Re: [Crypto-panel] PAKE Selection Process: Round 2, Stage 2
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Wed, 18 December 2019 15:28 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A03E41207FD for <crypto-panel@ietfa.amsl.com>; Wed, 18 Dec 2019 07:28:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ioB-uNw03y8r for <crypto-panel@ietfa.amsl.com>; Wed, 18 Dec 2019 07:28:21 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC94D120274 for <crypto-panel@irtf.org>; Wed, 18 Dec 2019 07:28:20 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id k1so1952940ljg.1 for <crypto-panel@irtf.org>; Wed, 18 Dec 2019 07:28:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I6VpCm+w8+qcgWfYoCmcV1vpIKkppb7dDDS5+UfO4Nk=; b=Tr3hGG3uvZQIXZN+KyiScipRp8xSihpHh8KMUarYtlLGy8Kk5/uBZfFxl2gsKzeafC LSLcAE/KWHejXh+lkNHDlsqXUQAVOsRcXzxgC/XYw2w+ZaziOrKyqaik3bUitz1IqcUK 2d3D3PWVLTxtlFg9EpwcmRsx2p1BvlPh+mXQL31MA0KrGKV7s568X1jW2si0tYG92Idi yCMXVOHVKnQAU2WYNP9KXeI7xH7+SjrmrrQ/C2ZZlpVFYpouJ72pJdaaQD23Z+GcjWjK bnMM1mt+sXi7Rf69iVHcxXWmWaoZ6sWf1gro9OByEqiq4WLPq4/Q+DNn+Z+U1TxEeVRy pb7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I6VpCm+w8+qcgWfYoCmcV1vpIKkppb7dDDS5+UfO4Nk=; b=oe2d2QY8BEZPaEFutGpPJ+KPtWnvDgx9PPFUx9eiRnMD2w81bFeBrgweX1VzBLR0kd W5ReLltM5/+TlbHDA2HIDLxge+pUTUeZWCwB03RrirkyjfZD0ugV3sLj2enQ4hxcznFt u/5H5VjJp9jFust7m80cR8cSV42dpoX9pRn+uK66jl8BvcUZNN2ynI5bg/APN1If0Yxh YuePhkk7esFvNNilA4b8fdM+VyEGMDKIAAWU4ffLV2h/lEYIpBjP1y5OXEz5aA7PODmo wsxByTkGXhj4aPn8WxOwin7ZAbjjvzn79/jjRip1vA3AEeYimPLiB7svcIPzS5vKRwsv osfA==
X-Gm-Message-State: APjAAAUHiGjLsHQFx6tRMsbvYVP7KhnvN1506+A2WDahdC7wE6ZyncAf 4lAfq1Tg+0wMQqpN3JJtliY7qnHNF6aLI+/pjEM=
X-Google-Smtp-Source: APXvYqwOiSz+lu8bsnLssodzVkvxgCyJ3t7fq7ibMpsbEZYR99iam+Wi8ilmJh3cHCHyNHbVvJFRkK/UOgeCP4kfPaI=
X-Received: by 2002:a2e:2a86:: with SMTP id q128mr2246956ljq.241.1576682898623; Wed, 18 Dec 2019 07:28:18 -0800 (PST)
MIME-Version: 1.0
References: <CAMr0u6=hOG1Jw_3iafiC+0U4F6OX6Dnx78+4zamk7GmdgvvfGw@mail.gmail.com>
In-Reply-To: <CAMr0u6=hOG1Jw_3iafiC+0U4F6OX6Dnx78+4zamk7GmdgvvfGw@mail.gmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Wed, 18 Dec 2019 18:28:11 +0300
Message-ID: <CAMr0u6mYg3np5vj-GNo4ZWccxQ5QMEmqTzzSJ_WcNU1Hf9NbPg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>, Hugo Krawczyk <hugokraw@gmail.com>, Hugo Krawczyk <hugo@ee.technion.ac.il>, Björn Haase <bjoern.haase@endress.com>, Björn Haase <bjoern.haase1@endress.com>, Benjamin Kaduk <kaduk@mit.edu>
Cc: crypto-panel@irtf.org, cfrg-chairs@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001891ad0599fc184c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/MHd-Wl3BmH7RN12oGNmLezxtEcA>
Subject: Re: [Crypto-panel] PAKE Selection Process: Round 2, Stage 2
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <crypto-panel.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 15:28:24 -0000
Dear Watson and Ben, Hugo, Björn, Now we're at Stage 3 of the second round of the PAKE selection process. Please provide your replies for the questions (related to your PAKEs) for Round 2 listed at https://github.com/cfrg/pake-selection#questions-for-round-2. Please do that until February, 10th and send your replies to crypto-panel@irtf.org. I believe that it will be good if you make your answers detailed enough, so that there won't be many additional clarifying questions from the reviewers. Best regards, Stanislav, CFRG Secretary пн, 9 дек. 2019 г. в 15:43, Stanislav V. Smyshlyaev <smyshsv@gmail.com>: > Dear CFRG, > > According to the plan of Round 2 of the PAKE selection process, additional > questions for all four remaining candidates have been collected from CFRG > participants (and Crypto Review Panel members) via crypto-panel@irtf.org . > > We've obtained the following list of questions: > 1) (to SPAKE2): Can you propose a modification of SPAKE2 (preserving all > existing good properties of PAKE2) with a correspondingly updated security > proof, addressing the issue of a single discrete log relationship necessary > for the security of all sessions (e.g., solution based on using > M=hash2curve(A|B), N=hash2curve(B|A))? > 2) (to CPace and AuCPace): Can you propose a modification of CPace and > AuCPace (preserving all existing good properties of these PAKEs) with a > correspondingly updated security proof (maybe, in some other security > models), addressing the issue of requiring the establishment of a session > identifier (sid) during each call of the protocol for the cost of one > additional message? > 3) (to all 4 remaining PAKEs) : Can the nominators/developers of the > protocols please re-evaluate possible IPR conflicts between their > candidates protocols and own and foreign patents? Specifically, can you > discuss the impact of U.S. Patent 7,047,408 (expected expiration 10th of > march 2023) on free use of SPAKE2 and the impact of EP1847062B1 (HMQV, > expected expiration October 2026) on the free use of the RFC-drafts for > OPAQUE? > 4) (to all 4 remaining PAKEs) What can be said about the property of > "quantum annoyance" (an attacker with a quantum computer needs to solve > [one or more] DLP per password guess) of the PAKE? > 5) (to all 4 remaining PAKEs) What can be said about "post-quantum > preparedness" of the PAKE? > > Please let the chairs and the Crypto Review Panel members know (before > December, 17th) if any questions (collected via crypto-panel@irtf.org) > have been lost or misinterpreted (or something needs to be added). > > Best regards, > Stanislav, > CFRG Secretary >
- [Crypto-panel] PAKE Selection Process: Round 2, S… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] [Cfrg] PAKE Selection Process:… Watson Ladd
- Re: [Crypto-panel] [Cfrg] PAKE Selection Process:… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] PAKE Selection Process: Round … Stanislav V. Smyshlyaev
- Re: [Crypto-panel] [Cfrg] PAKE Selection Process:… steve
- Re: [Crypto-panel] [Cfrg] PAKE Selection Process:… steve
- Re: [Crypto-panel] PAKE Selection Process: Round … Stanislav V. Smyshlyaev
- Re: [Crypto-panel] PAKE Selection Process: Round … Björn Haase
- [Crypto-panel] Fwd: PAKE Selection Process: Round… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] PAKE Selection Process: Round … Stanislav V. Smyshlyaev