[core] OSCORE at Eurocrypt 2024

John Mattsson <john.mattsson@ericsson.com> Mon, 17 June 2024 07:49 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB78FC1D5C7D for <core@ietfa.amsl.com>; Mon, 17 Jun 2024 00:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.11
X-Spam-Level:
X-Spam-Status: No, score=-0.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.999, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RkAu7Kd6EWKx for <core@ietfa.amsl.com>; Mon, 17 Jun 2024 00:49:04 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2040.outbound.protection.outlook.com [40.107.15.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1410EC1D5C6F for <core@ietf.org>; Mon, 17 Jun 2024 00:49:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZqinaTamwMlwJdl/1cU+y0auuq92dbPI/BPbDoO3ryPAwr7E2U4JfW1VpBoXMJREpAnvz8qn2VZ21POnfCPfqTJuWUXp0KDDpu+G3W9W/AKcNpOM3fbFln2E4E1Ai1ykKRStVRsyItmJBxto6vqjn8V4qIwefkYWi7CNlLkVRcqMGfjvtuH6152XlmwYubci6q6cLWuzdSKfeQjv44vL89u8QOZsDaVXX86NbtAgd6LLGkFtxis5Yrk6unmAuIDMfFV/BQKwlTSbgotcoy8UPO+lWxcsHhS3y6behTkQXHbgYSOOzkkHn6VIEzNk6tiaIp7Yhm3Wjg0s/lsOEkpEIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sfwgRTludPdH3syag7iUbSB//ckJeHQgG/3Q9PwB8eE=; b=Jjg/HEcWie0ZFbSzwud1jy2AUr0TzHah4v4lFd+2atGZyr0T1UxqDlCaTtH26CwvgOI080FlTMq4IDaoCWewAldTyGUrN6ElkEhHKL3MClYbZ5ebIkSgfuTi8zI4wx65fOk5jGEEutm3RoImzauE/I2exsdD5bbZq7cwbSifYhS4OROMn4TIdc04XwiuEbSK2/rBQeMqX46iwWHXTHxrjpV/V1BeqRjme/bVZANC0r9PndjvpWzqWuo5m+3sL17v7Rg1bdfyiC64woWZqIcW1XNAtZ1UqiaCT/JzLXEb0o1UeJyjSuEIAmJU8CT8C3zoENVM+740y+JxGcuVZCXvDg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sfwgRTludPdH3syag7iUbSB//ckJeHQgG/3Q9PwB8eE=; b=MiJ0U5S2l8vBLNQmH/zN2T+OWhmG87EIPsXUkUzTiQsESSo8PfZeUQpoidwhaM3ZPLv44Br2skOebKAKpQVdtff6oLVmal/VIvNK4gzYweQCwKliiePKGhtNPpITTisxxRakkU+3hv5vDk+kalJvbGQ2FPTZJXcCElk8aSDFl3zQSMoviVkbWq2vq6y1QnS6HU+AGNvDXwBakKh1PXYuPduJAVGv4jFHR0dtW9Z6EuXybrEDAPQxrGsxuiN2wJovtAOm7CbITdXmsPwSsBbsKiEbHYmThAzqThcIfcXNMf895gDBTiFQqnznuKVqMBGFjBqv5LzzcqIsNucTIEZUvw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PAVPR07MB9285.eurprd07.prod.outlook.com (2603:10a6:102:315::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.16; Mon, 17 Jun 2024 07:49:01 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.7698.014; Mon, 17 Jun 2024 07:49:00 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: OSCORE at Eurocrypt 2024
Thread-Index: AQHawIo7wVLBAiN1LkGM8qTymP9sgA==
Date: Mon, 17 Jun 2024 07:49:00 +0000
Message-ID: <GVXPR07MB96789D2F8A63EE4A8564E93F89CD2@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PAVPR07MB9285:EE_
x-ms-office365-filtering-correlation-id: e1f4abb4-c411-451c-a00d-08dc8ea1f392
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230037|376011|1800799021|366013|38070700015;
x-microsoft-antispam-message-info: dx3SUwD2S5EfGl+v2QLCRBaSjS2F/2dKOOs+lNe4mGnPNJYJK+FFkvUxFDNyr3V75qttWPw9u7380Eb/oK6YXRwM/ktqqUmNGqf1dbfrutlHq5yGomEv00e/igBnlnLlXiN1ErpqK7S5I+1oxke/KZvDTDgy27Qua2i9Gorhw+X44oQpkTvMUjcfITpKSbD0Y8r2aV33HPCVeBWB3RHfyfyZ+hHlh9JRfvQGeaF0RZuZN5EhW3X6dbFMTZP1GB2wKxlNnG2fOrUaN0HFV2fQrzJ/1Z4IWs6i1Q8iUh2qhgQJry4O76secoB0DzjNwE6eoSp/dzTlKCbGuKB2GGPHh1rh5WLi7ql3G+kXmCa1merHUVLjzlq1oZ/AM6S9GlMFvWdsRnwytX0vFsXgiwTxyPXaHGeLak3NSeHQJqUdh1eNbX63yakmOaPhQF5eQIE3svw1Ky0U/eiUt0kfLLWhk8ReCgH771w1WD+UUp8c6WUcc+CkYu1L2Cu7V8i70UQhDV4E8jUNYrVK56dYfYv5VRPvPIBtmx12DvYNzm48a2arVa+8mV3IDEx9ZhfH34UeCxBbL569r36fiwFfoKI/ujE1ZS53Yz/otRWsyDCspUfVuEjqa1G1Qjdv4RPMVtOJoybtlKhWlgnbBN5VWJTCdngbhKD39aJUhK9OKQusjxUqrXzRznwvDoav6ULqb+/94oS8E0PAuJhPPUvVnfbE+WM5vAzY7M0AyCR5e0vk9T686Oeq9TrzLZQ9Vxz/GN43Fr/kRFPKx54Dd7S+31RbISBbGl0h5apcrY9+Ah+gOKwBLg9RbbYcxjAsA559UXKlkvJh7EO7QftRD9glKik9+nD7wQcHgVMpstTRbe4XFjvQnX/ixpsRO9RcbM/1rtBMsuapVLG1hSdnkrpDMaXOHjtBN0Q9WFE+ygEelZ/K0A+XTZbw+axN7VPSA8F0tnFlwZsSOln5ro7dBd0QgZXP4N0UEOIZGxAZEQysa932r1pUlAL+dQNDk7zYKdc/1lITw01w8kCKFAYOqWFmaPaSQTInBsqcccRltIU7mc5gDwkYNVKwh/ZKGMg/xKDUAJhC+dhBaNJhUD5IOCs9mL4SyejnAziqgN268jhlKJD4n/iB7hPBaaqnWTwVwTyR7+RmfBNj5Q0rbIhb905itvyrJ/LHq7wsc4d5RsrFVELAa/DhayAgf5t8E3MQipbYFzbCHhnCn1Q+UswRvjzxJVat+rw9CJq0EkfRHKDaDVVmQDD8yxSnerKqA7jiY52hKMlkXCunyuxJau2wntWzhoRHTjHe7eu9snsJUhTlXZZ3G0AdWDPIYUfGHOtCTEYKTi+Y
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230037)(376011)(1800799021)(366013)(38070700015);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Vz4m5x0BVR6HRpHuC8sry9Q0vocHjDrpSaXsfRv3fJcIkyryvJl8nIzVo01RS8G7/Uday8A4X1agNf0F88O+owIC0kDc7u5vACZD/fpK/I00k+YM3YvxfZywpFMWmomJBLdUsKvtBMc655nauk8Vua9y6FStMLdP9KSUH6cc0URAlUuY8zvWVVoVeBH5uHC115NKkylvl2DrTiXc+ijin/9nzz9wFqF+SeWB8cfiQBDXddC0aozs4z+b4HskFjnRrdEE/toRwlZ8E887caVv9lrCCmGDLcfZs5Iv0Wsgaglc7tlzY5ERHCzTLrfDvnphsj4i+bT++ix44bjdLknb6Bcx/0bUPDCbRmmcB0FCNOghRgv1t0hXjo1S75c+izhW7UJhIof4QQEU/MBUtEr+cmTa4G6K8iYKccp89LIdMGRi3t+C4BPnuD0WojyFSlHTwGLM45c4p9fBNPLK3Ar1aTPyYS4MKh0itLWv3MH4Ab/RkPBoq7RGmIHX2aNSkaqhpjH299txk3AiJ+rLnMc9sbeNOqTMvic8jxCRwCiuqSEuFxpJzaE+FZ8WdqZEPt+x5kLRAC9SKOPcSANoMrpoZ6l+oSskYB1PYAHo7fnZ8PJZYGhoxYcXGS2YDyCMHWUg1OQ7ihjfCRG5wZWrAvN+qBBfCEwZ5U5xWK38PzfmuSxLsLZAp+KlC+tyg7lFOmx0LdCobdxCBLnZRTXxc/EqLefEVFJXWMLnyEEHTInov8CdeybcmwC4oYW+/nTG8QhdJ24DxB/2RYPCteEGs4VLKEZluofPIYbNqWI1fDSSDSJFdfwQvflwyyfJ0jJUVoyjjWewgw0e31CeKGxbSYm39L51ITqHMLp+ZE51wxtW8cN5WeovViUq56Bb8AMyq5cGud2FYfuoteVW4z4mTcUoTeDFPMnzwba4FfSyZiPy4d/GOoHmxMtbQuVHmpXHTpOWDbbIGkoP8P/jbjocO98Fz+noEbXkHQAzx4VFd9fPDXrtLx4Kyjub+XGOuq8oI6Ky5dA01NmUZCKVZUT3zfI9rejha3iLRwEC6uoMzKOTHanM/th569K0f8Jq8qrdTLKKFPExasZnOhcCN9ol0RISc8FVlNMHLE1xGGIUvD3uUOmB4bdun6+CDFtV7HsG/pGar12MN/pWKURUmANqxam8jZ7b/Pb1rUYgmV+cFcMkVHe6eNyjM3PpuDy1nOy1AU3hLGnpDj6XuCFHzwPM8ybM8zrPAq6mQa7HkiHDOlpCJF/BYybxHe/efmvGQSGgFmGIThNHlavLXtfJ7sfemNd7LN4pNujiF0/nJ6Nf+SE7lOdibpIpxWoCmGvQ+yo5Ijg09Wq6TqyXJ4jaC0u/NlFA3eLMwfxEG8cwG65DMPQbTuakYWsQ2W43i2lhsAya0r2IG9+0jjqdG6rOkADbGTlhh12aYt1AYRwN4HC4oEtmL7eB2NQIzbYkwSbysZ2fx4mnbxyObldYtmNm0RB8j6eyIBbZj9YBK8Bb2DDH6FH4wv+CbMVblb9rex3EMoNIhVPhQaSAfkR5cHIv+7tV9QcA8t3n1uo/M2S4iGZp79VYShRT3Tgag7zJ61qeMmiR+sIOguN7gsm4MjTg/epKscPkSw==
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96789D2F8A63EE4A8564E93F89CD2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e1f4abb4-c411-451c-a00d-08dc8ea1f392
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2024 07:49:00.6931 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BuhXevhveB0MdiaSVgokGYhht0udzFYYcZwkvLuxolEk8uAT2rEth2telvZAUr3YWvA8cSbE20lnPAoCXvJgm1pCBnZEWhNhnOGj5ehPZqM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR07MB9285
Message-ID-Hash: JIL44AOTJWEZK42VNBP672V7I3MQKAHM
X-Message-ID-Hash: JIL44AOTJWEZK42VNBP672V7I3MQKAHM
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-core.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [core] OSCORE at Eurocrypt 2024
List-Id: "Constrained RESTful Environments (CoRE) Working Group list" <core.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/OTMaqI2GTmJG8JmgRlMYCblJHxo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Owner: <mailto:core-owner@ietf.org>
List-Post: <mailto:core@ietf.org>
List-Subscribe: <mailto:core-join@ietf.org>
List-Unsubscribe: <mailto:core-leave@ietf.org>

Hi,

I attended Eurocrypt 2024 and participated in a panel on standardization at the Cryptographic Applications Workshop
https://caw.cryptanalysis.fun/

OSCORE was discussed two times:

- Two-party OSCORE was mentioned during the presentation of "Hiding Protocol Metadata with Fully Encrypted Protocols" where is was questioned why OSCORE is not hiding more data and metadata. I think we are clearly moving in the direction that everything that can be encrypted should be encrypted. A problem with encrypting e.g., sequence number is that it only helps if all other fields such as key identifiers and network addresses are encrypted or randomized.
https://caw.cryptanalysis.fun/assets/pdf/feps-caw24.pdf

Nonce hiding and variable ciphertect expansion (padding) will also be discussed at the NIST Accordion workshop. NIST is planning to standardize tweakable variable-input-length-strong pseudorandom permutations (VIL-SPRP). With such a primitive you can design derived funtions taking care or nonce-handling and replay protection. By using encode-then-enchiper, sequence numbers and integrity protection can be combined, lowering message overhear. I think that could be very useful in future constrained IoT.
https://csrc.nist.gov/Events/2024/accordion-cipher-mode-workshop-2024

- Group OSCORE was mentioned during the presentation of "WhatsUpp with Sender Keys?". The authors did not know about Group OSCORE but seemed very interested. More analysis of Group OSCORE would be very welcome, it is actually a much more complicated protocol than e.g., EDHOC. I think it would be good if CORE WG reached out to these (and other researchers).
https://caw.cryptanalysis.fun/assets/pdf/Sender_Keys_Presentation_CAW.pdf

Cheers,
John Preuß Mattsson