Re: [Cfrg] RGLC on draft-irtf-cfrg-chacha20-poly1305-01.txt

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Mon, 13 October 2014 12:24 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1FEA1A8A0C for <cfrg@ietfa.amsl.com>; Mon, 13 Oct 2014 05:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5AcfwomAeJ7 for <cfrg@ietfa.amsl.com>; Mon, 13 Oct 2014 05:24:22 -0700 (PDT)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5EF41A8A16 for <cfrg@irtf.org>; Mon, 13 Oct 2014 05:24:22 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id 648A11A2674; Mon, 13 Oct 2014 15:24:19 +0300 (EEST)
Date: Mon, 13 Oct 2014 15:24:19 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Yoav Nir <ynir.ietf@gmail.com>
Message-ID: <20141013122419.GA28433@LK-Perkele-VII>
References: <542D48CD.9060404@isode.com> <55183415-AD02-4BAB-86F4-73C53C5FA616@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <55183415-AD02-4BAB-86F4-73C53C5FA616@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/kAB8YDpjfVHPvKRib9in1DJtjfU
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-chacha20-poly1305-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Oct 2014 12:24:25 -0000

On Mon, Oct 13, 2014 at 02:32:23PM +0300, Yoav Nir wrote:
> 
> Hi.
> 
> I haven’t submitted anything yet, but I’ve made a few changes to
> my local copy:
> I’ve added the AEAD parameters from RFC 5116.

- Isn't K_LEN = 32, not 16?
- Isn't A_MAX = 2^64 - 1, not 2^64?
- AFAIK, RFC5116 requries returning the ciphertext and tag as single
  octet string (most likely concatenation).
- RFC5116 requires specifying relation between plaintext and
  ciphertext lengths (most likely |C|=|P|+16).
- RFC5116 recomends specifying just how badly things blow up
  if nonce is reused (AFAIK, XOR of plaintexts is revealed and
  arbitrary messages with that nonce may be forged).

Also, writing IANA consideration to register this
(AEAD_CHACHA20_POLY1305?) could be useful (as already suggested by
someone). Apparently the registry is called "AEAD algorithms" (at
least it is that way on IANA site, even if I can't find that in
RFC 5116). 


-Ilari