[hiprg] More thoughts on HITs

Robert Moskowitz <rgm@htt-consult.com> Fri, 02 July 2010 20:34 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EEC53A6822 for <hiprg@core3.amsl.com>; Fri, 2 Jul 2010 13:34:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.781
X-Spam-Level:
X-Spam-Status: No, score=-1.781 tagged_above=-999 required=5 tests=[AWL=0.818, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6lOjbj39LLD for <hiprg@core3.amsl.com>; Fri, 2 Jul 2010 13:34:37 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 4949F3A6849 for <hiprg@irtf.org>; Fri, 2 Jul 2010 13:34:36 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 339EC68B56 for <hiprg@irtf.org>; Fri, 2 Jul 2010 20:26:24 +0000 (UTC)
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mFn3FWoCA8H for <hiprg@irtf.org>; Fri, 2 Jul 2010 16:26:15 -0400 (EDT)
Received: from nc2400.htt-consult.com (h155.home.htt [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 1CD4768B53 for <hiprg@irtf.org>; Fri, 2 Jul 2010 16:26:15 -0400 (EDT)
Message-ID: <4C2E4D4D.4000604@htt-consult.com>
Date: Fri, 02 Jul 2010 16:34:21 -0400
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: "hiprg@irtf.org" <hiprg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [hiprg] More thoughts on HITs
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2010 20:34:38 -0000

If you look at what Tobias, Miika, and I had to do with HITs to 
accomidate hash agility.

Now look at how I am constructing HITs for HIP DEX where I do not have 
ANY hash function.

This got me thinking about the whole - reduce a Host Identity down to n 
bits to stuff into IPv6 address.  Hashing with SHA-1 was a 'simple' 
answer back in '98 when I created the HIT concept.  Now I am rethinking 
this.

Is there some other way that can be consistant and independent of the 
hash so there is one construction method for HITs and only the public 
key algorithm and maybe curve parameters for ECC need to be encoded in 
the HIT?

Think about this.

With ECDSA and ECDH, the public key is exponentially distributed.  A 
random distribution is the power of the generator.  Is there any way to 
work out the distribution of the lower 96 bits of a P160, P256, and P384 
curve?  Is a simple truncation to take the lower 96 bits going to 
produce a randomly distributed set of values?

And what can be said about RSA and DSA public keys?  Anything there?

Let's see if we can find some or get someone to make an analysis on this 
and come up with a different construct for HIT generation.

What properties beside collision resistance do we actually need for 
HITs?  What are the issues?

Getting some answers to this over the next couple months might make a 
significant difference on what HIP-bis looks like.  It might also have 
an impact on hierarchical HITs and HITs not from Public Keys (like RFID).

I'm not good enough at the math to work this out.  Any takers out there?