IETF Logo Mail Archive

Re: [Cfrg] Adopting "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption" as a CFRG document

Thomas Peyrin <thomas.peyrin@gmail.com> Tue, 29 March 2016 12:45 UTC

Return-Path: <thomas.peyrin@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D547712D7BC for <cfrg@ietfa.amsl.com>; Tue, 29 Mar 2016 05:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqEdxZuop5AJ for <cfrg@ietfa.amsl.com>; Tue, 29 Mar 2016 05:45:27 -0700 (PDT)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B100A12D7BA for <cfrg@irtf.org>; Tue, 29 Mar 2016 05:45:13 -0700 (PDT)
Received: by mail-lb0-x230.google.com with SMTP id qe11so9436586lbc.3 for <cfrg@irtf.org>; Tue, 29 Mar 2016 05:45:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=Tm/nO77sH3sA0vzKahU0YbUzBzYyO19YJmYHg5n95so=; b=X7ynHi7TCMem6dxWQShQDf3jWLkdwJR25niYrenT/nU7Vj6njIQdQB2lVpZTX+rcJz 6zz0JvxQ4dQeJCzm95Ll3h4bWSofGDTKzaAUW/qZ8lv0aAZog/ckCBEV99J4b4mdR9MF LhIGmSn4vAMv6RvIE7PoUQDXN/L5eIdzgApGuuezsZfcC5GLHsp46xp7cFTvRkeMVv8/ u0hnqvQNk72GHl3wNA+j83pkytNcPB8jt2wy/vr46uKX10LvdeBB6UCo5JURZ6yNYCvl lGZTbFbdAPdPvdEZCQcqBDhEBxfGlIdPhWIaPVLMlk7u7HMalDdOla5nCd2VclTk94VM iiQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Tm/nO77sH3sA0vzKahU0YbUzBzYyO19YJmYHg5n95so=; b=WP6KajRgfju02bwrg4qZH5Xx8M1JOghAXWIdTKpJxDSx5gWATERsLAEddSucogc8zt DAV6o9fJb7p5UuCdIwzYIkdiHR8iFCS3lx5MmG8m/yjuWUjWT/0nmgs4G6xSg8dRwZj7 CRLCHV3BxM7bYWmk3r2/s2CjKe5DzOIfbTxq8zr30RDONnCAMV5BV/0aZyIrWuQ+0GYi IiErxY8qKahhxi/zJvu29JvtuldoN20or0PWw9gMT/2Bnrp5ANgxcbVNqFk8qmOuwed9 wH6oM2pStV9Sbq1mIOOnT3w3C+z4iQuVGDIbwg2QIsERBpzDsQRMGExrp9rT7tLq0xv0 jP9w==
X-Gm-Message-State: AD7BkJK55E2DcfdqzZPBjFZFGlNmT3PcZnIHqjNrXO1AVdRcab00FXbVabTo5ad2J2QHydrkwITCxn94spdllw==
MIME-Version: 1.0
X-Received: by 10.112.54.201 with SMTP id l9mr1046005lbp.105.1459255511683; Tue, 29 Mar 2016 05:45:11 -0700 (PDT)
Received: by 10.112.198.103 with HTTP; Tue, 29 Mar 2016 05:45:11 -0700 (PDT)
In-Reply-To: <D32010E0.68556%kenny.paterson@rhul.ac.uk>
References: <D31EFD69.68456%kenny.paterson@rhul.ac.uk> <AA010FE1-75FE-49E6-860D-79E1C89FC77E@krovetz.net> <D31F5AA8.684DD%kenny.paterson@rhul.ac.uk> <25BF4974-98A9-473D-BF2C-012DC6ABE780@krovetz.net> <D32010E0.68556%kenny.paterson@rhul.ac.uk>
Date: Tue, 29 Mar 2016 20:45:11 +0800
Message-ID: <CAA0wV7T29V0S4LavEOtavAhP_NLyODEAyhgp3tkZ5JwX=_sxcQ@mail.gmail.com>
From: Thomas Peyrin <thomas.peyrin@gmail.com>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Content-Type: multipart/alternative; boundary="001a11c3a7546918f5052f2f66a8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/e_qtTamCuH2vIu7-HhT4dvbQvAM>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Adopting "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption" as a CFRG document
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2016 12:45:34 -0000

I also think it is wiser to wait for the CAESAR outcome. Probably most of
the cryptanalysis time in the last two years was spent on analysing CAESAR
candidates, and not AES-GCM-SIV. If really a misuse-resistant candidate is
absolutely required now, I would say one better go for any of the
misuse-resistant schemes from the 2nd round.

Cheers,

Thomas (full disclosure: I am co-designer of some CAESAR candidates)

2016-03-29 18:05 GMT+08:00 Paterson, Kenny <Kenny.Paterson@rhul.ac.uk>:

> Dear Ted,
>
> On 28/03/2016 23:46, "Cfrg on behalf of Ted Krovetz"
> <cfrg-bounces@irtf.org on behalf of ted@krovetz.net> wrote:
>
> >Uri suggested that other proposed AEAD schemes interested in
> >short-circuiting the CAESAR process could submit proposed RFCs to CFRG.
> >Is that what you'd like?
>
> It's not really a question of what I'd like, or what the chairs would
> like. It's a question of what CFRG, based on consensus if possible and
> rough consensus if not, decides collectively to do.
>
> My personal view, for what it's worth, is that it would be better to wait
> until CAESAR is complete and then look in the round at the portfolio that
> it has produced before adopting any of the CAESAR candidates.
>
> Cheers,
>
> Kenny
>
> >
> >-Ted
> >_______________________________________________
> >Cfrg mailing list
> >Cfrg@irtf.org
> >https://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email