[Cfrg] PAKE review
Brian Warner <warner@lothar.com> Thu, 15 August 2019 17:39 UTC
Return-Path: <warner@lothar.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E491200C3 for <cfrg@ietfa.amsl.com>; Thu, 15 Aug 2019 10:39:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BH-xd5KeRWEF for <cfrg@ietfa.amsl.com>; Thu, 15 Aug 2019 10:39:00 -0700 (PDT)
Received: from smtp.lothar.com (smtp.lothar.com [204.246.122.77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 652181200BA for <cfrg@irtf.org>; Thu, 15 Aug 2019 10:39:00 -0700 (PDT)
Received: from [10.0.2.174] (99-124-154-248.lightspeed.sntcca.sbcglobal.net [99.124.154.248]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: warner) by smtp.lothar.com (Postfix) with ESMTPSA id 9D5637815F for <cfrg@irtf.org>; Thu, 15 Aug 2019 10:38:56 -0700 (PDT)
To: cfrg@irtf.org
From: Brian Warner <warner@lothar.com>
Openpgp: preference=signencrypt
Autocrypt: addr=warner@lothar.com; prefer-encrypt=mutual; keydata= mQINBFNK1VsBEADMrGiCKsx/d0bO13WpMb1xNDTiGs/cCBZK7vRUqZFCfApBrcmjBtnW9F0K PHY71ys9fJYV+YGX3Z/zX9+OIo5ssGdX5Uas46wDci7LHFwdbBBV6pyZep3yJlaTRUf/D4F3 9niXSTXPIMDlaP4RmyycbrortvaF5/X5EMXS6/KvakRsBygftqzqx6nAkqMPPsY6ouuLk9g1 zSu9tByT7hqzIsbKyFO/3fhVNy8Y03PY8eC0kr9mZ3+BonKu8Vp+f0mp9zCaunby8A5ci9ba By+b0JZATZlAPpQLLkz+pettwPNSC87o1xuxs7WTwlgnH9H8eRK/qSbR9rlRmjxK+ufsi5qs E/WZI0jc51OI26WDQnpvXSqluCAZ/Ge5BoPYcf9KmBNF3MJlEfdhM2iXYatNlwxJP00uAuWi ds00ZZBFxy4l2/ITVoLSZemQtlcj1j8Rh7969fIVM7gAgp9KFaLusq5WEwrIVAbV2zk5v5T+ ISJ4MtFyrKF9de7bQnJlcTJcnUvV1EcFlmkVR/METXvEt7fhPeYIq9OIRQAGaUIREsP22lhr E5v077QLiXCoc6hSMl5iDQk2YYYZ0i71vIt4ULru2yrSWRbjy/ukvfy3clAeb9RzVhz2kNnh KvQxLPStJkjm5fY4HzQSFKBhEANsFFyaWXdLGNg7fTLR6rEbQQARAQABtChCcmlhbiBXYXJu ZXIgKGVtYWlsKSA8d2FybmVyQGxvdGhhci5jb20+iQI4BBMBAgAiBQJTStVbAhsDBgsJCAcD AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRADhugbEcqgejEBD/0di4Y4OrD94WaUvTkp0D1+DkRY souttQ6TfBp5gfsBVkR2lkIjDK3gJwAeIu9QxkIiV8RjTRI8SKLat8XcW1keLALBYo6Gt0ip UumUHHa+graskB2rRqb/PnXeZcaDFks2uDB5j5oy4Rn2IS/P9TG81GpXNfpzCOJPpdgH9+fE Sj3OyB4+/oV4KsEk0r8k23BEWPjlw1boemZBQLJg6YveIDgWJQ2FxXrHzF+cg2tQQFpPMEc/ pU27mnquLqs8kmYTHmVlGYfw4tSg8VZng0f2QuRLN/lgHpESnzVNIk+lY0z4ckgTWMTUHjj+ bhh6SEfE7I6LDNntyKjHXa/m11RhOaM/Z7bjbKAyOeJlqA0/SUOti6T8RrFNKKvr+UiBz0Ws ZYc74AQvwddty45EQsxsBNoq8OKWkNmE8vylkYdLcExJ6vzHkWLzzQDawxPdP8qm1LaxrIYh bD4m5CZvc9ZvsfAI3Kemo8omWyEsXBR4y1wI4VVCkbZnmzo1M9p1tLjx/VAcm9aQqOgJ+X3Z 2+S2cNDoQagr6+dknLVqo2dZ98MvzbS/t1/K/QWelGI0xY7xyWjHvLcb9SR3c3JSQDTY9hTJ NNq5yv/hakdqwanbiAjOFs0fErViuTrXeTpwrz0TdSY90bZf4c0muoNswWLXgfnaSg/cnTNh w4uP+rMsQ7kCDQRTStVbARAAx7GYFLqau7Nx+hZUL7pq39XsV+JvAt0kgyy20RwuwqkOb30/ Ra2LkJkqBLU7/EicJ5nE66KwsSdoloehv2Hc8XPb5lynbshfjMCbPYnnNekWzI8wyqtEB9tt AOs+44phnSWjP/Z8xWT2BDLKuEWvKkOU+AldY8s9K1nzy71HW0rxnsYqBUBj4KTlKU/q98S5 piiiEZjMHt8sqL7Q98axMVhpWahUoAVzYs8ksbJslP9UH7QAMAt1eqU41oJXk2hZIvpY3eaQ K4ic3fhfE/Dd/ex3sSiAjI5YcC2sVAFBSNeJxDOLN0giC7aXeAaUEi1LkXP8wLUcFtljP+Gf FpVbJUCLd2mKwzKVfBJcE/9k1rQlNGgP9X5YtOdcRodk3PfzIQ2btpOes585UsG/fS62ayu2 nJt4vWIqWd0q1eCD3FyaPO/a5wM16QGDiPDmZnrKNdy7B0lzcjl3iaaFYgBD19JA7ETpLFpL 1r6jWP5wm/EcFGrESKvRV7iGLq6bV4tJTu0f6faj7AyODf1JnXLOtE4Aeld7FSHqUUqA8ijn UG1+YjEnvfZsi1pYzty2tlO4GdSQftmyEGh43VGzl1S6OFbOcQ4NUHasLCDnVtaPDLgAbgAj HNfMWJrXMaie/Dtwgvz+G4SkdaMxb0RxvFIRsrDcJrdmDEaPHVdYXT8AWvEAEQEAAYkCHwQY AQIACQUCU0rVWwIbDAAKCRADhugbEcqgepcJD/9DWVNiLB31+HYbwSd3XMH/kejR4EnsT8R/ dC/esadiHza4xSQbiXPmk0t9N5VHlcp4I7gI0P/AKnshZJmZL3QTPUBy9QX7caJu+vOHJHot u9p4zwS/FHUwVqZV7W5UpYyPAkRngIEDubYGLcknxzgyaBHULPs247U5X1X5te6LJ0QgXJAd qvnIoH23puKbPF7AWkmyF4nhEnXEfopUndsnDupM+RoFpZ6nIt6cogFzhvQxgqk5Ejti9Vw3 6RjtpJ5QI0NXVi31YfnOJASsW+85SHxq25bXhgszHT5pB0DoJBJwjrphFgIqe400BnTz3CGe SQhK5T0Cq6maxq3Z8Fez70/CvDdrrGqI3K41Zvzd0d067iGiNYMgeLvB2tavQMW+wsxbHEL0 ZzK2nQfW5YRsVBnU+qgZ+G7u3K2DuNhMVsKwYwQJucltRO4JZIrFLI5PxWhKXyH7+4gdMulx 4GOhfq/33dsvW4meP4w+TTCbz6ZU2Ub2OuJ7bboQTqTDkj8EdpH34xcy0rOlhavuaxq82k/P VdmkDDNOWEJITQHZ+hPNw0YfKnzqsiQT0K0e0azq35toIGI0dkGZB6/KuGhDNCIHt80M23+0 bqDpP4RIcl8nbFrBD2yvEGyL9n1Lu6Z6M0Iav4dWUkkjP4Ghpohm8dun+oQrFCi3Dqe3H09B bQ==
Message-ID: <ef4bfaae-41ab-db86-3fa8-60747a24430e@lothar.com>
Date: Thu, 15 Aug 2019 10:38:55 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/gK1disSA3CJhT8r1Z38i_NK5g7M>
Subject: [Cfrg] PAKE review
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 17:42:35 -0000
Dear CFRG, Nick Sullivan asked me to participate in the PAKE selection process. My specific use case is a tool/protocol I've developed named "Magic Wormhole" (https://github.com/warner/magic-wormhole/), which uses PAKE to let two humans introduce their computers to each other, for the purpose of transferring a file, text message, or other secrets. I'm encouraging its use as a provisioning protocol, to connect two applications without the use of long-term human-memorized passwords. For example, two users of a secure messenger could use it to safely exchange their public keys and other address-book data by just speaking and transcribing a short single-use phrase. The magic-wormhole protocol currently uses SPAKE2 (a symmetric PAKE) on an Ed25519 group, with an additional form of symmetry: the two sides do not have to decide ahead of time which role they are playing. In SPAKE2 terms, the "M" and "N" elements are equal, which saves a roundtrip. This program was inspired by work I did on Firefox Sync, back when it used J-PAKE pairing codes (around 2009) to connect two browsers owned by the same user. Nick suggested that I might be able to help evaluate the four symmetric PAKE nominations, both for their applicability to other contexts, but particularly for magic-wormhole and other "provisioning" -style applications, in which the codes are randomly generated and single-use. I think augmented PAKEs are great, but they aren't as useful for these kinds of protocols. I'm happy to help out any way I can. cheers, -Brian
- [Cfrg] PAKE review Brian Warner
- Re: [Cfrg] PAKE review Björn Haase
- Re: [Cfrg] PAKE review / Patent situation for SPA… Björn Haase