[MLS] Are people open to a different approach to the cryptography?

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 28 February 2018 04:53 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 32ABD1267BB for <mls@ietfa.amsl.com>; Tue, 27 Feb 2018 20:53:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id zs4TR5pbD2GF for <mls@ietfa.amsl.com>; Tue, 27 Feb 2018 20:53:54 -0800 (PST)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EB1D1241F8 for <mls@ietf.org>; Tue, 27 Feb 2018 20:53:54 -0800 (PST)
Received: by mail-oi0-x22a.google.com with SMTP id u73so874400oie.3 for <mls@ietf.org>; Tue, 27 Feb 2018 20:53:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=9k3Lycrr2Uds0sU98baQTH+JQ4KS14URP3HEc5BMBwY=; b=N07M/J5Le5+97HoSdSDL1Slrzs9Sma9HmF+SISk+jI5MsrZdAw1tUuWaYwZ+JWw10v NsuYgpbo15At/a4fI4zeHw29zFGjgNCMOh18GuDnDGlS9AcxX5qbnjLOqBP+qOspANle ea0lkMhHfre7QqMXis8cANKnhDAYQ6Qo6499Wt+UezaRrR0I7qe903qb+kwgprYuDdEf i4xFnt2BNzoDgBOoeVxFZWfDUPwpP1kdqyb0KNs9a1kZatZeq1a4aLmnSHu6ejw0kxYD ewEZrinPPl8iBRH/36dm5gAl92F18q0dNn/VE9l1AAclKOeKGDRQ0kvFi0bNiPc6oVB8 ASig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=9k3Lycrr2Uds0sU98baQTH+JQ4KS14URP3HEc5BMBwY=; b=HcTMkkwkdBksg3JDE2xEjyMrmwIxSJl+3MPDGNADxuv4Oa+g3bhibgncFlMnHZYPpH 0P6cRND/B1APz692dshgju5lue8EODlW9LRLOHHDMcWY34nHWjJh9ubXHCCb36VjVV3Y +wAb0OStzdvK4tcmlQ2ALG/X2aavaUto5gSO2iOkkrnPlTy6zx3/U9Szl2xAPvmVj/N2 02Hqrl81Xy/5z7zKIj15jw1pDzNyJyvGdKcnzCCj8Sj/WtTO3uB2bfByQnFGLAhDj9oy N7TEnmo/0zwq1nefaUSxhbgal6KdLmtWxxQbjgXejH7Q89SU2SIjagvJZpDRXqdHXxK+ uYpw==
X-Gm-Message-State: APf1xPCiW3C4H3HMrWkPcC/P9rFi5jDwJvNMuMWNVh9pPHILd0hq/h9w ogEtpjPqfPrxlG71//DKm55kuJ17c39zZognPYU=
X-Google-Smtp-Source: AG47ELvHDQVDxxO7Knqa9rR2of5oO7bscSdAdf73rRQH5lWXlom4G/z3aVeWUfLe2Hz5DCiaLYPWUFRZOY3AidDgxtw=
X-Received: by with SMTP id r190mr11149358oie.180.1519793633503; Tue, 27 Feb 2018 20:53:53 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by with HTTP; Tue, 27 Feb 2018 20:53:52 -0800 (PST)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 27 Feb 2018 23:53:52 -0500
X-Google-Sender-Auth: jcpM6qLWD7Tg2dZLRLxmvHULvgg
Message-ID: <CAMm+LwiHwL0tZGOrRq0VBVaAoRTDo28W8=rWu=2DNpgOeZ4e4w@mail.gmail.com>
To: mls@ietf.org
Content-Type: multipart/alternative; boundary="001a113cd4b6a82e0305663e873f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/9LOH9UwxVmeTvDr08SDGPFmAqbA>
Subject: [MLS] Are people open to a different approach to the cryptography?
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 04:53:57 -0000

I agree that perfect forward secrecy is sometimes a requirement. But it
isn't always a requirement and sometimes the requirement may be to create a
static record of a conversation.

For example, this conversation we are having now. We might well want to
make it private but have a permanent record so if we admit a new person to
the group, they can read the previous material.

For the past couple of years I have been working on multi-key approaches to
cryptography based on work by Matt Blaze and Torben Pederssen.

The approach is based on the fact that we can do math on Diffie Hellman
Keys and results.

If you add two discrete log private keys, the public key corresponding to
the result is the product of the corresponding public keys.

x + y = z
e^x . e^y = e^(x+y) = e^z

What I have designed the key agreement for my chat protocol to support is
the case in which all communication to the group is encrypted under a group
encryption key and the decryption key is split differently for each member
of the group by an administrator.

I am pretty sure I can add PFS into the agreement. But I would need to
understand the requirements a bit better first.