Re: [Cfrg] Discuss/standardize Preview extension to AEAD abstraction?
Alex Elsayed <eternaleye@gmail.com> Mon, 29 February 2016 18:14 UTC
Return-Path: <giic-cfrg@m.gmane.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC521B3950 for <cfrg@ietfa.amsl.com>; Mon, 29 Feb 2016 10:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.995
X-Spam-Level:
X-Spam-Status: No, score=0.995 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0Uswc0nM15O for <cfrg@ietfa.amsl.com>; Mon, 29 Feb 2016 10:14:40 -0800 (PST)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41DFE1B3948 for <cfrg@irtf.org>; Mon, 29 Feb 2016 10:14:40 -0800 (PST)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <giic-cfrg@m.gmane.org>) id 1aaSL7-0006EX-CS for cfrg@irtf.org; Mon, 29 Feb 2016 19:14:37 +0100
Received: from 66-87-139-92.pools.spcsdns.net ([66-87-139-92.pools.spcsdns.net]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <cfrg@irtf.org>; Mon, 29 Feb 2016 19:14:37 +0100
Received: from eternaleye by 66-87-139-92.pools.spcsdns.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <cfrg@irtf.org>; Mon, 29 Feb 2016 19:14:37 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: cfrg@irtf.org
From: Alex Elsayed <eternaleye@gmail.com>
Date: Mon, 29 Feb 2016 18:14:30 +0000
Lines: 31
Message-ID: <nb21q6$flq$1@ger.gmane.org>
References: <8F1E4FEC-1FED-491B-BC6A-B00C27864414@gmail.com> <alpine.BSO.2.20.1512031055120.12629@natsu.mindrot.org> <21946846-1BFB-4170-8E8E-EC6A00BF3AED@gmail.com> <na6foq$s6m$1@ger.gmane.org> <B3F3C60C-8294-48D8-A572-59164DC5DD71@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 66-87-139-92.pools.spcsdns.net
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508 git://git.gnome.org/pan2)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/zyhI1dJgRT1sGBTrNTiAnPfUNhk>
Subject: Re: [Cfrg] Discuss/standardize Preview extension to AEAD abstraction?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 18:14:41 -0000
On Fri, 26 Feb 2016 11:39:57 -0500, Bryan Ford wrote: > Hi Alex, > > On Feb 19, 2016, at 2:20 AM, Alex Elsayed <eternaleye@gmail.com> wrote: <snip> >> However, this does leave some options regarding length-hiding on the >> table. >> >> For one, given an AEAD based on the encode-then-encipher paradigm with >> variable \tau, one can increase the length of the verifier arbitrarily. >> This permits essentially padding each message to any extended length >> and gaining that length as additional integrity protection. > > I’m not sure I follow the details of this suggestion - but definitely > agree that in general that there are several reasonable approaches to > length-hiding, with or without the APEAD property. Basically, for encode-than-encipher MRAE (such as AEZ), encryption works in two stages - encode (in AEZ, padding with a 1 bit followed by 0 bits) and encipher (actually running AEZ/AEZ-tiny on the encoded plaintext). The cool part is that, due to MRAE's property of depending on every bit of the input, one can exploit any structure in the plaintext to increase the effective bits of integrity protection - including the structure of the padding. As a result, every extraneous bit of padding used beyond the necessary is, in effect, an additional bit of MAC, with *no upper limit* - permitting length-hiding-by-padding that has the beneficial side effect of increasing integrity protection.
- [Cfrg] Discuss/standardize Preview extension to A… Bryan Ford
- Re: [Cfrg] Discuss/standardize Preview extension … Fedor Brunner
- Re: [Cfrg] Discuss/standardize Preview extension … Damien Miller
- Re: [Cfrg] Discuss/standardize Preview extension … Peter Gutmann
- Re: [Cfrg] Discuss/standardize Preview extension … Bryan Ford
- Re: [Cfrg] Discuss/standardize Preview extension … Alex Elsayed
- Re: [Cfrg] Discuss/standardize Preview extension … Bryan Ford
- Re: [Cfrg] Discuss/standardize Preview extension … Alex Elsayed
- Re: [Cfrg] Discuss/standardize Preview extension … Paterson, Kenny
- Re: [Cfrg] Discuss/standardize Preview extension … Salz, Rich
- Re: [Cfrg] Discuss/standardize Preview extension … Paterson, Kenny