IETF Logo Mail Archive

Re: [CFRG] Extract-and-expand with KMAC

"Dang, Quynh H. (Fed)" <quynh.dang@nist.gov> Wed, 18 November 2020 18:20 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0069B3A03FC for <cfrg@ietfa.amsl.com>; Wed, 18 Nov 2020 10:20:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQFeXiwGXtvX for <cfrg@ietfa.amsl.com>; Wed, 18 Nov 2020 10:20:00 -0800 (PST)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2116.outbound.protection.outlook.com [40.107.89.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9744F3A03F5 for <cfrg@irtf.org>; Wed, 18 Nov 2020 10:20:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jyKyyoXHTo6GofxFOQk24acx6d9zEHJZybn+3mstUv8xQTktPYowfE2lAQNNMJ8CjhBGzPzjqQLdZc51m7Azr/i2Ph+F9gCPr0dWJG4jBXUOJ0q0crgnKYoTYD3ZxBbyX88bliirUjF2u0PR3Vn605OVc7qtVTrj/uAXxR6d5krbfs8/SRF9d/Himg6QfjdjRA3KmVe/ZvL+jCb6in1MWbWbaBWOq9MeDnB+FdatJRqKNm94fyKMguyGMbaQlfT8tErMwqKAgB8LAJlXcgok5MY8+d5qHJU3KZM2+PX4jSrkaqMn8Uo3o+Y1Rr28MC2OEpIUNN7V7+AaeV7/dRpfTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oa1GYKGvviL4RZ6aTxtH9vXPHwT/BDuZdJLjeD5FvYE=; b=flBWPfDkwcHyAKLIMrGqXzx9SHctTvBkWipVDDMKspqbFIBbndQLAAE1kO4PAaptM1d+nWVwsEc82heQlYaw0DycvDhtlKZkqUc4U0FDA3YBYAuUuwzO/utNxqBMWtEG9dkc8hj9BU23pvM/Dt/tYWrNsJse2KH1yBuiBL0VvaJO0B0BVpNvOWsxWrdqyEGN2IAunQDER3Y6m/3++5MwDquENFtamPan6fJr1DqTO6bNIWsb7hkrQduDpPDRG9ZhjbDBkfYY1nP7m6GFEGfDASWwu4gqUoCHJNDROBxj0fHCoZY2KUwDtGt8FA212ckokJRh32F5KvhiufjHntwATg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oa1GYKGvviL4RZ6aTxtH9vXPHwT/BDuZdJLjeD5FvYE=; b=ClQhP6h7k4gWZ0q2jkeuMskXMk6f25kbbCGLLSGwzAovk6QdBRiu535+2VJnP/0IG34DlXdave+NDHdQKKb4DYZcydwhduxN2B6qwCmGrvt+my9217cb/xeHpqBU3Zqnv60JyubLy1RNM2rD1KtfDCyqvdTXAoNMhaHWas82Vps=
Received: from SA0PR09MB6841.namprd09.prod.outlook.com (2603:10b6:806:7e::23) by SA9PR09MB5374.namprd09.prod.outlook.com (2603:10b6:806:1e::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.26; Wed, 18 Nov 2020 18:19:58 +0000
Received: from SA0PR09MB6841.namprd09.prod.outlook.com ([fe80::7986:be41:74dd:45fe]) by SA0PR09MB6841.namprd09.prod.outlook.com ([fe80::7986:be41:74dd:45fe%5]) with mapi id 15.20.3589.021; Wed, 18 Nov 2020 18:19:58 +0000
From: "Dang, Quynh H. (Fed)" <quynh.dang@nist.gov>
To: "rsw@jfet.org" <rsw@jfet.org>, Gilles VAN ASSCHE <gilles.vanassche@st.com>
CC: CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] Extract-and-expand with KMAC
Thread-Index: AQHWu1XkK+V8z67lR0WSuO+k6tbdQ6nJZAOAgAQ/YYCAAI1iAIAAAl/Y
Date: Wed, 18 Nov 2020 18:19:58 +0000
Message-ID: <SA0PR09MB68410F90BBD3A5D45FF5E858F3E10@SA0PR09MB6841.namprd09.prod.outlook.com>
References: <467DD0FC-FF7F-453F-98B2-ADC7F0F976B1@ericsson.com> <20201115163535.GA3384456@LK-Perkele-VII> <AM9PR10MB43541E50ABC210C17630FBFCF2E10@AM9PR10MB4354.EURPRD10.PROD.OUTLOOK.COM>, <20201118175330.nt4nb4jqvzsjtmjw@muon>
In-Reply-To: <20201118175330.nt4nb4jqvzsjtmjw@muon>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: jfet.org; dkim=none (message not signed) header.d=none;jfet.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [2610:20:6005:218::5e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 0a703989-a7ea-4357-5e99-08d88bee8ed7
x-ms-traffictypediagnostic: SA9PR09MB5374:
x-microsoft-antispam-prvs: <SA9PR09MB5374E4C5A6272AE79C3BA8A6F3E10@SA9PR09MB5374.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V+OuJq/pCc9iQchNWP0BRlXsnBL+zxkI/sMuxao+fGhUeQ7KjgdAoHmjMR3eNoe6RSgI7Exm4haRP0BdvHH3rglGs6k/nAkF/AneSB4BM+GVz0wrwep7OTXyJ72IG3p8QaQnp3oHqbAUAU2XwCcyzbpHrdq8IoNOe8kcLFVwq2hLwDuvo68+hND+vayC0g9UkjvqBPK2XjfAP4cn9Pyjw1U213ECsV6BG7fTC4N/QQtn2s/96zMniaWzqZTCzdmhPAshbtTMLUfwGFZXiu2/BtBUDkkK3ncNkAJxuBXYUnlMNDdzSn37oCXF8CQndUDMA/VKpZkiFebHENQi/R0d3n0bvGHjBxkoBFUbil9A8shAP0o0EG41saiLpj03ha4RwVHIqFe11cXG+q/p3qWq6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA0PR09MB6841.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(346002)(376002)(396003)(136003)(86362001)(166002)(52536014)(19627405001)(478600001)(7696005)(66446008)(45080400002)(76116006)(66476007)(4326008)(33656002)(71200400001)(91956017)(66946007)(53546011)(64756008)(66556008)(966005)(5660300002)(6506007)(55016002)(83380400001)(186003)(8676002)(110136005)(8936002)(9686003)(316002)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: cpwPM0NU1YV1z+Ruke1pQoRzZz5ikqEno0HYSTGcR9NkHV5LMMHeTXJgfQJqDbGbuzO8ac8MrZqaGPKlW7CddCFUpdvjfDbig8VEvp96kTmFUz3R8ctDAQNcuKDysW1ZpQxORHgjSOMy5vDD2fHF1sl8yGPy19mYYSltDouwhoyfOP4V8xdwYUxiRgbYG2turYOGOp2O0GVOwe0ZS/R0TM7VmmUH4lk1KZ7P3Qfmtt8/4jx2BpsjG2Q0sE3kG6wLgoOntAHp3OAWKEWSAuCUW6qe+gBtpLhhilK0KqzOZCgZodOv8Sy0nTlN+Dq2HmvbmSZ7vjmdJd/dEWz55SnsnZcEI9Sm8r7I4LPlWogi2sFrU8GSuhqCNskeGgg0iFx7N05fXtvA+xWJhfu9CioPqk1/SEGksqe79vrTf51qYHLdKuWYeGTHS6Q54bbLmRl2awxuGbIazXVz0lJrdyhcDgEesDq6m1fDObswHqSzwILeD64J9GvH5zmsKVN+ZQaej8vwayfKnr/G1H+1rwMLF05rIZ5AwWALHqGugUc3TIHJW3JN1tLMxOiJEMnWBBHjQyxXjDuEfWZWEJiCHoak5bgqcyw1n2BQz+FoU4K/otGjx0syyItlGReWCWCq3efT5Lb5rzurvT34EhHF+tkqQ7WdHXfHK21sDUatTbykkce7eSBTErvg27qtX0V0QB5ZnqJ7am9Arbq1FDfGLJbWGgGto9Gqf0xx1Nuw4V/uCpIurbcR5u4znSMCNpcgQay3XO5BYTPx3wo1t75WL8fhi0MX/SUxMfwwaIo/PeYcwcbQbS/oFTuTfOj8xFfQRswYdeLT5DoVfUZSme1UHLUZQTobNVv8/0KksjkDLoqAN+WNd0CVaxIVAHrwlDTiXWAhq0yzeZD9Sexv79o91KLO/rD7HhaZQAvqFmHvrT+eJtQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SA0PR09MB68410F90BBD3A5D45FF5E858F3E10SA0PR09MB6841namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA0PR09MB6841.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a703989-a7ea-4357-5e99-08d88bee8ed7
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 18:19:58.6756 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ah48/qqCVT7+MoCSJgniGdxdkGRVcMRLE8tUDtYyCiF7grzlsyB95G4qjjkm2pgt
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA9PR09MB5374
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/DadALsw3F8F3OgyALyO04MuEO3Y>
Subject: Re: [CFRG] Extract-and-expand with KMAC
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 18:20:03 -0000

Hi R,

I am not aware of a protocol where the output from an extract step: PRK is saved and the expansion step gets executed later to generate keys.

Both steps get completed to produce key(s) and one of these keys can be used as a key derivation key to derive more keys later if there is a need like that.

When you use KMAC, one of the output keys can be used as a key derivation key to derive keys.

The point of KMAC or SHAKE as a KDF is that it covers the extraction and expansion functionalities in its sponge's construction already.

Regards,
Quynh.
________________________________
From: CFRG <cfrg-bounces@irtf.org> on behalf of rsw@jfet.org <rsw@jfet.org>
Sent: Wednesday, November 18, 2020 12:53 PM
To: Gilles VAN ASSCHE <gilles.vanassche@st.com>
Cc: CFRG <cfrg@irtf.org>
Subject: Re: [CFRG] Extract-and-expand with KMAC

Gilles VAN ASSCHE <gilles.vanassche@st.com> wrote:
> This solution is not incompatible with the case where an intermediate
> value PRK is required: (salt ; IKM) is padded to take a whole number
> of blocks, and PRK is the state value after absorbing it.

I'll admit I am stating the obvious, but: while this proposal works
technically, it requires access to implementation internals that
may not always be available.

(In particular: the SHAKE API, to my knowledge, does not include the
ability to save and reload state. I'm aware that some implementations
*do* provide this functionality, but strictly speaking it violates
the contract. This could lead to implementation issues down the road.)

Best,

-=rsw

_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fcfrg&amp;data=04%7C01%7Cquynh.dang%40nist.gov%7C7fd1eb001fff4cd915f408d88beb2dd6%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637413189515656868%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4lRQ1TXrcTOetxwjoMaZCA8sp78WgrfUgJitNAImC3s%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email