Re: [Cfrg] SIV for non-AES ciphers first draft
Tony Arcieri <bascule@gmail.com> Wed, 23 January 2019 15:41 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B3ED126BED for <cfrg@ietfa.amsl.com>; Wed, 23 Jan 2019 07:41:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enIxuIyu4Oqy for <cfrg@ietfa.amsl.com>; Wed, 23 Jan 2019 07:41:24 -0800 (PST)
Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E39C12426A for <cfrg@irtf.org>; Wed, 23 Jan 2019 07:41:24 -0800 (PST)
Received: by mail-ot1-x332.google.com with SMTP id u16so2267216otk.8 for <cfrg@irtf.org>; Wed, 23 Jan 2019 07:41:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0Ri8N7wzxcSGiBaXmhal07Mkk2w2j72/nZqKRVpqD6M=; b=guYvQre9ymyZIJDCIzjI3LviX6FxtzkJTsjUifN+PrA3OhMK1cAxDwbfNL1SRxbcI5 f/q1bBcyqkTBIxUUiTc2Xi6rCuPhb31tspEe136rTQy4syob2Iar1K/LMNPr6CPNTn1Z /s2v/+ejEDeurVRAGanFqE0I+qJozZjhNSeFmH2ZyIfaoTv3sr9RarQXiwLH+B18ZhjU /1DpReccPYCgRuoZn7S7Pzm4aH4xgA3tsKFstCss12qx8+raDJY+4qpuXbLSXXButQHI Id1ZIBoNmRSx+PHYJwD6TAHn+1n4Yk7GsJ98knpzDDTj1uaZSssO9OgKcQe4cu2yZKsa hdEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0Ri8N7wzxcSGiBaXmhal07Mkk2w2j72/nZqKRVpqD6M=; b=Iu1hfiJU6pkxumFNuTWCJ02qjd74SSS4JeVUF2Cw/IMzTJjmdQWMM4sbWujvw1Lcg+ KOidpnyiqU/dfY3CvcE1ncxIDEth4jHBlnQRnOkvRP5+MswWpxQXD9hrJs+GXvS2R9gm QrVBnOZAduQMshAPijOk5pEPR5Z0lRmEtlKWAiNgaZcteATmcHH6o1BWhy4U/IK/PMna MyV1IJy483M82kjkWew7O5mgiho1F9+Hr4Zk6Hk+bJ4tFC9KlPrTXDlrXstX7s/ZVguu kttLXrGGo8Z7hx2ms6o4TtFNGFddF3Tcx5gjtyJcfMUX7zgWsfgbbkZkQpgtOW7oyjAf qXEA==
X-Gm-Message-State: AJcUukfdRzzO51VIVRvj620zQ3xw9nODlQ0LwFIk7Gk7EOaNQuY+LTDD 4430h0XZBqcGz098fnB3kNFOPgGcuSX4iuKLj2U=
X-Google-Smtp-Source: ALg8bN48oyW7UmLoj6piBXSSX+yhtsjcvX/O3rxkxcY1UJTz6GDsbDjtdJckaQ6LbXD2Q6EtLwhef4ArC2LuxgED+gY=
X-Received: by 2002:a9d:191a:: with SMTP id j26mr1861715ota.81.1548258083117; Wed, 23 Jan 2019 07:41:23 -0800 (PST)
MIME-Version: 1.0
References: <0D91AF7A-F26F-4E20-A009-B7D75BF8107D@gmail.com> <D78B82CF-7C62-41AB-8D65-ABD409618B7A@rhul.ac.uk> <E2CFB0E2-4F2A-4520-9735-03CF7A096070@gmail.com> <9A644EC9-97B5-4330-95C8-A4AC57F17EAC@rhul.ac.uk> <0AE677D2-AFF2-4D0F-89E3-04E304CFBC3A@gmail.com> <7BC3E788-0D90-4736-A339-B5BFA1CC0416@rhul.ac.uk> <CAHOTMV+82dLWgMEtg-sFYbp1_mhLWF0yY=QfUAqcUgQi44gt5w@mail.gmail.com> <CAHOTMVLLK2XaywpHTXjozzeTEBKnzpJu+DtD8FxZvw_XM3CMig@mail.gmail.com> <66FC66E5-4004-4141-BB88-FF2CC0425FB2@gmail.com>
In-Reply-To: <66FC66E5-4004-4141-BB88-FF2CC0425FB2@gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 23 Jan 2019 07:41:12 -0800
Message-ID: <CAHOTMV+FU-HqmdZa39py8Up1dFz_wLLa4AED1efJ32XeLOLx+Q@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000109fb1058021ede2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/kybdgio6Ea_EQu1_T86k2oNR9zE>
Subject: Re: [Cfrg] SIV for non-AES ciphers first draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jan 2019 15:41:26 -0000
On Wed, Jan 23, 2019 at 3:31 AM Neil Madden <neil.e.madden@gmail.com> wrote: > Is the following a fair summary of what you would like to see included? > > 1. Include a KDF to derive per-message keys from an explicit nonce, rather > than taking a single key that is split into two halves. > > 2. Move the SIV to be appended to the ciphertext rather than prepended. > > 3. Describe how to instantiate an SIV mode with a universal hash function > using the approach from AES-GCM-SIV. > That's the general idea, yes. I'm not saying it's the only way, but I think it's worth exploring. Really I mention this just in case other members of the group were getting hung up on the details. We can hammer them out after the adoption call ;) -- Tony Arcieri
- [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Paul Lambert
- Re: [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Salz, Rich
- Re: [Cfrg] SIV for non-AES ciphers first draft Paterson, Kenny
- Re: [Cfrg] SIV for non-AES ciphers first draft Tony Arcieri
- Re: [Cfrg] SIV for non-AES ciphers first draft Tony Arcieri
- Re: [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Tony Arcieri
- Re: [Cfrg] SIV for non-AES ciphers first draft Paterson, Kenny
- Re: [Cfrg] SIV for non-AES ciphers first draft Blumenthal, Uri - 0553 - MITLL