Re: [Cfrg] Round 2 of the PAKE selection process

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Wed, 20 November 2019 16:21 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E54712088F for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 08:21:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDqONlkMu5W5 for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 08:21:37 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D13612084B for <cfrg@irtf.org>; Wed, 20 Nov 2019 08:21:37 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id g3so28125483ljl.11 for <cfrg@irtf.org>; Wed, 20 Nov 2019 08:21:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=eeqR9UQC7zRy+Q2gx644HxDcAVvg0GYwxp1HhgfB0r8=; b=EudPBTVkXxNvAgrwaOxburYiXVangkHDC1DfZAJRhmb59jqcQPCQ1Iv4yX0z82KhPO N1UcuyTpMenXxn4/a6NUnIaUqljaKuMDNRk0BUJksTPGcidYLItu7BXs//il1eB9Do0P advXYBhFCI6r0Mi+QWArW170EJRixjo1KgdQ9kmQjnk6ykvGJKesDLEwvZrIZWsGNMUF MxdHQJmjdHFnshoA+2PwoJncJTXcDEETOgnsJtZS+4sw25isPmJ6IqUubSjdvUnJhQ7G g/trlDlaWoHY8Tsa7gsj9oj0SIpS+DS9m4XCABHMTzTxmVv96rCOvAFyYOpPrqOV87E3 mqog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=eeqR9UQC7zRy+Q2gx644HxDcAVvg0GYwxp1HhgfB0r8=; b=k99cpBNDsqZS46SEIQdtZmVeParIKa4bmLvWgBXLYgRw824LeDWMVh/XDQw+WiUuTA cyOy/xkx4blHzK+5PcwPLU64kV1zBNURDiT0bKz48Wr9oB0mMmz7ukeKdws1IOnM9O4f ArNW7YYaxeur5SjGkScgtjCTNWbGupv3J7upvuwu+uEcEp1/0uSVf3a6eL4jP3Lkh3ji P8yMokrf8j3ODyieOlGSDgIVymmeNqDrM1tW45Abga3uP7KAw2vs5N/iGWCIvraW0dPg TUm+J4mNVXRlIjDEJG6K6oybJ1uQbh21q24thKV/TVbc2dtd5DTP/hBYD454gQCpzoAU kueg==
X-Gm-Message-State: APjAAAVy90XulJ5UX1DzpSfO5elZ+p+q9PLireFCyKBwaHXx4BMpxuAU Jg3f0E3dcMQ49gA+7C8sHxGxcITssyjv7Q57isR7m0pkU+c=
X-Google-Smtp-Source: APXvYqw60XMJlLPb9Sn9ua7mDHoadO1/ukMcnaf4J+eBDi9bIaoeXoNSBk7uFAZIHs9Yq35tNXse7uLkPbDV8pp9+K8=
X-Received: by 2002:a2e:9106:: with SMTP id m6mr3579906ljg.146.1574266894532; Wed, 20 Nov 2019 08:21:34 -0800 (PST)
MIME-Version: 1.0
References: <CAMr0u6nPQxO5X1Txoeh5X7jN=eHscRCBH0HJW=3tbqUdjn8N4Q@mail.gmail.com> <BA639DCD-B3B9-40BD-AF6D-1A4CE9425A03@live.warwick.ac.uk> <CAMr0u6mDx_NnvJq_LpRZSBkWe707mn=HBrELeXsjYXvTTMtzRw@mail.gmail.com>
In-Reply-To: <CAMr0u6mDx_NnvJq_LpRZSBkWe707mn=HBrELeXsjYXvTTMtzRw@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Wed, 20 Nov 2019 19:21:24 +0300
Message-ID: <CAMr0u6n2Hp-h_hey=Z7ucjSWCV+0pYovtYbW0SX0f9Hw4Rqn4A@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000007c8390597c9936e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/obF7SYMJ8Lvwj92sUkibDWNPCK0>
Subject: Re: [Cfrg] Round 2 of the PAKE selection process
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 16:21:40 -0000

To eliminate any possible misunderstanding: "the Crypto Review Panel member
reviews" in my previous message = the four overall reviews provided by the
Crypto Review Panel experts:
https://github.com/cfrg/pake-selection#overall-reviews-by-crypto-review-panel

Regards,
Stanislav


ср, 20 нояб. 2019 г. в 13:43, Stanislav V. Smyshlyaev <smyshsv@gmail.com>om>:

> Dear Feng,
>
> The decision was made based on the Crypto Review Panel member reviews
> (which in turn were based on partial reviews by independent experts), which
> are available at
> https://github.com/cfrg/pake-selection (see “Overall reviews by Crypto
> Review Panel”).
>
> Best regards,
> Stanislav
>
> ср, 20 нояб. 2019 г. в 18:29, Hao, Feng <Feng.Hao@warwick.ac.uk>uk>:
>
>> Dear Stanislav (and the review panel),
>>
>>
>>
>> Many thanks for the update.
>>
>>
>>
>> For the benefits of openness and transparency, can you give reasons why
>> these four were selected and the rest were removed? I couldn’t find those
>> on your slides.
>>
>>
>>
>> I’m sure that’ll be helpful for people on the CRFG to understand better
>> this selection process.
>>
>>
>>
>> Cheers,
>>
>> Feng
>>
>>
>>
>> *From: *Cfrg <cfrg-bounces@irtf.org> on behalf of "Stanislav V.
>> Smyshlyaev" <smyshsv@gmail.com>
>> *Date: *Wednesday, 20 November 2019 at 06:02
>> *To: *"cfrg@irtf.org" <cfrg@irtf.org>
>> *Cc: *"cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
>> *Subject: *[Cfrg] Round 2 of the PAKE selection process
>>
>>
>>
>> Dear CFRG,
>>
>>
>>
>> As we've announced at the CFRG session today, now we're starting the
>> Round 2 of the PAKE selection process.
>>
>>
>>
>> We have narrowed down choices to: two balanced (SPAKE2 and CPace) and two
>> augmented (OPAQUE and AuCPace).
>>
>>
>>
>> Some additional information can be found in my slides from the IETF 106
>> CFRG meeting:
>>
>>
>> https://datatracker.ietf.org/meeting/106/materials/slides-106-cfrg-pake-selection-update
>>
>>
>>
>>
>> Please take a look at the plan and especially at Stage 1 - please send
>> your additional questions to be considered at Round 2 to
>> crypto-panel@irtf.org until December, 5th.
>>
>>
>>
>> Round 2 of the PAKE selection process
>>
>> Stage 1: November, 21st - December, 5th
>>
>> Additional questions for all four candidates are collected from CFRG
>> participants  (and Crypto Review Panel members). The questions can be of
>> one of possible types:
>>
>> a) Requests for clarifications for the candidate protocols or their
>> proposed modifications (e.g., security of CPace and AuCPace without
>> negotiation of sid, security and convenient of SPAKE2 with a hash2curve
>> function used to obtain M and N for each pair of identifiers).
>>
>> b) Questions to be taken into account in addition to ones collected at
>> Stage 1 of Round 1 (e.g., quantum annoyance, post-quantum preparedness).
>>
>> The questions should be sent to crypto-panel@irtf.org.
>>
>>
>>
>> Stage 2: December, 10th - December, 17th
>>
>> A list of new questions is published on
>> https://github.com/cfrg/pake-selection; the CFRG is asked whether
>> anything else should be added.
>>
>>
>>
>> Stage 3: December 25th - February, 10th
>>
>> The authors of the candidates prepare their replies to the additional
>> questions/requested clarifications.
>>
>>
>>
>> Stage 4: February, 12th - March, 10th
>>
>> Crypto Review Panel members prepare new overall reviews (for all 4
>> remaining PAKEs) taking into account both the reviews obtained on Round 1
>> and new information obtained during Round 2.
>>
>>
>>
>> IETF 107:
>>
>> The CFRG chairs discuss the obtained reviews and make their
>> recommendations to CFRG (or convey to CFRG that they can’t make a
>> recommendation yet).
>>
>> If everything is clear:
>> - one (or zero) balanced PAKE is selected;
>>
>> - one (or zero) augmented PAKE is selected;
>>
>> - the process with CFRG document “Recommendations for password-based
>> authenticated key establishment in IETF protocols” is initiated: all
>> practically important recommendations (parameter selection, protecting
>> implementations against side-channel attacks, handling of counters etc.)
>> must be given there.
>>
>>
>>
>> Best regards,
>>
>> Stanislav Smyshlyaev
>>
>> CFRG Secretary
>>
> --
>
> С уважением,
>
> Станислав Смышляев, к.ф.-м.н.,
>
> Заместитель генерального директора
>
> ООО «КРИПТО-ПРО»
>
>