IETF Logo Mail Archive

Re: [Cfrg] KangarooTwelve draft has been updated to 01

John Mattsson <john.mattsson@ericsson.com> Mon, 18 December 2017 14:34 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B40B12D7E4 for <cfrg@ietfa.amsl.com>; Mon, 18 Dec 2017 06:34:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.32
X-Spam-Level:
X-Spam-Status: No, score=-2.32 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePfKS22PFRcy for <cfrg@ietfa.amsl.com>; Mon, 18 Dec 2017 06:34:49 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57038124B17 for <cfrg@irtf.org>; Mon, 18 Dec 2017 06:34:49 -0800 (PST)
X-AuditID: c1b4fb30-d31ff70000006bc7-75-5a37d20748af
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.183.24]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 86.E8.27591.702D73A5; Mon, 18 Dec 2017 15:34:47 +0100 (CET)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.24) with Microsoft SMTP Server (TLS) id 14.3.352.0; Mon, 18 Dec 2017 15:34:47 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PyquNSyLOhBryd1FiAIsdZqKZaW/juBgzcsWBr9w4XA=; b=NzQ8pTLL6ch59sGnOZfynTU7LP+494agG5GmQWP3JUO1d49JcRJqEXCR8dt91bZURd3joMo4fvDI6U58PmiL23VQghPPTWp9b3fFAvdRmR1mK84fENSK8py425oMfFv8QpK6vdyHBjNGIdbEgDA97h7MesUdagg1CWe/FAs5M2M=
Received: from HE1PR0701MB2011.eurprd07.prod.outlook.com (10.167.189.149) by HE1PR0701MB2009.eurprd07.prod.outlook.com (10.167.189.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.345.10; Mon, 18 Dec 2017 14:34:45 +0000
Received: from HE1PR0701MB2011.eurprd07.prod.outlook.com ([fe80::e053:8a18:a6e0:70e4]) by HE1PR0701MB2011.eurprd07.prod.outlook.com ([fe80::e053:8a18:a6e0:70e4%13]) with mapi id 15.20.0345.013; Mon, 18 Dec 2017 14:34:45 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Benoît Viguier <b.viguier@science.ru.nl>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] KangarooTwelve draft has been updated to 01
Thread-Index: AQHTdPlW3DMfadTsAkmaUm+JZkn7mqNJQTgA
Date: Mon, 18 Dec 2017 14:34:45 +0000
Message-ID: <0A72A5A6-DDEE-4265-9159-8F3D0821BD6B@ericsson.com>
References: <222451df-8795-7621-9fd9-043ada216c1b@science.ru.nl>
In-Reply-To: <222451df-8795-7621-9fd9-043ada216c1b@science.ru.nl>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.28.0.171108
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.85]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR0701MB2009; 6:NvmPF9h2gdFaC84MSIaCMu5n1iTzwg0Tp4VpzeMnnBBYhNitU8IYzctsmuEEZMrSuHdi1LEzEllNRPolNUjGAwbKjycneh9IZYacwtDaj3q8JxHh/VTisbhdtvf/W3eXfBRUkWC9LBtOZGj0SyAHG0YV9sPzyJMRc66WZeSTLWXa+8i5gHqoCyvInvOLFVtd8R/Ot5sFwhmpC7BaIRW1zJbbmXS80wP+8MeNW1NoC8Vb6ZXoC4BuraSK6cvxTxK1ZfakALKgOu0CSC9GM3NkjcgpPtobD00HLMLgQasD5lFh5jjukVbtJh7pFpCXPwc8NJ8Tb8JB6T1UWeGGYNYinUQVg0YTDcJkJDO9TC77tok=; 5:zjXvDu3JubJtsvmnAQ86gFgNJUcB0/7irWcALx7Uyd0yRw6gaN2BSXPaBBJXXiJP7kG3UVI1yM5usEi3CsUrf+jDlW3M5EBmyXkMfGh9dWlVCuOIKQ/FVSPebuu/262U1rLyVfvigYEMrzm7UIF2sHgyI+RLzhM0j54cahOgi5k=; 24:7GW8bpj7hnRNV8ZnYJ9NBVtpCWYYHo5s0hq7KmfVTAlD8Pi4q+JkM1rIE840GjzGZTSk4+yV+JDHdlWKEb4VBoNIXLkHJFYCGwMnLt0yWZc=; 7:RuMZdiZN6jPqGjzGQr+1W8Z9v4cSBYGtZzx5TytuDhcfjsCSZMR/27nTXh1rnuQ9qcL8GuNO1cxa10MwnG5+rLmxMETNJlgi+0pf1R+l2c58XFcXRQcqFvcyOjYtA1OJbLGDH0eDlcGkMMez9dOSeAGbJ62ZBWjEn4oppUr6of/4CcyF/iY5bHuyhxxz47nTYJp34JWOV5x4SosXmkMFSBzFrcoCP4CxEdL6flJd2bXsdkT6Bo0Gzk0OipbC4ALR
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: f7b809d7-a876-4934-8514-08d546247c04
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603307); SRVR:HE1PR0701MB2009;
x-ms-traffictypediagnostic: HE1PR0701MB2009:
x-microsoft-antispam-prvs: <HE1PR0701MB200998C6F6FF9B80AC1209C5890E0@HE1PR0701MB2009.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231023)(6041248)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(6072148)(201708071742011); SRVR:HE1PR0701MB2009; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:HE1PR0701MB2009;
x-forefront-prvs: 0525BB0ADF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(396003)(376002)(366004)(189003)(199004)(9326002)(83716003)(25786009)(10710500007)(68736007)(2950100002)(2900100001)(76176011)(316002)(5660300001)(106356001)(110136005)(105586002)(53936002)(606006)(53386004)(6246003)(58126008)(97736004)(99286004)(83506002)(2501003)(5250100002)(229853002)(2906002)(6306002)(236005)(6436002)(102836003)(3846002)(33656002)(86362001)(8676002)(81166006)(561944003)(81156014)(966005)(478600001)(7736002)(36756003)(82746002)(15650500001)(1680700002)(2420400007)(3280700002)(53546011)(3660700001)(7110500001)(6486002)(6116002)(59450400001)(14454004)(6512007)(8936002)(6506007)(66066001)(54896002)(554374003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2009; H:HE1PR0701MB2011.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_0A72A5A6DDEE426591598F3D0821BD6Bericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f7b809d7-a876-4934-8514-08d546247c04
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2017 14:34:45.4668 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2009
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTYRjG+c45247S4HNpvniBnIRLcpoIGkQp/ZH+oQVR1Chq6lFX3tpR cxIxdEa6DF0Xp24pJVE50GRilhe8hFmWsiTKIlsWutTUSjfwQtvOAv/7ned53u973sNHkyIz L4BW5BYwylx5tpjvTdWd7IQIgSVWFjXaFh7XZ5TGaR39RDyRePPJID/RZks6Ssi896cz2Yoi Rhl54Jx3VstvDZHvqEDFE73fSDVquIoqkRcNOAbWTJNEJfKmRXgQwduvGoHLEOGXCAxdKS6D wlUk/Gm38rlUIwFLd2Yp7mMGgX1VQ7lG+DgKjN1qvot9sRxWlh+SLt6OD0Jv3zji9HgwlG2Q HEfD1PCKW6fwLnA0LLuvFjrz+pV7PK5GPFSbLO6MF06AzVU14WKEd4D9lcnNJPaH0r+PeNw+ GJq7x0iO/cA2venW/bAUNrvmPLNnoLy81qnTzsxOsHakcPFgsDRqkWsvwEMCqL89SnCGFDpq Fjz/Kxk+jLYKuNADBFVN6wLO2ANt412eEnnw+ueip8RpMNxVk9xAMwnzhlrPqUEwPaSlqlFE /ZYlOE6DyR9GNwuxD4zUfafqnWVJvBtan0VykRC4pbUKOJZAucHo4USo7fjI35ppQvRj5Mcy bGpOZnS0lFEq0lg2L1eayxS0I+db6jevRT1FtpmEAYRpJN4mDB+LlYl48iJWlTOAgCbFvsKU N05JmC5XlTDKvLPKwmyGHUCBNCX2F44kCWUinCkvYC4wTD6j/O8StFeAGnmZJeNVMWvz4ccW dIsD2gmHVae/n3z402rIkcLA0ISK0EPnBbzgRSrrS7CqbPZSqVnya59uytcxqEytOGXv6b+R uJFhtlwcFsa8m7mmCGuRyO0+xh5TEJ+5fGXpuq5TczxZE8ZaaprW56zFn0tspdSJjFXVyFLC 88731Au9XkyxWfK94aSSlf8DkQxGfUcDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zDC8L-1h63QTOOMfQT9V-YiTmd8>
Subject: Re: [Cfrg] KangarooTwelve draft has been updated to 01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2017 14:34:52 -0000

Hi,

I am positive to standardization of this draft. High speed algorithms are always welcome as long as they offer sufficient security margins, and as far as I can tell, this proposal does just that.


I read through the draft and have some high-level comments:

- I think the draft should consider using the same notation as NIST. While I kind of like the M,C notation in draft-viguier-kangarootwelve better than the X,S notation by NIST, I think having a common notation for all standardized algorithms in the Keccac-family avoids a lot of misunderstanding.


- “The SHA-3 functions process data in a serial manner and are unable to optimally exploit parallelism available in modern CPU architectures”

I think the draft should refer to ParallelHash [NIST SP 800-185] and explain what benefits KangarooTwelve has compared to ParallelHash128.

I think it would be good to discuss the Keccak family (SHA-3, SHAKE, cSHAKE, ParallelHash, KangarooTwelwe) with a few more sentences (e.g. pointing out that SHA-3 is not a XOF while the others are, customization, parallelism, number of rounds, etc. ).


- “aims at higher speed than SHAKE and SHA-3.”

Does it succeed? I think some numbers like the one presented in https://keccak.team/2017/is_sha3_slow.html would be good.


- "It makes no assertion to its security"

I think this document at least needs to tell the reader that KangorooTwelve provides a 128-bit security strength.

I think the document also need to give requirements for the parameter outputByteLen. Doing so, it might need to discuss preimage and collision attacks.


- If CFRG decides to standardize this (which I think it should), there should be discussion on whether MarsupilamiFourteen should also be standardized, whether CFRG agrees with the decision to fix the parameter B (NIST leaves it as a user-chosen parameter), and whether CFRG agrees that B=8192 is the best choice.

Cheers,
John

From: Cfrg <cfrg-bounces@irtf.org> on behalf of Benoît Viguier <b.viguier@science.ru.nl>
Date: Thursday, 14 December 2017 at 17:33
To: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] KangarooTwelve draft has been updated to 01


Dear CFRG participants

I updated the RFC draft for KangarooTwelve with respect to the remarks of

David Wong, Quynh Dang and the participants of IETF meeting in Prague.

You can find the new version of the draft here:

https://tools.ietf.org/html/draft-viguier-kangarootwelve-01



KangarooTwelve provides an efficient and secure hashing primitive, which is

able to exploit the parallelism of the implementation in a scalable way. It

uses tree hashing over a round-reduced version of SHAKE128 as underlying

primitive.

The reference code is also at available at:<https://github.com/KeccakTeam/KeccakCodePackage>

https://github.com/KeccakTeam/KeccakCodePackage

(Standalone/KangarooTwelve-reference/K12.py)



I intend to present the draft in London at the next CFRG meeting.

--

Kind regards,



Benoît Viguier

Software Engineer - PhD Student | Cryptography & Formal Methods

Radboud University | Mercator 1, room 03.17, Toernooiveld 212

6525 EC Nijmegen, the Netherlands | www.viguier.nl<http://www.viguier.nl>

v2.23.0 | Report a Bug | By Email