[Cfrg] Big-key cryptography
Aaron Zauner <azet@azet.org> Mon, 07 December 2015 00:27 UTC
Return-Path: <azet@azet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60A3C1A8ADB for <cfrg@ietfa.amsl.com>; Sun, 6 Dec 2015 16:27:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_41=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KpJbqabFR08C for <cfrg@ietfa.amsl.com>; Sun, 6 Dec 2015 16:27:53 -0800 (PST)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E80501A8AD7 for <cfrg@irtf.org>; Sun, 6 Dec 2015 16:27:52 -0800 (PST)
Received: by lbpu9 with SMTP id u9so8275777lbp.2 for <cfrg@irtf.org>; Sun, 06 Dec 2015 16:27:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=message-id:date:from:user-agent:mime-version:to:subject :content-type; bh=Zmj6lGN0IdszKE4WfTyBmT//X1T64+E5/aA8sCrWz0U=; b=ZCJzd9cIYqnZOXcKXghrhbQrYtn48zfOlYA2Iin/enLXw/t5qc846FHgPzw2PGaD3w uvtvWOXuXaW6IYwi5dJDwt2YfKlSXO15xKQFVM0SBEnMrbG+Zkik5eKnhiIRfgvNw9Sr PGgz5+eCqSlMUNdxxUU2Bn+Xwqw2sxijDYW0U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type; bh=Zmj6lGN0IdszKE4WfTyBmT//X1T64+E5/aA8sCrWz0U=; b=NHsRBXhU6GQGRnkeWpNhuRjCWW8nD4/R28xYLIEoSbK/Y02YicSb7lBVv9uO7Vxk0p JkcBgwJw9b9VdPaljmP+UrhokoJZcpV/SEHLBsEie51OvmN7W2ZTaG+YSmGLhLfJpmAX 5+7Ie6O7cLOxgY+XJlxvBBrWpcaCKArsahTHxhSaekdkA+3ZVRjVudLl8fwW4UCJm4d2 4uPpIIkC/ty9dQqytXCo2p74yzihJN8QtXFPro81UX2Ha8yJNlNceA32fctCE+ujfw3O m5KXo5mGI5eQ8FlP3VSWgTp0Tw0GDH3kDFWG8APV9Ic+ZR6TuZlhPUKb6/Nb6tU6IP07 7lzw==
X-Gm-Message-State: ALoCoQnUhCvmDr7cV2Oz2Dl+NsUkQwzakGWgVoUN9sw1PXYrbADVDfxgB9kAVecFZ2V6nBWBuk+a
X-Received: by 10.112.63.130 with SMTP id g2mr10745637lbs.28.1449448070948; Sun, 06 Dec 2015 16:27:50 -0800 (PST)
Received: from [192.168.1.103] ([41.232.113.177]) by smtp.gmail.com with ESMTPSA id c77sm4440371lfb.41.2015.12.06.16.27.49 for <cfrg@irtf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 06 Dec 2015 16:27:49 -0800 (PST)
Message-ID: <5664D280.306@azet.org>
Date: Mon, 07 Dec 2015 01:27:44 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: "'cfrg@irtf.org'" <cfrg@irtf.org>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enigA4690DB65B9F2EBDAC9AFFFD"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/zFRnvoBIcbYlCUee5UlSYOVd4so>
Subject: [Cfrg] Big-key cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2015 00:27:54 -0000
Hi, People that have read Rogaway's recent IACR Distinguished Lecture [0] might have noticed (besides an amazing essay on crypto, ethics and politics of course) that there's new work mentioned on something they call 'Big-key cryptography'. Let me quote Verbatim: ``` Suppose you have a bigkey K. You want to use it for some protocol P that has been designed to use a conventional-length key K. So choose a random value R (maybe 256 bits) and hash it to get some number p of probes into the bigkey: i_1 = H(R, 1) i_2 = H(R, 2) ... i_p = H(R, p) . Each probe i_j points into K: it’s a number between 1 and |K|. So you grab the p bits at those locations and hash them, along with R, to get a derived key K: K = H'(R, K[i_1], . . . , K[i_p]) = XKEY(K, R) . Where you would otherwise have used the protocol P with a shared key K, you will now use P with a shared bigkey K, a freshly chosen R, this determining the conventional key K = XKEY(K, R). We show that derived-key K is indistinguishable from a uniformly random key K0 even if the adversary gets R and can learn lots of information about the bigkey K. The result is quantitative, measuring how good the derived key is as a function of the length of the bigkey, the number of bits leaked from it, the number of probes p, the length of R, and the number of random-oracle calls. [...] I think that the subkey prediction problem, and the key-encapsulation algorithm based on it, will give rise to nice means for exfiltration-resistant authenticated-encryption and pseudorandom generators. In general, I see bigkey cryptography as one tool that cryptographers can contribute to make mass surveillance harder. ``` This seems to be a yet unpublished manuscript but I can think of quite a few instances where this approach might come in handy for keys used in various high-confidentiality protocols. What does CFRG think? Thanks, Aaron [0] - http://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf p. 31-32
- [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Dan Brown
- Re: [Cfrg] Big-key cryptography Natanael
- Re: [Cfrg] Big-key cryptography Alexandre Anzala-Yamajako
- Re: [Cfrg] Big-key cryptography Paul Grubbs
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Dan Brown
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Ryan Carboni
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Hanno Böck
- Re: [Cfrg] Big-key cryptography Grigory Marshalko
- Re: [Cfrg] [MASSMAIL]Re: Big-key cryptography Grigory Marshalko
- Re: [Cfrg] Big-key cryptography Alexandre Anzala-Yamajako
- Re: [Cfrg] Big-key cryptography Aaron Zauner
- Re: [Cfrg] Big-key cryptography Aaron Zauner