietf.org <cfrg@ietf.org>
Subject: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-06.txt


Hi!

quick comments on the new draft, as solicited by the chairs (thanks for reminding me of this!):

as commented in my review, and as discussed more recently with Ben Lipp, I just find that directly defining the KDR in terms extract/expand internal operations will prevent the adoption of other KDFs than HKDF. The construction could be defined in terms of a generic KDF block and retain its security properties (KeySchedule() might have to be adapted).

Otherwise no objection :)

Cheers,

JP

--

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Crypto Forum RG of the IRTF.

        Title           : Hybrid Public Key Encryption
        Authors         : Richard L. Barnes
                          Karthik Bhargavan
                          Benjamin Lipp
                          Christopher A. Wood
Filename        : draft-irtf-cfrg-hpke-06.txt
Pages           : 87
Date            : 2020-10-23

Abstract:
   This document describes a scheme for hybrid public-key encryption
   (HPKE).  This scheme provides authenticated public key encryption of
   arbitrary-sized plaintexts for a recipient public key.  HPKE works
   for any combination of an asymmetric key encapsulation mechanism
   (KEM), key derivation function (KDF), and authenticated encryption
   with additional data (AEAD) encryption function.  We provide
   instantiations of the scheme using widely-used and efficient
   primitives, such as Elliptic Curve Diffie-Hellman key agreement,
   HKDF, and SHA2.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-hpke/<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-irtf-cfrg-hpke%2F&data=04%7C01%7Cquynh.dang%40nist.gov%7Ce8fead0f0a784fa9b1a308d879b8cefd%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637393181948562903%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IVt0ZuwFRX95wPmtB0d9yNbLbRCdhyfuU8PnPz3JWo4%3D&reserved=0>

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-irtf-cfrg-hpke-06.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-irtf-cfrg-hpke-06.html&data=04%7C01%7Cquynh.dang%40nist.gov%7Ce8fead0f0a784fa9b1a308d879b8cefd%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637393181948562903%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3pki68T7PGEpMxgXD3LzaPB25xF1yvAejVqP6uiCjeA%3D&reserved=0>

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-hpke-06<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-irtf-cfrg-hpke-06&data=04%7C01%7Cquynh.dang%40nist.gov%7Ce8fead0f0a784fa9b1a308d879b8cefd%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637393181948572867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vaTyIy8uEMj5P2HXHy%2BiWbcsisToYr1GzilZmiuQnu4%3D&reserved=0>


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftools.ietf.org%2F&data=04%7C01%7Cquynh.dang%40nist.gov%7Ce8fead0f0a784fa9b1a308d879b8cefd%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637393181948582821%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=12%2FJbuGen2vw8OnF9UHebilkVHSK2cfkG7EuFzuqw8U%3D&reserved=0>amp;reserved=0>.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/<https://gcc02.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Finternet-drafts%2F&data=04%7C01%7Cquynh.dang%40nist.gov%7Ce8fead0f0a784fa9b1a308d879b8cefd%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637393181948582821%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=h0TzBJysx%2B6Tahqpqtakc1007jTWpWi97DUWEqnfO4Y%3D&reserved=0>


[Cfrg] I-D Action: draft-irtf-cfrg-hpke-06.txt  internet-drafts