Re: [Cfrg] Round 2 of the PAKE selection process

"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Wed, 20 November 2019 10:44 UTC

Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E72120829 for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 02:44:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynykvTPHH283 for <cfrg@ietfa.amsl.com>; Wed, 20 Nov 2019 02:43:57 -0800 (PST)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9D171200C7 for <cfrg@irtf.org>; Wed, 20 Nov 2019 02:43:56 -0800 (PST)
Received: by mail-lj1-x233.google.com with SMTP id n5so26932020ljc.9 for <cfrg@irtf.org>; Wed, 20 Nov 2019 02:43:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GHGeZqvpHMMg7w0Z8H26DwW76fydjPWvaYpZG1bIs0E=; b=vVjcIrGXJpZZ+zbY9xJLeNOehVZjoSjZHnbLhpmXCWEmgXdLIR5ffcxbjREJpyP82c HVV3eIGAp/HeT1iBc1xIEhoZLnr8W49pNmppkLdFCEE3qc/Zx30paXWTSVBWBEi+C5pQ MkluIWIOcEL70VcdPk8yTr923FTJQEAtH5h49V/nqaxQ2AVoqYdMaaec/8p4nW9icvX1 ivM0iKeUc6taCWfI3ggwxbtzk17GW2EIBVeePxSgCXNXwdeajm8iIDEmmVv9J0Pamyd1 /htDIVW003qSmtswZYx/3VVSfMiEkBSFw0I6xKQMBrvMxVtjgLJSGnu9dFUOzzvUCM5T ijuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GHGeZqvpHMMg7w0Z8H26DwW76fydjPWvaYpZG1bIs0E=; b=seVqHrM1ySOdJTMFj0aLXEhk4QgG7aCcKUp9t5iepZO2rsA2AUeGsoWzTgTj86zPGb ki26C7pqtzUza9tHrZCtTi4pp466lwqfgoJ3FOjrC46q1gZMr47QkR9sTESSnxABn2fo PyZjby7llIKrfQ72OemrlfqdREzq5rI/CsNDAXWnTAMEmHTG71DAwqpWe4MtL+Q1pEPl T1fQKdodVSCEdPNnrYTKEkw2LESvsYRHz209GLKqEnqVV7FPzPu5CLy0UeZcr9qiC8xb s0UjAdZY9yL7v5IPcZNN5lci1757EpgAa+v7Mhjc82CYdmU9RFfO9x7I01E5Ag7Pty9O Ts3A==
X-Gm-Message-State: APjAAAWtVvWL5hJn7PKvgJrD9x9cqSlGFgS9NWzIPd7QQwTLDmFqdvxz iW9jAUdwbe3hmc08M52qZzceZG07vdUUatwmvTU=
X-Google-Smtp-Source: APXvYqy4HJibkSKrSKyum5r58ZahfNW8ZpGhg7SYNEawI0s/FbH+B7w6rG11b60sn0icEp7XPFDS2JaNArTldEZ9eCE=
X-Received: by 2002:a2e:9106:: with SMTP id m6mr2126169ljg.146.1574246634869; Wed, 20 Nov 2019 02:43:54 -0800 (PST)
MIME-Version: 1.0
References: <CAMr0u6nPQxO5X1Txoeh5X7jN=eHscRCBH0HJW=3tbqUdjn8N4Q@mail.gmail.com> <BA639DCD-B3B9-40BD-AF6D-1A4CE9425A03@live.warwick.ac.uk>
In-Reply-To: <BA639DCD-B3B9-40BD-AF6D-1A4CE9425A03@live.warwick.ac.uk>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Wed, 20 Nov 2019 18:43:43 +0800
Message-ID: <CAMr0u6mDx_NnvJq_LpRZSBkWe707mn=HBrELeXsjYXvTTMtzRw@mail.gmail.com>
To: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
Cc: CFRG <cfrg@irtf.org>, "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000075d7840597c4db14"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/rkdsn4detqtkeRTeCoA4o248uAM>
Subject: Re: [Cfrg] Round 2 of the PAKE selection process
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 10:44:01 -0000

Dear Feng,

The decision was made based on the Crypto Review Panel member reviews
(which in turn were based on partial reviews by independent experts), which
are available at
https://github.com/cfrg/pake-selection (see “Overall reviews by Crypto
Review Panel”).

Best regards,
Stanislav

ср, 20 нояб. 2019 г. в 18:29, Hao, Feng <Feng.Hao@warwick.ac.uk>;:

> Dear Stanislav (and the review panel),
>
>
>
> Many thanks for the update.
>
>
>
> For the benefits of openness and transparency, can you give reasons why
> these four were selected and the rest were removed? I couldn’t find those
> on your slides.
>
>
>
> I’m sure that’ll be helpful for people on the CRFG to understand better
> this selection process.
>
>
>
> Cheers,
>
> Feng
>
>
>
> *From: *Cfrg <cfrg-bounces@irtf.org>; on behalf of "Stanislav V.
> Smyshlyaev" <smyshsv@gmail.com>;
> *Date: *Wednesday, 20 November 2019 at 06:02
> *To: *"cfrg@irtf.org"; <cfrg@irtf.org>;
> *Cc: *"cfrg-chairs@ietf.org"; <cfrg-chairs@ietf.org>;
> *Subject: *[Cfrg] Round 2 of the PAKE selection process
>
>
>
> Dear CFRG,
>
>
>
> As we've announced at the CFRG session today, now we're starting the Round
> 2 of the PAKE selection process.
>
>
>
> We have narrowed down choices to: two balanced (SPAKE2 and CPace) and two
> augmented (OPAQUE and AuCPace).
>
>
>
> Some additional information can be found in my slides from the IETF 106
> CFRG meeting:
>
>
> https://datatracker.ietf.org/meeting/106/materials/slides-106-cfrg-pake-selection-update
>
>
>
>
> Please take a look at the plan and especially at Stage 1 - please send
> your additional questions to be considered at Round 2 to
> crypto-panel@irtf.org until December, 5th.
>
>
>
> Round 2 of the PAKE selection process
>
> Stage 1: November, 21st - December, 5th
>
> Additional questions for all four candidates are collected from CFRG
> participants  (and Crypto Review Panel members). The questions can be of
> one of possible types:
>
> a) Requests for clarifications for the candidate protocols or their
> proposed modifications (e.g., security of CPace and AuCPace without
> negotiation of sid, security and convenient of SPAKE2 with a hash2curve
> function used to obtain M and N for each pair of identifiers).
>
> b) Questions to be taken into account in addition to ones collected at
> Stage 1 of Round 1 (e.g., quantum annoyance, post-quantum preparedness).
>
> The questions should be sent to crypto-panel@irtf.org.
>
>
>
> Stage 2: December, 10th - December, 17th
>
> A list of new questions is published on
> https://github.com/cfrg/pake-selection; the CFRG is asked whether
> anything else should be added.
>
>
>
> Stage 3: December 25th - February, 10th
>
> The authors of the candidates prepare their replies to the additional
> questions/requested clarifications.
>
>
>
> Stage 4: February, 12th - March, 10th
>
> Crypto Review Panel members prepare new overall reviews (for all 4
> remaining PAKEs) taking into account both the reviews obtained on Round 1
> and new information obtained during Round 2.
>
>
>
> IETF 107:
>
> The CFRG chairs discuss the obtained reviews and make their
> recommendations to CFRG (or convey to CFRG that they can’t make a
> recommendation yet).
>
> If everything is clear:
> - one (or zero) balanced PAKE is selected;
>
> - one (or zero) augmented PAKE is selected;
>
> - the process with CFRG document “Recommendations for password-based
> authenticated key establishment in IETF protocols” is initiated: all
> practically important recommendations (parameter selection, protecting
> implementations against side-channel attacks, handling of counters etc.)
> must be given there.
>
>
>
> Best regards,
>
> Stanislav Smyshlyaev
>
> CFRG Secretary
>
-- 

С уважением,

Станислав Смышляев, к.ф.-м.н.,

Заместитель генерального директора

ООО «КРИПТО-ПРО»