Re: [IPsec] New Version Notification for draft-nir-ipsecme-chacha20-poly1305-02.txt
Yoav Nir <ynir.ietf@gmail.com> Mon, 31 March 2014 13:10 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 002FF1A0863 for <ipsec@ietfa.amsl.com>; Mon, 31 Mar 2014 06:10:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6P5Hc7Sqnbe for <ipsec@ietfa.amsl.com>; Mon, 31 Mar 2014 06:10:45 -0700 (PDT)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD181A0961 for <ipsec@ietf.org>; Mon, 31 Mar 2014 06:10:44 -0700 (PDT)
Received: by mail-wi0-f178.google.com with SMTP id bs8so3271182wib.5 for <ipsec@ietf.org>; Mon, 31 Mar 2014 06:10:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=fN36PUo5tWmIccxCrCL012AkTm8GW96W+OHoQ20NDMg=; b=PgZD14uJ/UlsrNv55JJMoOAsbPOtiibpVvyo3fQysMAL71B1rIIuAFbVdNbFztl5pE z58r5YK46XaSEIwg1gwk65diB3Hgla2cfBi7I3m+LUHH2UZVaDo5U6bKIxtryI++5WUa zlVLO103ftKNxo5cRVYQ68Cxb0wIUMMSCT2eTR88aHdc9WxSkCnJ47DsyILgNR/fDo1P vsXkd1Tr9wWdxBAtyK8lZsNxyL5mYLJP3WVMGnjpyfzTcZoVR6fddXDHfotkT5ciwq62 lQIJSk1JXfr094mU7TliigIVtIOWNz8yqG1i0mCtGtd5ZAMo6CmTesdUZaodAuFRfX32 P2Qw==
X-Received: by 10.194.92.228 with SMTP id cp4mr3633288wjb.81.1396271440448; Mon, 31 Mar 2014 06:10:40 -0700 (PDT)
Received: from [172.24.251.171] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id h47sm32985732eey.13.2014.03.31.06.10.38 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 31 Mar 2014 06:10:39 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_F2763E66-9877-4FAA-A93F-A9C06515CE0E"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <5339247C.2030609@gmail.com>
Date: Mon, 31 Mar 2014 16:10:36 +0300
Message-Id: <8937C931-1578-43F8-8ABE-B0AFAB98434F@gmail.com>
References: <20140331064443.17420.20177.idtracker@ietfa.amsl.com> <AD4EAEE1-5B47-4D7B-8E87-D4906F0AD8D6@gmail.com> <5339247C.2030609@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/IavRT_jdPVgpcZHPVrdbqOnaUNA
Cc: ipsec <ipsec@ietf.org>
Subject: Re: [IPsec] New Version Notification for draft-nir-ipsecme-chacha20-poly1305-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2014 13:10:48 -0000
Regarding review of Poly1305. There’s DJB’s paper: http://link.springer.com/chapter/10.1007/11502760_3#page-1 Wang, Lin, and Wu, A Variant of Poly1305 MAC and Its Security Proof: http://link.springer.com/chapter/10.1007/11596981_55#page-2 (and a few more from the same authors) Procter & Cid, On Weak Keys and Forgery Attacks against Polynomial-based MAC Schemes, http://eprint.iacr.org/2013/144.pdf Handschuh & Preneel, Key Recovery Attacks on Universal Hash Functions Based MAC Algorithms, Do a whole bunch of articles that say “Poly1305 [some-number] is a secure MAC algorithm. Now we’ll talk about something completely different” count? So while there are few papers addressing Poly1306 itself, there are plenty addressing MACs based on universal hashes, and giving Poly1305 as an example. Yoav On Mar 31, 2014, at 11:17 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote: > Thank you Yoav. My personal responses below. > > Also, I would like a comment from someone in the know: ChaCha (or at least its cousin Salsa) has had extensive cryptographic review, including an open competition. I am not sure the same is true for Poly1305, can someone enlighten me? > > Best, > Yaron > > On 03/31/2014 10:12 AM, Yoav Nir wrote: >> Hi. >> >> I’ve posted a new version of the ChaCha20-Poly1305 draft. > > [...] > >> >> Comments are, of course, welcome, and I’d like to repeat my questions >> from the London meeting: >> - Should this be a WG item. > Yes, it's time we had good alternative crypto. >> - Should we apply for early identifier assignment > No, I don't see such a rush to implement. But feel free to prove me wrong. >> - Should this be extended for IKE (current draft covers only ESP) > Yes, we need alternative crypto for IKE just as we do for ESP. >> >> Yoav >> >> Begin forwarded message: >> >>> *From: *internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> >>> *Subject: **New Version Notification for >>> draft-nir-ipsecme-chacha20-poly1305-02.txt* >>> *Date: *March 31, 2014 at 9:44:43 AM GMT+3 >>> *To: *Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>>, >>> "Yoav Nir" <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> >>> >>> >>> A new version of I-D, draft-nir-ipsecme-chacha20-poly1305-02.txt >>> has been successfully submitted by Yoav Nir and posted to the >>> IETF repository. >>> >>> Name:draft-nir-ipsecme-chacha20-poly1305 >>> Revision:02 >>> Title:ChaCha20 and Poly1305 and their use in IPsec >>> Document date:2014-03-31 >>> Group:Individual Submission >>> Pages:7 >>> URL: >>> http://www.ietf.org/internet-drafts/draft-nir-ipsecme-chacha20-poly1305-02.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-nir-ipsecme-chacha20-poly1305/ >>> Htmlized: >>> http://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-02 >>> Diff: >>> http://www.ietf.org/rfcdiff?url2=draft-nir-ipsecme-chacha20-poly1305-02 >>> >>> Abstract: >>> This document describes the use of the ChaCha20 stream cipher along >>> with the Poly1305 authenticator, combined into an AEAD algorithm for >>> IPsec. >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission >>> until the htmlized version and diff are available at tools.ietf.org >>> <http://tools.ietf.org>. >>> >>> The IETF Secretariat >>> >> >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec