Re: [CFRG] Fixing the multi-shot API of HPKE

Dan Harkins <dharkins@lounge.org> Sat, 13 February 2021 12:28 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646133A10CF for <cfrg@ietfa.amsl.com>; Sat, 13 Feb 2021 04:28:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aeKgoLn1b8n2 for <cfrg@ietfa.amsl.com>; Sat, 13 Feb 2021 04:28:39 -0800 (PST)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EB1F3A10CA for <cfrg@irtf.org>; Sat, 13 Feb 2021 04:28:39 -0800 (PST)
Received: from trixy.bergandi.net (cpe-76-176-14-122.san.res.rr.com [76.176.14.122]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTP id <0QOG0AYWJVZRA6@wwwlocal.goatley.com> for cfrg@irtf.org; Sat, 13 Feb 2021 06:28:39 -0600 (CST)
Received: from blockhead.local ([69.12.173.8]) by trixy.bergandi.net (PMDF V6.7-x01 #2433) with ESMTPSA id <0QOG00M1PVY0T0@trixy.bergandi.net> for cfrg@irtf.org; Sat, 13 Feb 2021 04:27:37 -0800 (PST)
Received: from 69-12-173-8.static.dsltransport.net ([69.12.173.8] EXTERNAL) (EHLO blockhead.local) with TLS/SSL by trixy.bergandi.net ([10.0.42.18]) (PreciseMail V3.3); Sat, 13 Feb 2021 04:27:37 -0800
Date: Sat, 13 Feb 2021 04:28:37 -0800
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <4FCD508B-0ECB-4F7B-B252-B92CDFBC5B8B@gmail.com>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Message-id: <1ded9ec0-4da1-981d-fedc-709ca301c166@lounge.org>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8; format=flowed
Content-language: en-US
Content-transfer-encoding: 8BIT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=69.12.173.8)
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [69.12.173.8] (EHLO blockhead.local)
References: <c089c88b-c5f6-f228-31a3-fb4e97a436c8@lounge.org> <4FCD508B-0ECB-4F7B-B252-B92CDFBC5B8B@gmail.com>
X-PMAS-Software: PreciseMail V3.3 [210212b] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/cYfHdL_wSExjDoli9zEzpdFY0T4>
Subject: Re: [CFRG] Fixing the multi-shot API of HPKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2021 12:28:41 -0000

   Hi Karthik,

On 2/13/21 3:10 AM, Karthikeyan Bhargavan wrote:
> Hi Dan,
>
> I don’t fully understand the problem you are alluding to.
>
>>     "It is up to the application to ensure that encryptions and
>>      decryptions are done in the proper sequence, so that encryption
>>      and decryption nonces align.”
> The HPKE stateful API guarantees that nonces cannot be misused, even if you use AES-GCM or Chacha-Poly. (Of course, you could also add a SIV ciphersuite.)
> Furthermore, it guarantees that the stream of plaintext messages received by the decryptor is a prefix of the stream of plaintext messages sent by the encryptor.

   It's not an issue of misuse, it's an issue of the sender and
receiver contexts getting out of sync through entirely normal
network behavior and becoming unusable.

> In the current design, if two ciphertexts are decrypted out-of-order, both decryptions will fail.
> So the problem alluded to in the text above is one of functionality; the application has to ensure (using some meta-data) that it is calling decrypt in the right order.
> The application usually has to do something like this anyway to put the plaintext stream together.
>
> I do not see how using AES-GCM-SIV is going to solve the above issue; yes, it would allow you to decrypt the plaintext in any order, but  the HPKE receiver would not be able to authenticate the correct order.
> Am I missing something?

   AES-GCM-SIV requires a nonce (although reuse is not tragic in the
way it is for GCM) so there still needs to be some guarantee that the
nonce plugged into the receiver is the same as the one plugged into
the sender when the ciphertext was created. This is a proposal for
AES-SIV (defined by Rogaway and Shrimpton) which can do deterministic
AEAD (it can also be passed a nonce to be more like a traditional AEAD
mode, albeit slower, but that's not what I'm proposing here). No nonce
so nothing to worry about getting out of order.

   Regarding the correct order, for a streaming application yes that's
true. The correct order would still be needed and whatever technique
you use to ensure that decrypted packets get ordered correctly could
probably be used to ensure that packets are decrypted in order. But
there are other interesting applications of HPKE that are not streaming
and each message can be thought of as self-contained. Imagine a sensor
obtaining some environmental data and then sending it off to a server
for correlation and processing every <time slice>. It would be quite
easy for such a sensor and server to get their HPKE contexts out of
sync and that would be a real PITA.

   regards,

   Dan.

> -Karthik
>
>
>
>> On 13 Feb 2021, at 00:29, Dan Harkins <dharkins@lounge.org> wrote:
>>
>>
>>    Hello again,
>>
>>    The HPKE spec defines a single shot API for doing things like key-wrapping.
>> You pass in the recipient's public key and some plaintext and get back a
>> ciphertext. And that's it. One and done.
>>
>>    There is also (what I'll call for lack of a better word) a multi-shot API.
>> The idea here is that there's a single asymmetric crypto operation involving
>> the recipient's pubic key to derive some state that resides in an opaque HPKE
>> context and then multiple calls to encrypt distinct plaintexts. The state
>> created includes a base nonce and a sequence number (initialized to zero).
>> Each call to another encryption (decryption) increments the sequence number
>> which is xor'd with the base nonce and passed to the AEAD algorithm. The HPKE
>> APIs take a plaintext, and AAD, and produce a ciphertext, and vice versa.
>>
>>    This multi-shot API is fine if your world is Guaranteed In Order Delivery
>> of Packets but that's not the world we all live in. As such, it'll only
>> be a matter of time before the sender and receiver are out of sync. The
>> HPKE draft alludes to this problem this way:
>>
>>
>>
>> Well that's a pain! One of the nice things about HPKE is that one doesn't
>> need to worry about the nitty gritty of crypto state management anymore,
>> it's all hidden. The API is nice and clean-- pass in a plaintext and get a
>> ciphertext, pass in a ciphertext and get a plaintext.
>>
>>    If there was an AEAD mode that did not require a nonce it could be used
>> in HPKE's multi-shot API without need for the application to manage state
>> and guarantee the parties stay in sync. Thankfully there is such an AEAD
>> mode: AES-SIV (RFC 5297).
>>
>>    When I brought this up earlier (and also on github) in the context of
>> misuse resistance the response was, there's an export-only API that will
>> give you a secret and you can go do any AEAD mode you feel like, including
>> AES-SIV, issue closed.
>>
>>    While that is technically true, it applies equally to the AEAD functions
>> that HPKE already defines-- you can export a secret and do AES-GCM-256
>> outside of HPKE while managing the necessary state yourself. Yet HPKE
>> defines AEAD functions whose state resides in an opaque context so there
>> is obviously value in having that functionality. I just want to get that
>> value-- a clean, multi-shot API where I don't need to worry about managing
>> state or guaranteeing people remain in sync-- for people who don't live
>> in the world of Guaranteed In Order Delivery of Packets.
>>
>>    So I'd like to ask the group whether they see value in having a nonce-less
>> AEAD mode in HPKE. If so I'll be happy to resurrect the text changes I
>> proposed and will be happy to contribute test vectors from my HPKE
>> implementation which already does AES-SIV.
>>
>>    One issue is that there are different security properties for a
>> deterministic authenticated encryption scheme than for a probabilistic
>> scheme. This is discussed in [1] and the security considerations would
>> have to mention this. But I don't see that as a formidable problem.
>>
>>    regards,
>>
>>    Dan.
>>
>> [1] Rogaway and Shrimpton, "Deterministic Authenticated Encryption",
>>      EUROCRYPT, 2006
>>
>> -- 
>> "The object of life is not to be on the side of the majority, but to
>> escape finding oneself in the ranks of the insane." -- Marcus Aurelius
>>
>> _______________________________________________
>> CFRG mailing list
>> CFRG@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius