Re: [Cfrg] Do we need a selection contest for AEAD?
Jim Schaad <ietf@augustcellars.com> Wed, 01 July 2020 17:32 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17E063A07A2 for <cfrg@ietfa.amsl.com>; Wed, 1 Jul 2020 10:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cwx-eD954dVz for <cfrg@ietfa.amsl.com>; Wed, 1 Jul 2020 10:32:42 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 438353A040F for <cfrg@irtf.org>; Wed, 1 Jul 2020 10:32:42 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 1 Jul 2020 10:32:33 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: "'Stanislav V. Smyshlyaev'" <smyshsv@gmail.com>
CC: 'CFRG' <cfrg@irtf.org>
References: <CAMr0u6=QJuG9mshppB6qeryk6qekVKgi9D=WqGoa_L4sNgtYLg@mail.gmail.com> <C55EF5A9-F283-4721-98B9-22CE168D4E08@cisco.com>
In-Reply-To: <C55EF5A9-F283-4721-98B9-22CE168D4E08@cisco.com>
Date: Wed, 01 Jul 2020 10:32:31 -0700
Message-ID: <042e01d64fcd$9b248480$d16d8d80$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
thread-index: AQJV9zpKieO8w4OilKrmZ7VY/5Gz3gJfpmRNp+CvOkA=
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zvZ91O5TI8K9nMZtmE58TNAZoNg>
Subject: Re: [Cfrg] Do we need a selection contest for AEAD?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 17:32:51 -0000
+1 Having a document that I can point to that gives what the properties are and do I care about them when deciding on an algorithm would be very useful. In the past I have completely ignored this and made assumptions about what it means. > -----Original Message----- > From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of David McGrew (mcgrew) > Sent: Tuesday, June 30, 2020 4:33 PM > To: Stanislav V. Smyshlyaev <smyshsv@gmail.com> > Cc: CFRG <cfrg@irtf.org> > Subject: Re: [Cfrg] Do we need a selection contest for AEAD? > > Hi Stanislav, Alexey, and Nick, > > It would be great for CFRG to review modern AEAD modes and their properties, > but instead of holding a contest at this time, I suggest focusing on the > applicability of these properties to IETF protocols. It would be valuable for the > community to get to a better understanding of which properties have the most > applications, and which are niceties and which are nececessities. In the same > vein, having a deeper understanding about the scenarios that have led to > security failures in the field would help to motivate properties like robustness > and leakage resilience. So I suggest having a call for presentations and > documents that includes these broader topics around AEAD. If nothing else, it > could be a prelude to a contest. > > The list of properties below is a great start; nonce hiding and resistance to > multiple forgery attacks are also worth considering (and have been raised by > others I believe). > > Regards, > > David > > > On Jun 19, 2020, at 1:32 PM, Stanislav V. Smyshlyaev <smyshsv@gmail.com> > wrote: > > > > Dear CFRG, > > > > The chairs would like to ask for opinions whether it seems reasonable to > initiate an AEAD mode selection contest in CFRG, to review modern AEAD > modes and recommend a mode (or several modes) for the IETF. > > > > We’ve recently had a CAESAR contest, and, of course, its results have to be > taken into account very seriously. In addition to the properties that were > primarily addressed during the CAESAR contest (like protection against side- > channel attacks, authenticity/limited privacy damage in case of nonce misuse > or release of unverified plaintexts, robustness in such scenarios as huge > amounts of data), the following properties may be especially important for the > usage of AEAD mechanisms in IETF protocols: > > 1) Leakage resistance. > > 2) Incremental AEAD. > > 3) Commitment AEAD (we've had a discussion in the list a while ago). > > 4) RUP-security (it was discussed in the CAESAR contest, but the finalists may > have some issues with it, as far as I understand). > > 5) Ability to safely encrypt a larger maximum number of bytes per key > (discussed in QUIC WG).. > > > > Does this look reasonable? > > Any thoughts about the possible aims of the contest? > > Any other requirements for the mode? > > > > Regards, > > Stanislav, Alexey, Nick > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Do we need a selection contest for AEAD? Stanislav V. Smyshlyaev
- Re: [Cfrg] Do we need a selection contest for AEA… Thomas Peyrin
- Re: [Cfrg] Do we need a selection contest for AEA… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Do we need a selection contest for AEA… Thomas Peyrin
- Re: [Cfrg] Do we need a selection contest for AEA… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Do we need a selection contest for AEA… Scott Fluhrer (sfluhrer)
- Re: [Cfrg] Do we need a selection contest for AEA… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Do we need a selection contest for AEA… Mihir Bellare
- Re: [Cfrg] Do we need a selection contest for AEA… Eric Rescorla
- Re: [Cfrg] Do we need a selection contest for AEA… Daniel Franke
- Re: [Cfrg] Do we need a selection contest for AEA… Wasa Bee
- Re: [Cfrg] Do we need a selection contest for AEA… Martin Thomson
- Re: [Cfrg] Do we need a selection contest for AEA… Thomas Peyrin
- Re: [Cfrg] Do we need a selection contest for AEA… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Do we need a selection contest for AEA… Paul Grubbs
- Re: [Cfrg] Do we need a selection contest for AEA… Yevgeniy Dodis
- Re: [Cfrg] Do we need a selection contest for AEA… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Do we need a selection contest for AEA… Mridul Nandi
- Re: [Cfrg] Do we need a selection contest for AEA… Thomas Peyrin
- Re: [Cfrg] Do we need a selection contest for AEA… Mihir Bellare
- Re: [Cfrg] Do we need a selection contest for AEA… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Do we need a selection contest for AEA… David McGrew (mcgrew)
- Re: [Cfrg] Do we need a selection contest for AEA… David McGrew (mcgrew)
- Re: [Cfrg] Do we need a selection contest for AEA… David McGrew (mcgrew)
- Re: [Cfrg] Do we need a selection contest for AEA… Jim Schaad
- Re: [Cfrg] Do we need a selection contest for AEA… Martin Thomson
- Re: [Cfrg] Do we need a selection contest for AEA… Stephen Farrell
- Re: [Cfrg] Do we need a selection contest for AEA… Jim Schaad
- Re: [Cfrg] Do we need a selection contest for AEA… Michael StJohns