[Cfrg] Higncryption and CNKE might be useful Re: Re: When TLS is an overkill...

赵运磊 <ylzhao@fudan.edu.cn> Tue, 26 February 2019 16:37 UTC

Return-Path: <ylzhao@fudan.edu.cn>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1331F1292F1 for <cfrg@ietfa.amsl.com>; Tue, 26 Feb 2019 08:37:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id n_GShJe_Ng8c for <cfrg@ietfa.amsl.com>; Tue, 26 Feb 2019 08:37:26 -0800 (PST)
Received: from zg8tmtu5ljg5lje1ms4xmtka.icoremail.net (zg8tmtu5ljg5lje1ms4xmtka.icoremail.net []) by ietfa.amsl.com (Postfix) with SMTP id 17AFF1276D0 for <cfrg@irtf.org>; Tue, 26 Feb 2019 08:37:24 -0800 (PST)
Received: by ajax-webmail-app1 (Coremail) ; Wed, 27 Feb 2019 00:37:17 +0800 (GMT+08:00)
X-Originating-IP: []
Date: Wed, 27 Feb 2019 00:37:17 +0800 (GMT+08:00)
X-CM-HeaderCharset: UTF-8
From: =?UTF-8?B?6LW16L+Q56OK?= <ylzhao@fudan.edu.cn>
To: kris@amongbytes.com
Cc: cfrg@irtf.org, "Ruslan Kiyanchuk" <ruslan.kiyanchuk@gmail.com>, "Dr. Pala" <director@openca.org>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version XT3.0.8 dev build 20160401(82936.8581) Copyright (c) 2002-2019 www.mailtech.cn fudan
In-Reply-To: <FFD5A834-9C68-4F70-BD3F-371F820891D4@amongbytes.com>
References: <307807bf-09eb-96c7-028f-df9573463b11@openca.org> <1551140056245.65505@cs.auckland.ac.nz> <d53dd35f-dcb0-a562-d432-955dc30155b3@openca.org> <b1fae97c-da97-9745-55cc-d396abe906a0@gmail.com> <FFD5A834-9C68-4F70-BD3F-371F820891D4@amongbytes.com>
X-SendMailWithSms: false
Content-Type: multipart/alternative; boundary="----=_Part_1044414_688241279.1551199037091"
MIME-Version: 1.0
Message-ID: <4634b756.4b9a8.1692aaae6a3.Coremail.ylzhao@fudan.edu.cn>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: XAUFCgDnisk+a3VcKMkQAw--.27888W
X-CM-SenderInfo: x1o2xtnr6i3vldqovvfxof0/1tbiAQENB1Kp4KxwMAABs8
X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3iIAIbVAYjsxI4VWxJw CS07vEb4IE77IF4wCS07vE1I0E4x80FVAKz4kxMIAIbVAFxVCaYxvI4VCIwcAKzIAtYxBI daVFxhVjvjDU=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/mMSxe8S7CRkV8aTV6NEKQGzdu3M>
Subject: [Cfrg] Higncryption and CNKE might be useful Re: Re: When TLS is an overkill...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 16:37:29 -0000

Dear Dr. Pala and All:
I suggest my work on higncryption and identity-concealed non-malleable key-exchange (CNKE) might be useful for your seeking for.  This work was at CCS16, and the full version is available at: https://eprint.iacr.org/2018/1165

In htis work, we present a  identity-hiding higncryption (higncryption) and   family AKE protocols based on higncryption, having the following features:

(1) identity privacy;

(2) Support 0-RTT communicaions;

(3)  Using authenticated encryption, and secure channel can already be established from the second round message.

(4) simple, and relatively as efficient as HMQV

(4) flexible: various adaptions to TLS, QUIC, and ATLS,SACCE, etc.

Best regards
Fudan University, Shanghai, China

发送时间:2019-02-26 17:06:35 (星期二)
收件人: cfrg@irtf.org, "Ruslan Kiyanchuk" <ruslan.kiyanchuk@gmail.com>om>, "Dr. Pala" <director@openca.org>
主题: Re: [Cfrg] When TLS is an overkill...

Sounds like goal is quite similar to what noise protocol framework tries to achieve.

On 26 February 2019 08:45:45 GMT, Ruslan Kiyanchuk <ruslan.kiyanchuk@gmail.com> wrote:

What I am trying to do is quite simple: provide a building block that developers and engineers can use to secure the communication between two peers by using a low number of messages.

In particular, I think that this building block could help many developers to do the right thing when not using TLS. Do not get me wrong, TLS is great.. however, it might be useful to have an alternative. My particular use case (but this is just one, there might be many others) is specifically EAP. In EAP, it seems, people always try to re-use

I think you might be trying to reinvent Noise protocol framework :)

It's a framework designed to be simple and straightforward for for securing 2-party communication. By combining different elements of the protocol you achieve various security properties. There is also a third party website Noise Explorer where you can explore various settings of the framework and corresponding security properties.

By your description so far it sounded like a good fit.

Another mention that may be relevant is Google's ATLS (it's their home-grown TLS alternative, I'm not aware how much scrutiny and analysis it underwent).

Good luck!