[Hipsec] Using cSHAKE for ORCHID
Robert Moskowitz <rgm@htt-consult.com> Thu, 22 August 2019 21:11 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1219412012A for <hipsec@ietfa.amsl.com>; Thu, 22 Aug 2019 14:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BgtFXysxyfJC for <hipsec@ietfa.amsl.com>; Thu, 22 Aug 2019 14:11:28 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B427F1200A4 for <hipsec@ietf.org>; Thu, 22 Aug 2019 14:11:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 6973A6210F for <hipsec@ietf.org>; Thu, 22 Aug 2019 17:11:27 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8orznCtzjgMG for <hipsec@ietf.org>; Thu, 22 Aug 2019 17:11:25 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 832E460964 for <hipsec@ietf.org>; Thu, 22 Aug 2019 17:11:23 -0400 (EDT)
To: HIP <hipsec@ietf.org>
From: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <5778180d-eee9-7979-5bae-e144ba68c5ac@htt-consult.com>
Date: Thu, 22 Aug 2019 17:11:15 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/4o6el7MaEG5Fq6U3vrd5ZxWyP3g>
Subject: [Hipsec] Using cSHAKE for ORCHID
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 21:11:31 -0000
I am working on a new set of crypto for HIP. This is to take advantage of advancements and hopefully make things better in small things. I have been looking at FIPS 202 and NIST 800-185 for the new hash and MACing. In particular SHAKE and KMAC. Right now, NIST only specifies b=1600 for the KECCAK function under these, but b=800 is also possible and for SHAKE128 and KMAC128, b=400 is also an option. I have informally heard that NIST is working on how these smaller sponges can be used where appropriate (small things). But let's ignore the sponge size for the moment. In my reading of RFC 7343 and cSHAKE for 800-185, we could replace: encode96(sha256(Context ID|Input)) where sha256 is from the OGA ID with cSHAKE128(Input,96,"",Context ID) I invite others to look at 202 and 800-185 and see what I am talking about here. For Hierarchical HITs it changes to: cSHAKE128(Input,64,"",Context ID) Though where Input is only the 32 bytes of ed25519, I need to research this more for overall strength, but 202 seems to say that it does work well with very short inputs. Looking for other's thoughts on this. Bob
- [Hipsec] Using cSHAKE for ORCHID Robert Moskowitz