Re: [Cfrg] SIV for non-AES ciphers first draft
Tony Arcieri <bascule@gmail.com> Wed, 23 January 2019 15:41 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 5B3ED126BED
for <cfrg@ietfa.amsl.com>; Wed, 23 Jan 2019 07:41:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id enIxuIyu4Oqy for <cfrg@ietfa.amsl.com>;
Wed, 23 Jan 2019 07:41:24 -0800 (PST)
Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com
[IPv6:2607:f8b0:4864:20::332])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 6E39C12426A
for <cfrg@irtf.org>; Wed, 23 Jan 2019 07:41:24 -0800 (PST)
Received: by mail-ot1-x332.google.com with SMTP id u16so2267216otk.8
for <cfrg@irtf.org>; Wed, 23 Jan 2019 07:41:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=0Ri8N7wzxcSGiBaXmhal07Mkk2w2j72/nZqKRVpqD6M=;
b=guYvQre9ymyZIJDCIzjI3LviX6FxtzkJTsjUifN+PrA3OhMK1cAxDwbfNL1SRxbcI5
f/q1bBcyqkTBIxUUiTc2Xi6rCuPhb31tspEe136rTQy4syob2Iar1K/LMNPr6CPNTn1Z
/s2v/+ejEDeurVRAGanFqE0I+qJozZjhNSeFmH2ZyIfaoTv3sr9RarQXiwLH+B18ZhjU
/1DpReccPYCgRuoZn7S7Pzm4aH4xgA3tsKFstCss12qx8+raDJY+4qpuXbLSXXButQHI
Id1ZIBoNmRSx+PHYJwD6TAHn+1n4Yk7GsJ98knpzDDTj1uaZSssO9OgKcQe4cu2yZKsa
hdEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=0Ri8N7wzxcSGiBaXmhal07Mkk2w2j72/nZqKRVpqD6M=;
b=Iu1hfiJU6pkxumFNuTWCJ02qjd74SSS4JeVUF2Cw/IMzTJjmdQWMM4sbWujvw1Lcg+
KOidpnyiqU/dfY3CvcE1ncxIDEth4jHBlnQRnOkvRP5+MswWpxQXD9hrJs+GXvS2R9gm
QrVBnOZAduQMshAPijOk5pEPR5Z0lRmEtlKWAiNgaZcteATmcHH6o1BWhy4U/IK/PMna
MyV1IJy483M82kjkWew7O5mgiho1F9+Hr4Zk6Hk+bJ4tFC9KlPrTXDlrXstX7s/ZVguu
kttLXrGGo8Z7hx2ms6o4TtFNGFddF3Tcx5gjtyJcfMUX7zgWsfgbbkZkQpgtOW7oyjAf
qXEA==
X-Gm-Message-State: AJcUukfdRzzO51VIVRvj620zQ3xw9nODlQ0LwFIk7Gk7EOaNQuY+LTDD
4430h0XZBqcGz098fnB3kNFOPgGcuSX4iuKLj2U=
X-Google-Smtp-Source: ALg8bN48oyW7UmLoj6piBXSSX+yhtsjcvX/O3rxkxcY1UJTz6GDsbDjtdJckaQ6LbXD2Q6EtLwhef4ArC2LuxgED+gY=
X-Received: by 2002:a9d:191a:: with SMTP id j26mr1861715ota.81.1548258083117;
Wed, 23 Jan 2019 07:41:23 -0800 (PST)
MIME-Version: 1.0
References: <0D91AF7A-F26F-4E20-A009-B7D75BF8107D@gmail.com>
<D78B82CF-7C62-41AB-8D65-ABD409618B7A@rhul.ac.uk>
<E2CFB0E2-4F2A-4520-9735-03CF7A096070@gmail.com>
<9A644EC9-97B5-4330-95C8-A4AC57F17EAC@rhul.ac.uk>
<0AE677D2-AFF2-4D0F-89E3-04E304CFBC3A@gmail.com>
<7BC3E788-0D90-4736-A339-B5BFA1CC0416@rhul.ac.uk>
<CAHOTMV+82dLWgMEtg-sFYbp1_mhLWF0yY=QfUAqcUgQi44gt5w@mail.gmail.com>
<CAHOTMVLLK2XaywpHTXjozzeTEBKnzpJu+DtD8FxZvw_XM3CMig@mail.gmail.com>
<66FC66E5-4004-4141-BB88-FF2CC0425FB2@gmail.com>
In-Reply-To: <66FC66E5-4004-4141-BB88-FF2CC0425FB2@gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 23 Jan 2019 07:41:12 -0800
Message-ID: <CAHOTMV+FU-HqmdZa39py8Up1dFz_wLLa4AED1efJ32XeLOLx+Q@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>,
"cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000109fb1058021ede2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/kybdgio6Ea_EQu1_T86k2oNR9zE>
Subject: Re: [Cfrg] SIV for non-AES ciphers first draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
<mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
<mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jan 2019 15:41:26 -0000
On Wed, Jan 23, 2019 at 3:31 AM Neil Madden <neil.e.madden@gmail.com> wrote: > Is the following a fair summary of what you would like to see included? > > 1. Include a KDF to derive per-message keys from an explicit nonce, rather > than taking a single key that is split into two halves. > > 2. Move the SIV to be appended to the ciphertext rather than prepended. > > 3. Describe how to instantiate an SIV mode with a universal hash function > using the approach from AES-GCM-SIV. > That's the general idea, yes. I'm not saying it's the only way, but I think it's worth exploring. Really I mention this just in case other members of the group were getting hung up on the details. We can hammer them out after the adoption call ;) -- Tony Arcieri
- [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Paul Lambert
- Re: [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Salz, Rich
- Re: [Cfrg] SIV for non-AES ciphers first draft Paterson, Kenny
- Re: [Cfrg] SIV for non-AES ciphers first draft Tony Arcieri
- Re: [Cfrg] SIV for non-AES ciphers first draft Tony Arcieri
- Re: [Cfrg] SIV for non-AES ciphers first draft Neil Madden
- Re: [Cfrg] SIV for non-AES ciphers first draft Tony Arcieri
- Re: [Cfrg] SIV for non-AES ciphers first draft Paterson, Kenny
- Re: [Cfrg] SIV for non-AES ciphers first draft Blumenthal, Uri - 0553 - MITLL