Re: [Hipsec] [Tm-rid] Fwd: New Version Notification for draft-moskowitz-hip-new-crypto-04.txt
Robert Moskowitz <rgm@labs.htt-consult.com> Fri, 24 January 2020 19:54 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45A8512087B; Fri, 24 Jan 2020 11:54:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOWmx0UbW2AP; Fri, 24 Jan 2020 11:54:44 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4042612011E; Fri, 24 Jan 2020 11:54:44 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id C9E066211C; Fri, 24 Jan 2020 14:54:42 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7BZfUdFym79R; Fri, 24 Jan 2020 14:54:35 -0500 (EST)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 7BF5860029; Fri, 24 Jan 2020 14:54:33 -0500 (EST)
To: Michael Richardson <mcr+ietf@sandelman.ca>, hipsec@ietf.org, "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <157979422864.22806.5435940336310786424.idtracker@ietfa.amsl.com> <2e4a29e3-e4ca-22f4-ec50-105e53359b41@labs.htt-consult.com> <CADZyTkn48RWo+rvza=DFsY4RU3=nTNv+6VuBSvFLXqF53xC6eg@mail.gmail.com> <0c9949d8-2d37-b1f7-eb53-84f200897ebe@labs.htt-consult.com> <20397.1579891309@localhost>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-ID: <6151332c-8575-384b-b007-9c517d0e3f1d@labs.htt-consult.com>
Date: Fri, 24 Jan 2020 14:54:26 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <20397.1579891309@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/Qrx4kgHm8NAhc7BwFNYBb4Z7L9M>
Subject: Re: [Hipsec] [Tm-rid] Fwd: New Version Notification for draft-moskowitz-hip-new-crypto-04.txt
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2020 19:54:46 -0000
On 1/24/20 1:41 PM, Michael Richardson wrote: > Robert Moskowitz <rgm@labs.htt-consult.com> wrote: > > I would actually like to make a presentation at SAAG about KMAC as a KDF and > > why the IETF should incorporate it. > > > SP 800-185 was published back in Dec 2016. This clearly shows how to use > > KMAC as a replacement for HMAC. Many in the security community 'rejected' > > SHA3 as only marginally faster than SHA256. They missed that thus KMAC is 2x > > as fast as HMAC-SHA256! > > I guess you saying that KMAC does not require two passes of the underlying > hash when used with SHA3? Or is it in general? KMAC **IS** SHA3. Or rather both are based on the same Keccak function. First look at FIPS 202, sec 6.2, for how SHAKE is constructed compared to SHA3. Then 800-185 and how cSHAKE and KMAC are functions built on SHAKE. So in terms of computational costs KMAC and SHA3 are very close. It is really a more a question of how the bit stream is fed into the sponge and then how bits are squeezed out of the sponge. And that is why not needing two distinct passes. The sponge is inherently two passes. First the sponge absorbs your bit stream, then squeeze out bits as you need them. See figure 7 in FIPS 202 on this. Perhaps the difference between HKDF and KMAC as a KDF is how other info is fed into the process. In HKDF, there is other info in each step of the process. In KMAC all bits are absorbed before any squeezing. And you squeeze out all you want before using it. See fig 1 in Sec 5 of 800-56Cr1 and compare it to the above fig 7. Hope this helps. Bob
- Re: [Hipsec] [Tm-rid] Fwd: New Version Notificati… Daniel Migault
- Re: [Hipsec] [Tm-rid] Fwd: New Version Notificati… Robert Moskowitz
- Re: [Hipsec] [Tm-rid] Fwd: New Version Notificati… Michael Richardson
- Re: [Hipsec] [Tm-rid] Fwd: New Version Notificati… Robert Moskowitz