Re: [Cfrg] PAKEs for IoT

"Stanislav V. Smyshlyaev" <> Wed, 20 November 2019 08:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8B257120AA1 for <>; Wed, 20 Nov 2019 00:42:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GkA9TXj1LPYR for <>; Wed, 20 Nov 2019 00:41:58 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1048B120088 for <>; Wed, 20 Nov 2019 00:41:58 -0800 (PST)
Received: by with SMTP id 139so26551144ljf.1 for <>; Wed, 20 Nov 2019 00:41:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=l2heCUy0SAoTXu1GpJuB1nnaaYZ6dZPGei3VkKjmSxs=; b=qY23Nu1TBjWvZBrYby11ixh9p4Duvov/hpDFBsp6LZET9Ihqdmmk0G/oJ8HjaLsJHI tdg/9fZhpvPZgmEmkdnZ9DBfJevsPQR49QzraGnmkEMmt38Od1jTr0P4EQvO64PAjFBg XKFew6VYSQRdJNluJgEh4D0c13g4lbSbX3HzeHISAr9LqQwXdj8l38/EtSSqQLjBjQNG t53+lTYNu9M7f8JV9bWZ2AI/Kh3Htf7mQDJ6D3OY+RINbC1MycQ1Ugr1ADDse54NTr+f 8dugtD0veDP2EWo4BCJiz/n9nDo918Uh9j+JTtj0NrjUL0Ax7bQNc3TKwFLcJOmXryFt U+OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=l2heCUy0SAoTXu1GpJuB1nnaaYZ6dZPGei3VkKjmSxs=; b=QSJd+EpllarQHXGxyMXOjMdh4v4+nK5oQu8G8ciaQl1hlySRoxmPrLs4jPPXXt8dTJ x6MN3Fe3jTixuWRGsB/ljIrXyyB8oLnN66DZRK4yuEFsrhFJiMD41Wa+ybvN6wVh3fQx qhuWwqvjkvmYHGu9jZ2nND6us5C/3gF2AnWGv7y15KB1h3yzG+I9Oxf3dLo/7BaS044i LJuwnjBzyCgiDUO1lShulE93ZShowQFGmJn880SnlB7DQ8CBttibGrWUFAB94Sz1HZ0p c5KxLMvpsHbgp/ABpn5zgfmvZoVstelUdC/cqQEXiq5YsYhohCfX9gSnUOWoPEvP/yLN 8mbQ==
X-Gm-Message-State: APjAAAWVXkRDL4noidghECB+C21P3Q4xygFx92LXlAPlQG2XeAZQ0rke E7CV3Wnvwr2VGbzv1q3WyI7f4rsjMiw1L42yUzk=
X-Google-Smtp-Source: APXvYqybi7z3uQi3IXdeLaeOIrAfacT9ePqU/vGI1InCH/Lbctcw7I8RkpDx3ptYwHhMEaAJtvgz/6IXzIIBKOWdP5c=
X-Received: by 2002:a2e:8518:: with SMTP id j24mr1511979lji.13.1574239316199; Wed, 20 Nov 2019 00:41:56 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: "Stanislav V. Smyshlyaev" <>
Date: Wed, 20 Nov 2019 16:41:44 +0800
Message-ID: <>
To: Hannes Tschofenig <>
Cc: cfrg <>
Content-Type: multipart/alternative; boundary="0000000000003bcc6d0597c32713"
Archived-At: <>
Subject: Re: [Cfrg] PAKEs for IoT
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Nov 2019 08:42:01 -0000

Dear Hannes,

All collected information about the candidates is here:

Could you please formulate the corresponding questions to the authors of
the four nominated PAKEs that are to be considered at Round 2 (SPAKE2,
CPace, AuCPace and OPAQUE) and send those questions to

Best regards,

ср, 20 нояб. 2019 г. в 16:36, Hannes Tschofenig <>;:

> Hi all,
> I was asked to do an analysis of the proposed PAKEs for IoT. I know I am
> very late with doing that. I tried but I ran into a few problems:
> First, it is not clear whether there are any specific requirements for the
> use of PAKEs in IoT because performance concerns are less applicable. PAKEs
> are used largely for onboarding where user interaction is required. This
> reduces the need for low latency because (a) users tend to be slower than
> machines and (b) large network load due to mass (automatic) onboarding
> appears to be a non-issue.
> Second, I had a hard time finding performance data for the proposals.
> Getting an understanding of the required code size & ram size on embedded
> devices would also be super useful.
> Third, it remains to be seen whether new PAKEs will get adopted by SDOs
> working on IoT for two reasons: (1) There is a push from governments not to
> use passwords on IoT devices (irrespectively of whether they are using
> PAKEs or not; a distinction that is not understood by users anyway.) (2)
> There are two PAKEs deployed already, namely JPAKE (in Thread) and
> Dragonfly (for use with WiFi security). At least in Thread, the effort
> wasn’t very successful because we have other technologies that give us
> better properties without bothering the user.
> Ignoring the third item, I was wondering whether someone can help me with
> my analysis by pointing to performance data or code (ideally from those
> working on the proposals).
> Ciao
> Hannes
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> _______________________________________________
> Cfrg mailing list

С уважением,

Станислав Смышляев, к.ф.-м.н.,

Заместитель генерального директора