IETF Logo Mail Archive

Re: [CFRG] How will Kyber be added to HPKE (9180)?

Mike Ounsworth <Mike.Ounsworth@entrust.com> Sat, 26 November 2022 14:00 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C750C14F736 for <cfrg@ietfa.amsl.com>; Sat, 26 Nov 2022 06:00:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dKYV8q3DxZoG for <cfrg@ietfa.amsl.com>; Sat, 26 Nov 2022 06:00:19 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AA3EC14F726 for <cfrg@irtf.org>; Sat, 26 Nov 2022 06:00:19 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2AQ9e3Cp018706; Sat, 26 Nov 2022 08:00:08 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=udhZ+CbLqfgcumd6Pe5xPs2TXKUd2hltu+XRk7JqA7o=; b=buTuktmghAYDZI1+4+pR8u12bGFNiLmKo3SpJG+TMWF9g64u4NPqvhhRM2BCIeUGYqyj aQAHwUWY3y89Qel9I+D7Jdr6VeHgoz7iklqwPEEraf7pBUrrDdu3jEkbJvr+dTK4xeJM TMcsm6k86tG1NaSiPXrEOopwPF/mH3QoDyk8kpR2vXs+kBNOMLT7PcqAyCXXe4BtU5+1 8/y7t29gWR6p8A2gE4oIs0j+VM/TfZPpzEQPO2G0t5m30GWvgK356Jnib860rkdLzHUG ORo5LCa1M8V5fHKgp/GmwfPjc2xrpQDkXm3l3M6wYKkzBp35MkdYUveEwW/SQbgjeajG /A==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2043.outbound.protection.outlook.com [104.47.66.43]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3m3gc88fxj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 26 Nov 2022 08:00:08 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EghuRB8s3o3MgFj+iIFXsK+R59zcKSxUY/3geJ78JyxGMRKtLH8yW+P2oYYMYjcg6Zcjfa9dA/iOcga45Xig2tNt8/VgIZllVybxsh0nAexgYN2Pi8HmQZSyS6iislKVapKlbVFNcNaUFQK9HowMpaeLnwyecQZLXFX+751hC5mPcaLAbxashVXplRhpHbkPZVwx2ABRH6OCgZvLkhDmHgMmotuck6+y69Whf4KocTJWWvs0xc8r9rX9elSCL2rOrLgVS4NkrV6iCsubVMe/s7ajfHFtWGi4hvc/bmVjRmLGxV13hIWsBauX8MapN8gwwTtRw8TbRrkJQEZFNlraUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=udhZ+CbLqfgcumd6Pe5xPs2TXKUd2hltu+XRk7JqA7o=; b=FHaXiFaC3kFZBOJmxy6Q8d7Ck+KUFB6kjwhp/Qy2rnUxJsr3OTbcPaWKBsuqufi6lYzoTVpNc8Mt4e73qi08a0K2jGMSbMAMa9NetqGfOhnKbYBrS6+0PK6I2bOubqseC+t8QOrIvJyM+qZ00Al9qJNEan966/heByOlaf8ie2lzpnwKMzVcHGqUzEu8WnWkld0DRGMAy/0PmvbxU7UDuPBktJO8Pzjjlrd+U8e1hPc6hwjVx5pI+/ntDlze7ZEFTdL6wRakkZRWi2dFh4yDlAAZtlOCQQlzG1r0ulWB/+34eRRzuumPxc3anNaAiundfZOABuUCOPYbFrG+GFQrnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DS7PR11MB6245.namprd11.prod.outlook.com (2603:10b6:8:9a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.15; Sat, 26 Nov 2022 14:00:05 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::a95:6d:ab71:f8e1]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::a95:6d:ab71:f8e1%9]) with mapi id 15.20.5857.021; Sat, 26 Nov 2022 14:00:04 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "Kampanakis, Panos" <kpanos@amazon.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] How will Kyber be added to HPKE (9180)?
Thread-Index: AQHZAVNesS5ZiXx93UqkzsP4+pTbOa5ROmFg
Date: Sat, 26 Nov 2022 14:00:04 +0000
Message-ID: <CH0PR11MB5739FF1CCE3F3B0981A5526C9F119@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB57392DCA742E5F9D3D30EF6F9F0F9@CH0PR11MB5739.namprd11.prod.outlook.com> <Y3+PkLzkHFFFG0Hi@LK-Perkele-VII2.locald> <A8593A5F-3345-42FC-A34A-0DBC3DC873F1@gmail.com> <CH0PR11MB5739444E17F33F29F6CB71689F0F9@CH0PR11MB5739.namprd11.prod.outlook.com> <CA+_8ft5SxUjEMuWXACd_yF6H5DUwBYFA=VeGXeOzSFhdNw_NvQ@mail.gmail.com> <CH0PR11MB57396EC3AC2E028CC187E44A9F0F9@CH0PR11MB5739.namprd11.prod.outlook.com> <0a5ff423dc904171bcfdfc8423edf3ee@amazon.com> <CH0PR11MB5739E0AB4BA9F60D43B8653E9F0E9@CH0PR11MB5739.namprd11.prod.outlook.com> <SY4PR01MB62512F0EC147B19017538759EE119@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB62512F0EC147B19017538759EE119@SY4PR01MB6251.ausprd01.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DS7PR11MB6245:EE_
x-ms-office365-filtering-correlation-id: 317e4952-d3b3-40c9-32ed-08dacfb68507
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oMM6bJfNYge3Rj+8YZcxw0FFfItlD4fxtZMUkZk8hnIylox/mdF6+3CtSKWptryqCPg2tpsM8s0GfIQ50IY+aKb8/itW7Xa9Dts7oXJEAaikqtGPXIV4fK2HIbTAS9pZ1VNcdSjypx5H673U0v2Jmn+aoxLH1rj9YsfmbXYsgBaM0QcfaQglfruEn/R5/YmniFivIyUDGZmMGNzgcDfMM/pWEWQ9rqD0YlLTZuDFzF7I+6kKNtqmKr4uUUIvO1h5hdL5krCIbehnuFzh21cD4wjaxjohoTUy/Wv6pWRjIMEDKB61H3kdbzoHrioPQayGr12ENbrkk10+Wdwp0HAoNsA+6o1EOfCgjZ5L3eACt5g2b5wJfZWJa+3zKSpS2YN0gMgNxY3f7imdd4KRx0v4aTNnDMGoizpxnQVY3uj4La+y0kE/0sy9Lo7ijMWFCowHjBUKK/455fU6wdUUGtKVPdn0njpIHDT19FAoq+/rdQ7JSUMB8R0mw5Ra54431Y5oKO1GkdjzUBPqHlMUwpsPV8DYFWFCqR3SNze609BMgrghId6Gl7LoTVfP6uK7psMwrbX9INZXNZYMhwnGHC4KG/jyKGxBw3v1PfqyXMotNPM7tP7d0Sh3aTbx7i5AVKhlylctClqbr7gmBOeT+p+LEISlXPoK1LYL8h6ns/bQZ2NVfc9roqoyjgDschWFFhLlt8jlLaVUJXtK3iE8IY55JQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(396003)(376002)(366004)(39850400004)(346002)(451199015)(478600001)(122000001)(38070700005)(186003)(33656002)(55016003)(71200400001)(7696005)(9686003)(38100700002)(316002)(66446008)(26005)(2906002)(64756008)(8676002)(6506007)(83380400001)(66556008)(53546011)(86362001)(66476007)(4326008)(66946007)(5660300002)(76116006)(41300700001)(8936002)(52536014)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: T2T7FN2C4fgeeBAFaqTo3CnYGUD13ojTivXGS/hHI7o01HFPxqAXpdy9x71AXWu9GanNSA28nXT5S2ZzAihic5OfsNnnRp5XEiK+tt7IQipOrKhivgRCx0oFHOPlGyqqi+HUFTCC2QHTIfpgF8Z5O4uB21XstAw9p+Cax/QDbTMQ03la6zMjBfIXrgN1mMprofkr4Sh1W1bpV4RZQhNn1kH+LNOh+hHoSyKy8uTZy+Mv9FODjgLSEfkZnxkDI5E9fph9QnPzCW179OERq/2Gezhf5NNFTBh4S0q1zItctgCoSZZKUEE8nMR02zGQCup49Vfc9xxC+XMhSDB3iaemFOClWHBkv08b7c1Zj2+l9HJBjP1ZS+Vqannq/FpPQ19hCTzyhte1NqiyFB34ky3j2PzdJKrD1S8tjYhDmMGdGnNcpVb0l5ffDiTQ6Ty0QduvLMBSI4IibgWMZqP/vkgedGcjgaDs0W7NRgqP8P2tRV7sJY0VMuU3K7MjEtNFJ0vWZxntxkIsxRx24ovZIxB53JYc3R6YiOAEEQOCik+7HXsxEv5O/RrQ4OL/0kMR4ECxIxnts/6nB4OpTTwV3R3/VHWovhFvi12ZiMYKkdPHRA3MT/SQoKjcsDdxTt5qlgmppxRa0vIChhmn4gR7wi/TxoT3dkO3tPy4Eq2NXANd3DmVDqM8lnrY7usMZTcHVfQAmlw021YQkTU6rJq7IOx5E2ozw2b32TlPo80M6h82ByagPIrOd4ajp+yD/w6qP8vaxP5WHk8YdMsRyyDWVdkUcOyFb74vVFHzYLoPJC9OmkqbPy58geUrNqAXWSkbobwq0tI322pD65Lg4jvVA7Jjs2rWM03O5vJvnwOSRK84hYVdAt82G9LLDs9NeOmxAAqObfPCAWWT4pSUaMR7dZV785hC07COBz/5fAvTbAtqevNsyp3bMfXoE1RA2zCsbAb6OEG8aigukfTV5+eEmiFGuzzHUNEmG3AKcAVMDsQ9DQiq7yok993LVdlXZPCbjNAiN3kqL18NT31UK9eMcA9PTflT+OWDF/8nnxSWG2kXGPsaJYsk7rpdQoUfCSDvZ5l5snJSXYy5KsLzB+NfzMLPhmO1o/sjnlbZShssBSxTx1lc8qTucBA/wAj4NkWepvYly1bW/5gMg0GZn5/UdyFOaLlkI7aDRfCKOdmc+8ts6OAdssw/dn5eKmgC1/eXjIZUruvrsyWKhE8rwwRLydY8yS7H3VlsJZ/KDGeLaOwRw3cAYSrSE6L2yafgE14fCD6ZQZWBa6FXvjhnN+EbXSMUqemxXbkGPw/pnUnOAm/RgW7YR6WnRLlmdpNw5JE/AJw/0Adp80nkkPCk5oXWq9D9CGo0HyIx/VV8qyiT/kYZy85DE63Xsbq803mVC6ckQYNMlJKnsD7GuGGk5vVrS4yr0S6BAb4RKe+7f7Z9rpCvrLtCxrf3oprc2sqzRQ6Ha+YD8kFm0bUFk3hJrOFqPFvsWAqL9vciPAX0Hya4RT82ILFwtf4CTryXeeOvVCRSGDCxcpm2frCJ8s1Iq834dex1ixwSSpGkcMabZTcNIEkUMXHJ1Cvd8JEbqKaer2DYbo+50ZKdx09XMpv9MOvClgr6cg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 317e4952-d3b3-40c9-32ed-08dacfb68507
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2022 14:00:04.8873 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oVCMnKDxLWFupkuVBJBvAQF/Sx41LNTPcIE+Jb2+jS0YA//qcFspRGpP8oUUgm77E0iQxX/fgqsWKSAuUHrJFae2IY/Xy5wx5PobGuGal5U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB6245
X-Proofpoint-GUID: zyuy_R_1bwrG2c--G6iuoC7Y4t2Mt9fx
X-Proofpoint-ORIG-GUID: zyuy_R_1bwrG2c--G6iuoC7Y4t2Mt9fx
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-26_10,2022-11-25_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=788 adultscore=0 priorityscore=1501 spamscore=0 malwarescore=0 bulkscore=0 lowpriorityscore=0 suspectscore=0 clxscore=1011 impostorscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211260112
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/up2vVao3o3RyW8mffxBuJlc-ibM>
Subject: Re: [CFRG] How will Kyber be added to HPKE (9180)?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Nov 2022 14:00:23 -0000

Hi Peter,

If the CMP client doesn't cheat (sign with an RSA encryption key), then how do you do message protection (integrity protection / authentication) when the client has an RSA encryption key? I don't see anything in there that would apply to a keyEncipherment mode?

5.1.3. PKI Message Protection .............................28
     5.1.3.1. Shared Secret Information .................29
     5.1.3.2. DH Key Pairs .......................................30
     5.1.3.3. Signature ............................................30
      5.1.3.4. Multiple Protection ...........................30


Maybe you could do an RSA key transport to establish a key and then use the PasswordBasedMac in 5.1.3.1? Are there implementations that do that? It's certainly not mentioned in the text that PasswordBasedMac is meant to be combined with RSA key transport.

---
Mike Ounsworth

-----Original Message-----
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Sent: November 25, 2022 10:56 PM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Kampanakis, Panos <kpanos@amazon.com>
Cc: cfrg@irtf.org
Subject: [EXTERNAL] Re: [CFRG] How will Kyber be added to HPKE (9180)?

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> writes:

>I believe if you have an RSA key marked with keyUsage:keyEncipherment
>then you just cheat and sign with it anyway.

That'll only work if you've got a badly-written implementation
*cough*CryptoAPI*cough* that ignores key usages, for anything that does enforce them it won't work.  It's bad enough having to kludge around this issue for PKCS #10 without introducing the same problem into CMP.

Peter.

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email