IETF Logo Mail Archive

Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits-01

Martin Thomson <mt@lowentropy.net> Mon, 16 November 2020 22:29 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6923A1595 for <cfrg@ietfa.amsl.com>; Mon, 16 Nov 2020 14:29:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=OQ448ECW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cDZE96CF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtNKScsBYhsA for <cfrg@ietfa.amsl.com>; Mon, 16 Nov 2020 14:29:14 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE0853A1596 for <cfrg@irtf.org>; Mon, 16 Nov 2020 14:29:13 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id E32075C028A for <cfrg@irtf.org>; Mon, 16 Nov 2020 17:29:12 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Mon, 16 Nov 2020 17:29:12 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=sCc1E8Q6CL2Adctn5neWQiuoEKJ/+5n mPirrYteyleI=; b=OQ448ECW8JEl0tDmljmCVXNmdEvdH3k8JDF5GVZ3qQJO8vt AqW7qHRR0qtA72zVwu9o/QGHrrkqJ/bv4VB7zTzDKeZSN2vOcCn3tYMMKOJxrQ14 l48IaWLjjiEfSPm8bVtDJ2YAHxpff497+iRXXPYAGzcE1HOzTbWtaoOi/uX8IT+F SYE+fZk1ZGK4BIFIbbp9CW0BH+bsr4w4m1KYF2nfVWP4QFrsESRz2+7Wh1rT/jej V8W9/pXEg7a9pWjg1TXy1khSBm5T11FnsiIIximd7khDDYCf+FNjm5nKxJDevFYk CmOsZhizALBm0VVqA8zfBNM70Q2c9ur7LItNwqA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=sCc1E8 Q6CL2Adctn5neWQiuoEKJ/+5nmPirrYteyleI=; b=cDZE96CF+blEklqd8zp6G2 UdbPrvbAlyDPRjyimXTkhhCtolmJoGUg5uG9NiZ5Kwon9kR4+DZbbn1S97iR+px8 9Gi9FYkbTuJun0PkJvocpeoBXR+Q9pckwhGN+LjZHbqCPypIm4MzrvAoqljF+0uo hIqO6YTD05+o/j3Ju+l89lJovYMmDLdM68TLRNpEqxJSYVwxL8LvjD6r09gXwdAC WCP4KsSK9RMzyGrLc7F0hJuA+X/jUUuxauK81hLr9YdXifjFM99rUVZhPx1+iyzS IO3TmDGXNiUf4kttl04BqhJc9oz56qw+9hjrSK7LBqaJIIbX3/hIrfTLVVEa+Gww ==
X-ME-Sender: <xms:OP2yX0Rs3n7wnUgF-UKuTbcUzKgGe4S3syH1nN0fPBL_B5jRRc4EIg> <xme:OP2yXxxNn-g1zCPmBj8o4CVY_wY_x1hK7Vtz9EyKF0SSD8UNv8nYO6TwAg4UC6XUQ pu-Iz8anvA4hgFzyFo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudefuddgudeivdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesth dtredtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepgfelueffgeffuedtle ejgffftdelledthedvjedvveehtdejfeetffetgedtffehnecuffhomhgrihhnpehrhhhu lhdrrggtrdhukhdpihhrthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:OP2yXx1VS4C_U78PyQpJZ5gVNNWTCgrXZw06UePQZGw9h8Whd_2Q-A> <xmx:OP2yX4C3KjAeKtB03lvWh0H2-pZh6fhoR4nflJRNZBW64ubl1DONSQ> <xmx:OP2yX9jlUEkpgcTdZX4regsaSj4S0lu2aNGzZ62PdaDe6p2xcKGC7A> <xmx:OP2yX4ubDu4yYu0tilv3GRX7NZFSiX0xbK3G_84h0puGb5d6INa8ig>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 900F5200BC; Mon, 16 Nov 2020 17:29:12 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-570-gba0a262-fm-20201106.001-gba0a2623
Mime-Version: 1.0
Message-Id: <38d47a3c-40dd-494a-833e-7597e2e4be67@www.fastmail.com>
In-Reply-To: <A3C540A2-6B18-42E0-8F0F-B4723BC5F0DA@ericsson.com>
References: <A3C540A2-6B18-42E0-8F0F-B4723BC5F0DA@ericsson.com>
Date: Tue, 17 Nov 2020 09:28:54 +1100
From: Martin Thomson <mt@lowentropy.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/oFDkc7mJgPLKwC-qx4PgF27OhJQ>
Subject: Re: [CFRG] Comment on draft-irtf-cfrg-aead-limits-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2020 22:29:16 -0000

Thanks John,

We have planned to split the input length into two variables: one for the plaintext length, one for the AAD length.  This should help for those cases where the usage skews heavily toward one or the other and the bounds are substantially different based on that.

For instance, the CCM analysis counts plaintext as consuming 2 blocks and AAD as consuming 1.  For a protocol that mostly just authenticates, that might result in being able to send twice as many messages as an all encrypted protocol.  That's not a big deal, but then CCM bounds aren't exactly generous, so that might turn out to be useful.

On Tue, Nov 17, 2020, at 01:32, John Mattsson wrote:
> Hi,
> 
> The draft defines l as  "Length of each message (in blocks)" While 
> https://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf defines l as "input 
> length in blocks"
> 
> I assume the definition in the draft should be "input length in blocks" 
> and that the rewriting comes from TLS where A = "". It would also be 
> good to clearly define what "input" (or "message") is, none of the 
> terms are well-defined. Suggestion:
> 
> OLD    "Length of each message (in blocks)"
> NEW   ""input length (plaintext + additional authenticated data) in blocks"
> 
> (I assume https://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf means that 
> "input" is P and A, i.e. not K and N).
> 
> Cheers,
> John
> 
> 
>   
> 
> 
> 
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.45.0 | Report a Bug | By Email | System Status