about security level evaluation of draft-zhou-6man-mhash-cga-00

zhou.sujing@zte.com.cn Tue, 27 March 2012 13:52 UTC

Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D612221F897F for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 06:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.046
X-Spam-Status: No, score=-99.046 tagged_above=-999 required=5 tests=[AWL=2.792, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id R+ng4MM9SvRD for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 06:52:36 -0700 (PDT)
Received: from mx5.zte.com.cn (mx6.zte.com.cn []) by ietfa.amsl.com (Postfix) with ESMTP id 4AFB621F88C8 for <ipv6@ietf.org>; Tue, 27 Mar 2012 06:52:36 -0700 (PDT)
Received: from [] by mx5.zte.com.cn with surfront esmtp id 122801320096835; Tue, 27 Mar 2012 21:16:32 +0800 (CST)
Received: from [] by [] with StormMail ESMTP id 34335.1881878302; Tue, 27 Mar 2012 21:52:17 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([]) by mse02.zte.com.cn with ESMTP id q2RDqGB0025801; Tue, 27 Mar 2012 21:52:16 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <4F71B938.7030300@si6networks.com>
To: "ipv6@ietf.org" <ipv6@ietf.org>
Subject: about security level evaluation of draft-zhou-6man-mhash-cga-00
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OF974F286A.B19B0ED5-ONC12579CE.004B58ED-C12579CE.004C335D@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Tue, 27 Mar 2012 14:52:13 +0100
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-03-27 21:52:20, Serialize complete at 2012-03-27 21:52:20
Content-Type: multipart/alternative; boundary="=_alternative 004C335CC12579CE_="
X-MAIL: mse02.zte.com.cn q2RDqGB0025801
Cc: jari.arkko@ericsson.com
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 13:52:39 -0000

In response to coments on draft draft-zhou-6man-mhash-cga-00 

1. It can be referred to RFC3972 section 7.2
"This increases the cost of address generation approximately by
   a factor of 2^(16*Sec).  It also increases the cost of brute-force
   attacks by the same factor.  That is, the cost of creating a CGA
   Parameters data structure that binds the attacker's public key with
   somebody else's address is increased from O(2^59) to
   O(2^(59+16*Sec)).  The address generator may choose the security
   parameter Sec depending on its own computational capacity, the
   perceived risk of attacks, and the expected lifetime of the address.
   Currently, Sec values between 0 and 2 are sufficient for most IPv6
   nodes.  As computers become faster, higher Sec values will slowly
   become useful."

So though hash output length and sec parameter are two different things, 
can be added together to evaluate as a whole.

If have doubts, I suggest ask CFRG people to consider it.

2. when consider computation part for good guys, since it has been 
suggested to use high sec
value, 2^(16*sec) is already to big work to do 
(when sec=3, cost thousands of hours ), so it is not distinguish with plus 
And it has already been proposed to delegate the generation of CGA to a 
third party when using high sec.