I-D Action: draft-gueron-cfrg-dndkgcm-00.txt

internet-drafts@ietf.org Mon, 15 April 2024 19:13 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-gueron-cfrg-dndkgcm-00.txt
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171320843887.5817.1694970003862415622@ietfa.amsl.com>
Date: Mon, 15 Apr 2024 12:13:58 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/uv4ZPaYdgecw99s1_U6QCTD7DyE>

Internet-Draft draft-gueron-cfrg-dndkgcm-00.txt is now available.

   Title:   Double Nonce Derive Key AES-GCM (DNDK-GCM)
   Author:  Shay Gueron
   Name:    draft-gueron-cfrg-dndkgcm-00.txt
   Pages:   28
   Dates:   2024-04-15

Abstract:

   This document specifies an authenticated encryption algorithm called
   Double Nonce Derive Key AES-GCM (DNDK-GCM) that operates with a 32-
   byte root key and encrypts with a 24-byte random nonce, and
   optionally provides for key commitment.

   Encryption takes the root key and a random nonce, derives a fresh
   encryption key and a key commitment value, invokes AES-GCM with the
   derived key and a 12-byte zero nonce, and outputs the ciphertext,
   authentication tag and the key commitment value.

   The low collision probability with 24-byte random nonces extends the
   lifetime of the root key and this supports processing up to 2^64
   bytes under one root key. DNDK-GCM involves a small overhead compared
   to using AES-GCM directly, and its security relies only on the
   standard assumption on AES as a pseudorandom permutation.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-gueron-cfrg-dndkgcm/

There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-gueron-cfrg-dndkgcm-00

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

I-D Action: draft-gueron-cfrg-dndkgcm-00.txt internet-drafts