[Cfrg] PAKE Selection Process: Round 2, Stage 2
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Mon, 09 December 2019 12:43 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99711200B2; Mon, 9 Dec 2019 04:43:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OsasMILBesRN; Mon, 9 Dec 2019 04:43:46 -0800 (PST)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A93E1200A3; Mon, 9 Dec 2019 04:43:46 -0800 (PST)
Received: by mail-lj1-x22c.google.com with SMTP id m6so15481871ljc.1; Mon, 09 Dec 2019 04:43:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=rBKBWRmB9COCgC9f9itgS49xL1WrnnP0XA/+ERgoX1M=; b=EaMdu4+Csta2ZTBq12383ouoNMnCsifnWRgr6orjoMymJBl2w4UUFjrs6PGgaATtPj f4QD0DXIT0fukszWX1dXqRc74JaXMsAVgVDfHeGfl+8vicyABlMtFmg7Mi0AauUGmdlv 780QfKKrgKwNf6jvNjLVmb+G1j7i0+396XdTuYMH/eFs+VXu1kbSnUpl3QUAji0oVA7g urH2C1GEx6dIUUy2ZTSUHRz/SdhHWmkulIuAxSlDPkXoqjn60BBu7boretuR9sE/om+T 9RVWxETEj1bWjMhlUZguKS6det5Xmt8okIWTa8ZKLPphX8ObPCwoKfd9ITXd4rcPJ5U5 6O/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rBKBWRmB9COCgC9f9itgS49xL1WrnnP0XA/+ERgoX1M=; b=pEJsIiK9fybbHoUuryi1Q7MEV+OCVL9D8rSb7B+EH125v7HNzbKaI4J+GpN7O9n4kH Pdu3ez2l/aH6X71Kne9pW0i5qj0ENPLVC2yXtpxfb+8KpCCX9h8TJsak6+PYjD2g9DRy g5n9JzwJEWOnUQ6zEWRUZvg0QcMoO25Tc24N+A5cQNedbq7zS170ofWDfGVaahjJy9RR KFOx6dZ5er2RJbR0uV33uh6NfvCfVlJzmUVlN/nbsWfFrx3aaL+YOtjRBWwPyYQTqMZ4 QSv0WjEJL86BdiIJhJUudbqHmRqHNa191zXqhhanrlz2AuhvZs2w1Gck2d4dKzWFY1P/ Yj9w==
X-Gm-Message-State: APjAAAXS48N2A0o4bojZA3LL7eUE9Yo5nUECPhV7ZC9ap7KXujAZx7mn B3KWKHXeoGpM6LnW4wBJA4N/+p8wEimi4NSZAvogvTg2
X-Google-Smtp-Source: APXvYqzCWwdM3rTcDuymDSk8RzXAVu9aRYs6EHJ4lcEkhoucCogMlrRmB1AATbwDfZatCcHgKM2M3Bww8/D6B7RRg4U=
X-Received: by 2002:a2e:859a:: with SMTP id b26mr16724845lji.137.1575895424215; Mon, 09 Dec 2019 04:43:44 -0800 (PST)
MIME-Version: 1.0
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Mon, 09 Dec 2019 15:43:35 +0300
Message-ID: <CAMr0u6=hOG1Jw_3iafiC+0U4F6OX6Dnx78+4zamk7GmdgvvfGw@mail.gmail.com>
To: CFRG <cfrg@irtf.org>, crypto-panel@irtf.org
Content-Type: multipart/alternative; boundary="000000000000f6aea3059944be4a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/j88r8N819bw88xCOyntuw_Ych-I>
Subject: [Cfrg] PAKE Selection Process: Round 2, Stage 2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 12:43:49 -0000
Dear CFRG, According to the plan of Round 2 of the PAKE selection process, additional questions for all four remaining candidates have been collected from CFRG participants (and Crypto Review Panel members) via crypto-panel@irtf.org . We've obtained the following list of questions: 1) (to SPAKE2): Can you propose a modification of SPAKE2 (preserving all existing good properties of PAKE2) with a correspondingly updated security proof, addressing the issue of a single discrete log relationship necessary for the security of all sessions (e.g., solution based on using M=hash2curve(A|B), N=hash2curve(B|A))? 2) (to CPace and AuCPace): Can you propose a modification of CPace and AuCPace (preserving all existing good properties of these PAKEs) with a correspondingly updated security proof (maybe, in some other security models), addressing the issue of requiring the establishment of a session identifier (sid) during each call of the protocol for the cost of one additional message? 3) (to all 4 remaining PAKEs) : Can the nominators/developers of the protocols please re-evaluate possible IPR conflicts between their candidates protocols and own and foreign patents? Specifically, can you discuss the impact of U.S. Patent 7,047,408 (expected expiration 10th of march 2023) on free use of SPAKE2 and the impact of EP1847062B1 (HMQV, expected expiration October 2026) on the free use of the RFC-drafts for OPAQUE? 4) (to all 4 remaining PAKEs) What can be said about the property of "quantum annoyance" (an attacker with a quantum computer needs to solve [one or more] DLP per password guess) of the PAKE? 5) (to all 4 remaining PAKEs) What can be said about "post-quantum preparedness" of the PAKE? Please let the chairs and the Crypto Review Panel members know (before December, 17th) if any questions (collected via crypto-panel@irtf.org) have been lost or misinterpreted (or something needs to be added). Best regards, Stanislav, CFRG Secretary
- [Cfrg] PAKE Selection Process: Round 2, Stage 2 Stanislav V. Smyshlyaev
- Re: [Cfrg] PAKE Selection Process: Round 2, Stage… Watson Ladd
- Re: [Cfrg] PAKE Selection Process: Round 2, Stage… Stanislav V. Smyshlyaev
- Re: [Cfrg] PAKE Selection Process: Round 2, Stage… steve
- Re: [Cfrg] PAKE Selection Process: Round 2, Stage… steve