IETF Logo Mail Archive

[CFRG] Re: Comments on draft-irtf-cfrg-aead-properties-09.txt

"MINEMATSU KAZUHIKO(峯松 一彦)" <k-minematsu@nec.com> Wed, 05 February 2025 00:57 UTC

Return-Path: <k-minematsu@nec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 095B0C1E0D78 for <cfrg@ietfa.amsl.com>; Tue, 4 Feb 2025 16:57:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IeRxBjogZtgq for <cfrg@ietfa.amsl.com>; Tue, 4 Feb 2025 16:57:51 -0800 (PST)
Received: from OS0P286CU011.outbound.protection.outlook.com (mail-japanwestazlp170100001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c406::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE11C1D3DE3 for <cfrg@irtf.org>; Tue, 4 Feb 2025 16:57:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dnpquYv3aEPPbMb5gS33G/QJWYokBi9TGiJIy4A9xPawZ7t9k1UHfPKIX3J8cspDyZcFIPt7o22tVcGgWNWI2cDZgi/prT1hivAD6gimNieBAz39Gr5mHQMNf0i01Clmx52czrrQRjt+0Zseu/1cTK7kDn7O0dE+lv8tJ/gAyEgaAMeZUqn25I/6JouLHSaSy6Pf6cwfPfYcNx0o7kgWf2dAJIkNLSqlb0TK+U6T7vfLM+IujBkL0O2TXlBRVwbBYlkZT1WiLFpmbh8kkpHYJdTG8HLCQLq1+vF+O3wECLuSdW5vUyWm/Ftv3h0kQQZEaEPR3iXvdR5nyTcLSTAKcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0DHwjULWSbprW35bL/efNbMZCC639Zl3IAu7aZF2dQ4=; b=I9XZXgrHQQv5Smri3vjzk1OveU0NcfbkidBzavuojs6Qulq+If5vzYN97pYhQkePbff//1JLkG9kXeL+1qvQ06wip0pujpdXORYkb8tvBSjA7/7/TEycn8ouuOXUoRCAqfr7lxYcCc/MB/YD/IG9m615HojmOoaDO7ZMV3CicNdrasj0EaM10/1BJvZIetD+7/Rn7MVhKSbvZ/QN6UNMa0leqswsWvLPiOunZ5eAm+woPyWbf6ZeChxPgcOTAQmV6vQGItlU2mU0E2BCuoJa/Yj5B2iBgBAXIrOqYvYkJkp3WVcbSXruzlxCipOpkoZwPbipJSGTDTMIl1Z/+E8prw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nec.com; dmarc=pass action=none header.from=nec.com; dkim=pass header.d=nec.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nec.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0DHwjULWSbprW35bL/efNbMZCC639Zl3IAu7aZF2dQ4=; b=fOL9UigKh11h+dQIOQ2wu4ovn5sE5AlpdBiOkrEfyPnUa4BXO+mfMBGJf/ILZGUAKpOfA8dNhD9ty5n9gYNN+/hKCvz1izowSfUt5DI0LLFJDcn3SVaQ9OJWLlYzOxBphEgU5HnTWx0QPQQq0s2zo2u7YLpJh0ftWOWJtYSS9P0RmUxbrArRJZYFIuqilpkNSLQHKA+ZUBzjbffcR0Rh32txdFo3G98WuQ6FCOKcBjEalzhM32vn+oVh00tgjfFEddPHqNUBMvEWS6EPGtBWOXzOy4BIrF3IMVpHyTMYfXaFKmxXaxbvK50j3HZb2a0DVGhIpmFQ3jCztn0Qik/A8g==
Received: from TYWPR01MB11376.jpnprd01.prod.outlook.com (2603:1096:400:3f6::8) by TYRPR01MB15171.jpnprd01.prod.outlook.com (2603:1096:405:226::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8398.26; Wed, 5 Feb 2025 00:57:47 +0000
Received: from TYWPR01MB11376.jpnprd01.prod.outlook.com ([fe80::a414:5ac6:4746:f8e1]) by TYWPR01MB11376.jpnprd01.prod.outlook.com ([fe80::a414:5ac6:4746:f8e1%6]) with mapi id 15.20.8422.009; Wed, 5 Feb 2025 00:57:47 +0000
From: "MINEMATSU KAZUHIKO(峯松 一彦)" <k-minematsu@nec.com>
To: Andrey Bozhko <andbogc@gmail.com>
Thread-Topic: [CFRG] Comments on draft-irtf-cfrg-aead-properties-09.txt
Thread-Index: Adt22x+t9Nzr+BTwS/uMl9ft9ATelgAJ1NIAABlocKA=
Date: Wed, 05 Feb 2025 00:57:46 +0000
Deferred-Delivery: Wed, 5 Feb 2025 00:57:00 +0000
Message-ID: <TYWPR01MB113768524F3017198F82565A7EAF72@TYWPR01MB11376.jpnprd01.prod.outlook.com>
References: <TYWPR01MB11376A75B2A0784379E19EA06EAF42@TYWPR01MB11376.jpnprd01.prod.outlook.com> <CAMd8_Zr98rooQaKZp-EzqhE1oRbgGet-vbHVJtMC23GZ3uk8DQ@mail.gmail.com>
In-Reply-To: <CAMd8_Zr98rooQaKZp-EzqhE1oRbgGet-vbHVJtMC23GZ3uk8DQ@mail.gmail.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nec.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: TYWPR01MB11376:EE_|TYRPR01MB15171:EE_
x-ms-office365-filtering-correlation-id: 64c44dd0-c2e2-4d30-6e55-08dd45801b52
x-ld-processed: e67df547-9d0d-4f4d-9161-51c6ed1f7d11,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: pdD1J1U6eMRR8AUKmf8zMS46rpWdy54bE6K55mq3upDCPOXFpPHlCrYpnTj2Yx6mrFxziG8eG6udf8D9bUYScKYC3S9ZgSKz/E0P9gVQZ5GIVB+e5GwMMM4501x+3XSU2lBW+xzKvApUS4JgDB/ivsTtay4Lj+ug/r7P+/8B3gHmPTgsMf1a3olxh6RHoWhu6WiMAAKM+bp/J2taR8R7KW8CtDsbENpwY8fefHruizVI3nFlownXFhmUoxwQccaSHquSyskt1fD/tbJ9oR/W2aweZf+Z+Sp4xJDEn9kefAnJ83VkA170UtmKO/McdWqf6dP6jd4/GKLVuwiU93vW3JbYC8V60jSgg7NQv+z/wCmJuHdfM4PspOm/vqlyJw3tIC1ibyg9u7nAD7tLTb7hKamEbCUI0wZhlP0qUsgsT0FywP88Smo5iZSpla+ASimN7gzajokfnFdPvSkw4UDUJxiwSjXyR6kHAAjFUaodWZ9vypWTQXR17TBQzSJCBPV8zjc8Mlyro6QHjqpSp5DEddLtk1wL5it0+drlYlwlyEtGXt92Z/zahzxAHoklNVjpEDERxIz/UTolqwyJTrKO4Nbv8FHojqLhQPsZfMuZBdZ31C9XNzWj0fjwjooYy6m5gtVYupHyKhknq8wbiSpVTI753yoZPDYZMvvZbwfYUn40bzPPHCrO7jl/HGaIvMN682NKrLp0F8eXIRtL0w6kAJyZBiWYHmNqRDVH+qJOf6IGr391fWrql0YHBZpyDmAaSmHKz/MX+clt6qJuhpJHsSabp0QhqgTyqejJD4sxJjbLycdnB/myIhZ4AQc0VU84bhF1eYm/2OevWtEO91JFv00+Ih8zoPCu7nrIp40Rncg+xcSbzdhkGMrPegvcUv1GLBKhDm1ElwsusNl5tG9MERisSSkMOARXFv++P/hAf3ZjPBIi3kTVfIoEDdCYlj6KXTe776YWwSOmBnUDj9wY1t7ieoZhqj2AlrS9CxIizm+TmroNAzT9kKOhasDF2lY4y4sAbcVQGYBvzGNohArsQs20ULdW8pRpzW8EchHvr3fYxq/w6nMXMvGQmOaLWGL1Ah7ZBckINmf/H5PqFnqTlGpd6VV5CzkJQW1rYzL/8zMDZK6tduj2plxOx+x69iC9vbdxsJ29f+tRctAaB2lZS6Jf0qYbWGqRBf+/UkkPK/XmfJyWlEBZZvJ70o3QuFsKSHSVZE+V3rX6T1/XG2IMZmuRCRxCINQIzIdMkPxle93GBSpbjXzsvbnqH/zv0Tbd+2NPVavFxjd1HaR35FneZ7aWyN/XlSTwnl8PagwQW6IR9cf7MtCuQ/Zex9RA0lLO4srH1QMZPTOhwGrIOCD0JxlMHjVS6kIwXq42LFZfEUTyk9jtI/ZdMYPkDjkreo+tgZNzXfV/bi+kcCdPhCSGDA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:ja;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYWPR01MB11376.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Iyqi4KNT6ZCd/qYgSdHI6+dff8q4x289jFm2s6mZ+EKyE9DOEMQAih1sPZA4xriCuOhcTTF+ebGvNPeRUI1dbWfl+UjkR4Vs1SGqXvyZ+GQvoIgnahuqvrDN/P3z/ScLHSzmVl3txa/+UvG0F+4lA4cJO6EoL3B56nFa1cnb1t8rOIqrrjOxkuT9bUKjxsRHAi43FtiPaCyAgcrUlGPRxBCi61K6Q6h1BnKsGsIEe6m3W9u8D8EmpTeJ/QI624aCw1U3/dXXGJtpIjfgz5iDlIjwDNARUiBF/NAS6x6BevhxHAUbqzLsevg5cLejJnvz8xLuIOv2XXFLecKlAyKeilYYFzzz+ToWvAl/JD1gXmfTg2ts7HVQ/qzdvO8lNaPZCOWK3aLMFcHB2dV25fkTQOdPmDNixImUU77jDS3XT5ex8vSG/FcqdnmIQp0aR8qNhtDUoLEJqIZQcU9pK7c26aS2ZxI/hEyRQmTdFZp3b+ia3TGJFX4M4CHyZKt97tqj/7tIifwo/VV5J+/AgsYbwHk8BU+c1M8L+FbY5V9Tiyj8RNZGk2Fa2cS8DkxQ8pkr2/rPEBbnEN5voLj6BF6AFFd05MjV87Kr02ycqJeLDXCYqFlmemtBmd4mEW/30WxHXDRpAi6r83IxBl346EYKhmvd5wqFSNDCrUIiqZqyTVmL8z+lacoQvBAy6y7OK78SplclIrcowQobfMalQug/5NJVaTUr9DCFP1pLsa11Qbyh7kt8EQL9mbB4xl88dhWGIQuuGH9Ejvgmxs/wjJv0TFpdtaujSwLiSedLK9Qs89nRS1qxg6tKtkbRMUwWxUFQVZQt9vVZF7DW0OJ6HVFIYoYEAb2o4keIU1q3m+fUNvcbxmo8vPlrL4OQAmlEg4lSrR+9ecVl7DbCSPDSvcZeu+bHcSHLFC8kTMU97DWdRc7Kv3ycqBfrFa2SW8ctdJtaCqOmsoqgjbEdQaVsr76k5UrZbuoUnH8y4pyavadtl2NQKpKLCOdH0cigENqWZoVQYhU67U4zL44dj42LG4rpVgOd2Fa+S8qo855JUwR6MOdWspsx9/6IwRX78FByyFoztCvVlOmv+BBNpAhCzun46aAWLMvGYZeWmn0uLDGEC0q7qhNwpMbktFpTEpx99/fMjvM07mlVCf5cfxDrGBFq1JxrSByXcO+h0XrfLqBE8pOSsmTQ4LGqhA64hlVN8+9gkTcXFocgO6EMYAIal3pcbulP/bP3ZtedClD2eLphED8f1hnsxYQuokBERhin/oueZ+Gu7Hg7DQf7NC0xPYux7saXOobu264pDXXZ2E+0fumGBooAalbSKCH1kLW7yTiULMZlESmCI+U28ZKNRGM33j5RS8Toa0YzIo1Cqo86CRwSRlAygwnOHQuu0GYbvOA0PXd+ZgVj4E12mHE9mgtrBi2+wS4ngiOkvektD2OdJ0abR0molTB8H9xFKC48DBMBojLnAw/+7CFZSQBQH3wsYWSy+fQ/W0QPk/0ob3qRcpg2H/Y28Wc9OdXTsJs6Us76MWaM1zoxc7u68euz21zeZA1CJND/1fFA6QCwn8TULIneFppWfNWM1XF7Hn487K3s
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0104_01DB77B4.37C8D990"
MIME-Version: 1.0
X-OriginatorOrg: nec.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TYWPR01MB11376.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 64c44dd0-c2e2-4d30-6e55-08dd45801b52
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Feb 2025 00:57:47.2367 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e67df547-9d0d-4f4d-9161-51c6ed1f7d11
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bygZq6UOuS57MXJh5oMk+fuxzXnXRQzXZ1W6k81DaSIPLW4QMV8s2vxwJPKBsGZ5J15AUNUp590dJnEseNjqgQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYRPR01MB15171
Message-ID-Hash: ZPC6XBMOKK4BPX4BYWHXROVMJDBFYRX7
X-Message-ID-Hash: ZPC6XBMOKK4BPX4BYWHXROVMJDBFYRX7
X-MailFrom: k-minematsu@nec.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cfrg@irtf.org" <cfrg@irtf.org>, "INOUE AKIKO(井上 明子)" <a_inoue@nec.com>, IWATA Tetsu <iwata.tetsu.f6@f.mail.nagoya-u.ac.jp>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Comments on draft-irtf-cfrg-aead-properties-09.txt
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/vVA081_qpfQgSgmLSv6zdeNMchU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Dear Andrey, 

Thanks a lot for your detailed reply and encouraging words! 
We surely understand the constraints and agree with your approach to incorporating our comments. 
Also thanks for letting us know the github plan. We will keep eyes on that. Let us keep in touch. 

Best regards,
Kazu on behalf of the authors

> -----Original Message-----
> From: Andrey Bozhko <andbogc@gmail.com>
> Sent: Tuesday, February 4, 2025 9:44 PM
> To: MINEMATSU KAZUHIKO(峯松 一彦) <k-minematsu@nec.com>
> Cc: cfrg@irtf.org; INOUE AKIKO(井上 明子) <a_inoue@nec.com>; IWATA Tetsu
> <iwata.tetsu.f6@f.mail.nagoya-u.ac.jp>
> Subject: Re: [CFRG] Comments on draft-irtf-cfrg-aead-properties-09.txt
> 
> Dear Akiko, Tetsu, and Kazuhiko,
> 
> Thank you very much for your comments and for sharing your paper—it's an exciting
> and highly interesting work.
> 
> Unfortunately, adding (or subdividing) properties won’t be possible at this stage, as
> the list of properties was finalized some time ago, prior to the technical reviews.
> However, I believe adding clarifications on examples based on your paper and, in
> particular, correcting the mention of OCB in the Inverse-Free section (many thanks
> for catching that!) should be possible during the editorial stage when it’s the draft’s
> turn in the queue.
> 
> Additionally, once the draft is published, I plan to maintain a somewhat extended
> (and experimental) version on GitHub
> (https://github.com/AndAlBo/draft-irtf-cfrg-aead-properties) since the field is still
> actively evolving. I intend to incorporate your comments there in more detail as well.
> Please feel free to propose any further changes or improvements there.
> 
> Once again, thank you for your valuable comments!
> 
> Best,
> Andrey
> 
> 
> On Tue, Feb 4, 2025 at 09:08 MINEMATSU KAZUHIKO(峯松 一彦)
> <k-minematsu=40nec.com@dmarc.ietf.org <mailto:40nec.com@dmarc.ietf.org>
> > wrote:
> 
> 
> 	Dear all,
> 
> 	We recently learned about the I-D on AEAD
> 	(draft-irtf-cfrg-aead-properties-09) and found it quite relevant in
> 	practice.
> 	As we published a paper on robustness of common AEs ([IIM25], will appear
> at
> 	CT-RSA 2025), we would like to share our comments on the draft.
> 
> 	In [IIM25], Table 1 provides a comprehensive view on nonce-misuse or RUP
> 	security of GCM/CCM/OCB(3), which would be helpful to improve Sections
> 4.3.7
> 	and 4.3.10 of the draft. Concretely:
> 	1. Sect 4.3.7, Nonce-misuse resilience confidentiality (NML-Priv in our
> 	paper): it holds for GCM but only with 96-bit nonce. This was shown by
> 	[ADL17]. Our paper shows that CCM has NML-Priv.
> 	2. Sect 4.3.7, Nonce-misuse resistance (NMR in our paper): NMR could be
> 	further classified into confidentiality (privacy) and authenticity as the
> 	draft did for NML. Then we have two notions, Nonce-misuse resistance
> 	confidentiality/privacy (NMR-Priv) and Nonce-misuse resistance
> 	authenticity/integrity (NMR-Auth). [IIM25] shows that CCM has NMR-Auth
> (even
> 	stronger. See below).
> 	3.  Sect 4.3.10: INT-RUP could be classified into the cases where nonce
> may
> 	be repeated or not. We can also consider combined notions such as NMR +
> 	INT-RUP.
> 	[IIM25] shows that
> 	- GCM has plain INT-RUP (i.e. nonce does not repeat in encryption queries)
> 	- CCM has NMR-INT-RUP (i.e. nonce may repeat at any query).
> 
> 	As a side note, at Sect 4.4.2 (Inverse-Free), OCB was listed as an example,
> 	which is not correct. If you mean an inverse-free OCB-like parallel AE mode,
> 	OTR [Min14] would be the right one here.
> 	Moreover, COFB [CIMN17], the base scheme of a NIST LwC finalist
> GIFT-COFB,
> 	is an inverse-free serial AE mode enabling smaller state than OCB/OTR.
> 
> 	We hope these comments will help improving the draft.
> 
> 	Best regards,
> 	Akiko Inoue
> 	Tetsu Iwata
> 	Kazuhiko Minematsu
> 
> 
> 	[IIM25] Comprehensive Robustness Analysis of GCM, CCM, and OCB3,
> Akiko
> 	Inoue, Tetsu Iwata and Kazuhiko Minematsu
> 	https://eprint.iacr.org/2024/1339 (to appear at CT-RSA 2025)
> 
> 	[Min14] Parallelizable Rate-1 Authenticated Encryption from Pseudorandom
> 	Functions, Kazuhiko Minematsu. EC 2014
> 	https://eprint.iacr.org/2013/628
> 
> 	[CIMN17] Blockcipher-based Authenticated Encryption: How Small Can We
> Go?,
> 	Avik Chakraborti, Tetsu Iwata, Kazuhiko Minematsu, and Mridul Nandi,
> CHES
> 	2017.
> 	https://eprint.iacr.org/2017/649
> 	_______________________________________________
> 	CFRG mailing list -- cfrg@irtf.org <mailto:cfrg@irtf.org>
> 	To unsubscribe send an email to cfrg-leave@irtf.org
> <mailto:cfrg-leave@irtf.org>
>

v2.29.0 | Report a Bug | By Email | System Status