Re: [COSE] [jose] HPKE PartyU / PartyV
AJITOMI Daisuke <ajitomi@gmail.com> Fri, 22 March 2024 23:35 UTC
Return-Path: <ajitomi@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9030DC151083 for <cose@ietfa.amsl.com>; Fri, 22 Mar 2024 16:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jcDZIV8JLcEs for <cose@ietfa.amsl.com>; Fri, 22 Mar 2024 16:35:44 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B13BC14CE51 for <cose@ietf.org>; Fri, 22 Mar 2024 16:35:44 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id 3f1490d57ef6-dc6d8bd618eso2721692276.3 for <cose@ietf.org>; Fri, 22 Mar 2024 16:35:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711150544; x=1711755344; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ApcTvqq2eVoCBMJnBjTfWHOQ3mii/Ut/stsLFWkytkw=; b=BJZ+VO39SS1DqDdUc8j72wYLUvoOK5t7TY9e1ajPcozFXBwdbTbKNRQdCCUfby5Js7 9cSY40HgF3FfWzlhNvlqGyID026KjLGARp8EgdiSE7v5y7V95CpAWRrYWEhN4pt8WbX+ a9BidZA251NFauy8Cjl6JjCCmVTqilMBC4BEs5DNaU4LHei2VYOl2PayWULXINEaEAwq jMAiPxnnTzcmip4EVLRHGPG6BslgrmukLDvaPaILYUeSdA9UNVmdNnOXC4IpgLfvQ19n tcADO/IRvD28EBz++AygBwPCaoN7jD1ExuBpJ3gbQL7KyuSzYPNdE/OGdxVaddgxvoLv DXJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711150544; x=1711755344; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ApcTvqq2eVoCBMJnBjTfWHOQ3mii/Ut/stsLFWkytkw=; b=hmPENOxsEK5r2/H8iyVg0ACexD94SKlGQ+IHjMyMPviEa4K9fD0I5a2y5iYwOvY5QF WBtZJojqxlSSIx35Q/+0FyuNeRF1SqnEB7+y5lb5cCThsjcCf6lstm6z57H2fqetCCHq 2OFC8iMaIrULA5i+RBCXodaSB1cdSmhZejvyFuZuyrLfOhexdpl9VWBBL6nX18tb3m2D HnEn36M0h1MzWyGQe4dZNccLHbKrRwBFJ3Or8rtrWjLQtm/8+mCqEJUe7jei27gKXfQ9 7eK9K9NUKxdf9+bcj+ekd/af2CDpUHu3fAu5ykVwd/+V8x4q2FOLsKoujhtM9wsvF619 DFPA==
X-Gm-Message-State: AOJu0YyWkXounsNTxV0StjNqwBHjUlSJ0eWutYW/lm/9aP2qp00hCRFt mXTAVPatxSnDWOqypPbfRZY2YfLuO1XWCHWB1yBzKFdYqyDLyvyy0vSsglh11Ojed0OU/0kzwnS gv9ZM/KQejjtJDCg0hUUIZhXrKw==
X-Google-Smtp-Source: AGHT+IGKimWwsi4ff/BCd8epeYoSPj9jBNLyG+bxeoKjHyWs3yKj4lWMYmLRt1OVngRv1X/tgR13+SwRvFdsfUZsPJE=
X-Received: by 2002:a25:2fc2:0:b0:dc7:48d7:9ed8 with SMTP id v185-20020a252fc2000000b00dc748d79ed8mr795331ybv.20.1711150543611; Fri, 22 Mar 2024 16:35:43 -0700 (PDT)
MIME-Version: 1.0
References: <Zfa0cauyJ0n2uRkI@LK-Perkele-VII2.locald> <CAFWvErWGBVHJp5gDfTQdxSsQKpkFcnw34kbKiadgqXB6ewX==g@mail.gmail.com> <Zff4A40zh_--tIWr@LK-Perkele-VII2.locald> <CAFWvErUaa4hxNmM82HY9mU6TyvWsh-5zAtDXO4r4qoqEfvxwOA@mail.gmail.com> <3732594D-ECA8-4BA3-9CFC-4E4E6E88D13A@island-resort.com> <CAFWvErXkcV8prWVTF=VLRZtin9wA1Z8+DPkopQxvDzqTepZ1ZA@mail.gmail.com> <A1D2BF92-68FE-4E67-A420-D19D55AD6C99@island-resort.com> <CAFWvErWo11A--1Nkkv8p7JkF+xCPD66hVxJa8CTU+nO74cbCrA@mail.gmail.com> <2FC023C9-9091-4C9C-A2C7-350945C04B23@island-resort.com> <CAN8C-_KgZmFMkg_GsF0YgzgS+jCJKWAOZdytZKVwgbirrDUc_Q@mail.gmail.com> <Zf1jjGx2ZimgRqAD@LK-Perkele-VII2.locald> <CAFWvErVR6CSTd6bxRyTXWpib3jyjOWwdvDnprBOwPSed8GSDVA@mail.gmail.com> <B9B41D94-6708-491B-8551-5D504B8D8339@island-resort.com>
In-Reply-To: <B9B41D94-6708-491B-8551-5D504B8D8339@island-resort.com>
From: AJITOMI Daisuke <ajitomi@gmail.com>
Date: Sat, 23 Mar 2024 08:35:32 +0900
Message-ID: <CAFWvErWKs0gzfvPymsOGfQXjMuAQRUJNaodvVfAbUWiwbuNMwg@mail.gmail.com>
To: "lgl island-resort.com" <lgl@island-resort.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004f338d06144848f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/jP71wj0UVjyw4JRIE9-X0Fagqxw>
Subject: Re: [COSE] [jose] HPKE PartyU / PartyV
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 23:35:48 -0000
Laurence, sorry, I just want to understand why next_alg can protect against the lamps attack to two-layer COSE-HPKE. Unfortunately, currently no algorithm that takes a key (as opposed to > giving a key) can protect the algorithm at next layer. Ilari, I interpreted what you said as meaning that there is no algorithm for encrypting (wrapping) the layer0 keys at layer1, including COSE-HPKE, that can prevent the lamps attack. Am I mistaken? If I was mistaken, could you tell me how the next_alg can specifically protect against the lamps attack to the algorithms that takes a key? > Could you tell me specific attack methods or threats? This is the question I posted previously, and I found a threat myself. I thought there might be a slight possibility for a lamps attack to succeed if the victim can accept both A128CBC and A128GCM as content encryption algorithms at Layer0 and uses the same CEK for both algorithms. However, the next_alg is only bound to the key wrapping the CEK and cannot affect the CEK itself. Therefore, it doesn't seem like a meaningful measure since it can't limit the reuse of the CEK. Am I missing something? Daisuke 2024年3月23日(土) 7:01 lgl island-resort.com <lgl@island-resort.com>: > > On Mar 22, 2024, at 6:44 AM, AJITOMI Daisuke <ajitomi@gmail.com> wrote: > > Unfortunately, currently no algorithm that takes a key (as opposed to >> giving a key) can protect the algorithm at next layer. > > > Ilari is talking about algorithms like AES Key Wrap, not what HPKE Seal() > provides and not ECDSA. > > I agree. The content_encryption_alg (next_alg) cannot be a countermeasure > to the lamps attack on KAwKW(-29, etc.) and two-layer COSE-HPKE. > > > next_alg (or better content_encryption_algorithm can be used to protect > COSE-HPKE and probably also protect -29 if applied correctly. > > Of course, it is effective against the attack on direct KeyAgreement (-25, > etc.) and I think it's much better than COSE_KDF_Context. > > I believe what we should consider is only whether non-AEAD algs should be > prohibited at layer0 or not. > I think it would be better to be prohibited if possible. > > > Daisuke, it looks to me that you are the only one that continues to argue > this. Also, nothing you’ve said has created any doubts for me. > Respectfully, I’m not going to respond to your arguments any more unless > something very substantially changes. > > LL > >
- Re: [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Neil Madden
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke