[Cfrg] Adopting "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption" as a CFRG document

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Mon, 28 March 2016 14:36 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B24D412DA56 for <cfrg@ietfa.amsl.com>; Mon, 28 Mar 2016 07:36:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4ji2FZ5IK-9 for <cfrg@ietfa.amsl.com>; Mon, 28 Mar 2016 07:36:34 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0630.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3284E12DA57 for <cfrg@irtf.org>; Mon, 28 Mar 2016 07:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qvtf34PeoieIEQjM4Sgq5p5Yf5FTuwnkMLtYTXG74qc=; b=RUySzwqamogd1uJBkzKIaIRmTNjJeZiHnLBWVmPqZiCQq+A8zmcus77If0Vy4BvdHnfKTlnXJbIz9iIX8ZeWYjFKgv7g1W16eac+OksSQqHPFvKO+uc+cWwrZffGRXhyLx34Z2uoKH/TrwlHSCHBAUCruP/mHwDZeP6ai0Snn1k=
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) by VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) with Microsoft SMTP Server (TLS) id 15.1.447.15; Mon, 28 Mar 2016 14:34:53 +0000
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) by VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) with mapi id 15.01.0447.023; Mon, 28 Mar 2016 14:34:53 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: Adopting "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption" as a CFRG document
Thread-Index: AQHRiP7+wUFnuBtreUe1MCzt43wYjg==
Date: Mon, 28 Mar 2016 14:34:53 +0000
Message-ID: <D31EFD69.68456%kenny.paterson@rhul.ac.uk>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [78.146.55.80]
x-ms-office365-filtering-correlation-id: b9c91c46-c02b-4a60-ef86-08d35716209c
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1822; 5:10UP8Mkcg2P9VdB1rAU8nJvDZawN7Qe2V6qup+dYMvZnXUGRXhsPXBonbf30Ur56rEPh2ZEOc6e9vVpPlFj2talwmcEUgSpC/glIYVmy0s/hIAf+4aNhLgbiiI3tSloo6Pcz8Otwmn94ey6f9aK3Ew==; 24:Z89LxTdB1uFPkgANDJkej+3VKxmW/lir9o4iaUihC9VvQoExPOaNbSIcE/hWaU6YLvDm9HqeYkGay9qhSSenDAGlYgDcwGjjxft3WDuG59A=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1822;
x-microsoft-antispam-prvs: <VI1PR03MB1822C6229267D67948900AFEBC860@VI1PR03MB1822.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:VI1PR03MB1822; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1822;
x-forefront-prvs: 0895DF8FFD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(230783001)(3846002)(586003)(36756003)(102836003)(11100500001)(6116002)(2351001)(2906002)(5004730100002)(5002640100001)(110136002)(1220700001)(86362001)(1096002)(10400500002)(4326007)(122556002)(15975445007)(3280700002)(4001350100001)(106116001)(1730700002)(77096005)(74482002)(5008740100001)(92566002)(66066001)(5640700001)(229853001)(2501003)(3660700001)(87936001)(2900100001)(189998001)(50986999)(54356999)(81166005)(83506001)(19580395003)(19580405001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1822; H:VI1PR03MB1822.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <9228B5F670337947BE3D6A0B7257B94C@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2016 14:34:53.6956 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1822
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/syWFtjodpsbh1hURoNyDr4LBJIw>
Cc: Yehuda Lindell <Yehuda.Lindell@biu.ac.il>, Adam Langley <agl@google.com>
Subject: [Cfrg] Adopting "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption" as a CFRG document
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2016 14:36:36 -0000

Dear CFRG,

Shay, Adam and Yehuda have asked the CFRG chairs whether their draft for
AES-GCM-SIV can be adopted as a CFRG document. We are minded to do so, but
first wanted to canvass members of the group for their opinions on taking
this step.

We are aware of the on-going CAESAR competition for AEAD schemes.
AES-GCM-SIV is not a CAESAR candidate. CFRG adopting this document should
not be interpreted as competing with or pre-empting the results of that
very valuable activity. Indeed, once CAESAR is complete, we hope that some
or all of the competition winners will end up being turned into RFCs under
the auspices of CFRG.

Regards,

Kenny (for the chairs)


On 06/03/2016 03:50, "Cfrg on behalf of Shay Gueron"
<cfrg-bounces@irtf.org on behalf of shay.gueron@gmail.com>; wrote:

>Hello CFRG,
>
> 
>We would like to draw your attention to our new submission draft entitled
>“AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption”. Posted on
>https://www.ietf.org/internet-drafts/draft-gueron-gcmsiv-00.txt
> 
>The submission specifies two authenticated encryption algorithms that are
>nonce misuse-resistant. Their performance is expected to be roughly on
>par with AES-GCM,
> when run on modern processors that have AES instructions.
> 
>Security and performance analysis can be found in S. Gueron and Y.
>Lindell. GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at
>Under One Cycle
> per Byte. In 22nd ACM CCS, pages 109-119, 2015.
> 
>We hope that the CFRG will take this up as a working-group item.
> 
>Thank you,
>
> 
>Shay Gueron, Adam Langley, Yehuda Lindell
> 
>
>