Re: [Cfrg] Streaming AEAD
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 18 February 2014 09:14 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BBD71A03FA for <cfrg@ietfa.amsl.com>; Tue, 18 Feb 2014 01:14:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCYzFXLgVDON for <cfrg@ietfa.amsl.com>; Tue, 18 Feb 2014 01:14:06 -0800 (PST)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id D2C491A00A6 for <cfrg@irtf.org>; Tue, 18 Feb 2014 01:14:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1392714843; x=1424250843; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=zPei2xxuEeb+OcN6MrSklTstIOrhmoZ0YpaduEN3dlw=; b=RtZGWA55EaK0vxEHnYHT4AoPmRoeFzvWR0e8PIzCnnvqBJ47FNeSH9hP GnW6Lybo6QIoXkUGLrLnICQ8Zqhwulvjj2AVySZ/yp+wd0avwP+ikxJuk 2PiNIyTyxdomdkKxMV+63WNGwOC2EwdDq9/ZQtX9TQpc4+GuOGbVxqyWL s=;
X-IronPort-AV: E=Sophos;i="4.97,500,1389697200"; d="scan'208";a="234778167"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 18 Feb 2014 22:13:58 +1300
Received: from UXCN10-TDC06.UoA.auckland.ac.nz ([169.254.11.113]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0174.001; Tue, 18 Feb 2014 22:13:58 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "cfrg@irtf.org" <cfrg@irtf.org>, "James.H.Manger@team.telstra.com" <James.H.Manger@team.telstra.com>
Thread-Topic: [Cfrg] Streaming AEAD
Thread-Index: Ac8sicCaBDXqu9D9TZqElWBz/v7zxA==
Date: Tue, 18 Feb 2014 09:13:57 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C7372375D64@uxcn10-tdc06.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/tDKoDLC_Jtdm2-6vieicjKt-07s
Cc: "agl@imperialviolet.org" <agl@imperialviolet.org>, "nisse@lysator.liu.se" <nisse@lysator.liu.se>
Subject: Re: [Cfrg] Streaming AEAD
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 09:14:09 -0000
"Manger, James" <James.H.Manger@team.telstra.com> writes: >What is needed is a way to use an AEAD algorithm to secure a message in >chunks. Streaming-AEAD would allow a recipient to know they have received an >authentic prefix of a message. It would allow crypto APIs to support >streaming modes while never returning unauthentic plaintext. I think the means of doing this is going to be protocol-specific, since it depends on the PDU format being used. For things like SSL/TLS and SSH the problem is already solved since data amounts are quantised to the protocol data packet size, for store-and-forward protocols like PGP and S/MIME you'd need to add a mechanism for it in a PGP/SMIME-specific manner, but then you'd also need to figure out how to communicate it to the other side... and then you're back to relying on ad-hoc mechanisms. When I had to do this years ago I used something like: len1 || data1 || h1 = HMAC( len1 || data1 ), len2 || data2 || h2 = HMAC( h1 || len2 || data2 ), len3 || data3 || h3 = HMAC( h2 || len3 || data3 ), ... A length of 0 indicated end-of-contents. Peter.
- Re: [Cfrg] Streaming AEAD Peter Gutmann
- [Cfrg] Streaming AEAD Manger, James
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD Jean Paul Degabriele
- Re: [Cfrg] Streaming AEAD Manger, James
- Re: [Cfrg] Streaming AEAD Mridul Nandi
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David McGrew
- Re: [Cfrg] Streaming AEAD David Jacobson