[CFRG] Questions for the group from the HPKE presentation
Nick Sullivan <nick@cloudflare.com> Fri, 06 August 2021 22:31 UTC
Return-Path: <nick@cloudflare.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 927643A1B49 for <cfrg@ietfa.amsl.com>; Fri, 6 Aug 2021 15:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Xoy8KOx4q_x for <cfrg@ietfa.amsl.com>; Fri, 6 Aug 2021 15:30:58 -0700 (PDT)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDFC63A1B48 for <cfrg@irtf.org>; Fri, 6 Aug 2021 15:30:57 -0700 (PDT)
Received: by mail-vs1-xe2c.google.com with SMTP id d20so3521004vso.8 for <cfrg@irtf.org>; Fri, 06 Aug 2021 15:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=qE9xPSL7Td5lP1EU9V5h0Xa+l7kAiFoX+IVRJRByh7I=; b=S/ArnG3D6ejceH1sg6VThXlTMhzOmqgh55L1Jjkj0zpMLWreBMGxwHZfoLzmcFqnWV g0++9ujobArjzQe2GjqlHW30A55c9GGNUTKhoS10QJeGmSi4LZF5xXzYwbqbIRtwqI3/ h1cElRvnUqtearbaGYc/8oxAQDByWAqSwxzzU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qE9xPSL7Td5lP1EU9V5h0Xa+l7kAiFoX+IVRJRByh7I=; b=agZP21TvpSyPjJVfDHwcAI9zFSEI6+QqgTH+TViUhP6m+EPeI3l85EAj3Zb0XKBEiL +z1gmM7ImWEKtD5pOHBFu2JAt5BWovI/5NW0xIaClYte+lkbSPwsh9ArrGlr3Dnk7GXH oZselhTKFBhvDetjBsSvy5TuLw43OGhUqNZPcFtx80RQ0HqHi+RbzRE4MiY6W/zhJMlp Zd2GNOSP20rIXqZMdtv22RpP5ASY+Z44Oz9fWEd61oPh0f/7ajfBBLugu2knAab0zCyd BGGp7Z9zh/gJTOUnCumY8QN2xsTpIvo+RwsU4Gcgjz68RaBsC1ptTLslTe+mCPDECQl9 9JcQ==
X-Gm-Message-State: AOAM533qb4qGlkRsiBCA5wX2CeoZDrGtZCvB1fAx9OhZV5T4IF778Z1d E8WpXZPIa6J8HO+8Ehe+ZBh/5xNUOE72DRQg1R7OOFSnu51Qjw==
X-Google-Smtp-Source: ABdhPJxSciX5nOqc55L2ndeMe5D3znuF98fqyGd3BjWAjYsf1iWunoisOKWngafETRd3bgm/Veen7uo2EFcENz93yJ4=
X-Received: by 2002:a67:c58c:: with SMTP id h12mr9416150vsk.28.1628289054586; Fri, 06 Aug 2021 15:30:54 -0700 (PDT)
MIME-Version: 1.0
From: Nick Sullivan <nick@cloudflare.com>
Date: Fri, 06 Aug 2021 18:30:38 -0400
Message-ID: <CAFDDyk8yZegN6aWSZg=K7Wy+V2upq=GBuvGyQYowrRuehPDqYQ@mail.gmail.com>
To: cfrg@irtf.org, Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary="000000000000b0e12405c8eb96f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/rFCIkGE-inbQecdKy_mbSU3wzD8>
Subject: [CFRG] Questions for the group from the HPKE presentation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2021 22:31:03 -0000
Dear CFRG participants, At IETF 111, Dan Harkins made a presentation <https://datatracker.ietf.org/meeting/111/materials/slides-111-cfrg-new-kems-and-aeads-for-hpke-00> with two proposals: - a proposal to define new codepoints for HPKE representing new KEMs for compressed NIST points - a proposal to define new codepoints to support deterministic authenticated encryption schemes that don't use a nonce. This is in service of the use case of out-of-order delivery of ciphertexts. *In the discussion, it was noted that HPKE uses a nonce to ensure that it never leaks whether the same plaintext was encrypted twice and that this proposal does not provide this security property.* Also during the discussion, an alternative proposal was made to solve the out-of-order use case: modify the API for HPKE to enable the user to reset the nonce counter. This API would enable out-of-order delivery of ciphertexts with existing HPKE AEADs. The chairs would like to ask the group a few questions: 1) Does the research group support adding an API to HPKE for resetting the nonce counter? 2) Is there interest in pursuing a work item to explore defining either of the following: - new codepoints for compressed curve points in HPKE? - new codepoints for deterministic authenticated encryption in HPKE (given the answer to (1) was no)? Regards, Nick (for the chairs)
- [CFRG] Questions for the group from the HPKE pres… Nick Sullivan
- Re: [CFRG] Questions for the group from the HPKE … Richard Barnes
- Re: [CFRG] Questions for the group from the HPKE … Christopher Patton
- Re: [CFRG] Questions for the group from the HPKE … Dan Harkins
- Re: [CFRG] Questions for the group from the HPKE … Richard Barnes
- Re: [CFRG] Questions for the group from the HPKE … Dan Harkins
- Re: [CFRG] Questions for the group from the HPKE … Christopher Wood
- Re: [CFRG] Questions for the group from the HPKE … Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Questions for the group from the HPKE … Natanael
- Re: [CFRG] Questions for the group from the HPKE … Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Questions for the group from the HPKE … Dan Harkins
- Re: [CFRG] Questions for the group from the HPKE … Martin Thomson
- Re: [CFRG] Questions for the group from the HPKE … Dan Harkins
- Re: [CFRG] Questions for the group from the HPKE … Martin Thomson
- [CFRG] Utility of nonce misuse resistance [was: Q… Loup Vaillant-David
- Re: [CFRG] Questions for the group from the HPKE … Dan Harkins