Re: [MLS] Improving entropy in MLS
Franziskus Kiefer <franziskuskiefer@gmail.com> Wed, 31 March 2021 07:56 UTC
Return-Path: <franziskuskiefer@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DA513A1EEF for <mls@ietfa.amsl.com>; Wed, 31 Mar 2021 00:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16kw7khYMGrh for <mls@ietfa.amsl.com>; Wed, 31 Mar 2021 00:56:34 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 738C03A1EFF for <mls@ietf.org>; Wed, 31 Mar 2021 00:56:12 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id a7so28644025ejs.3 for <mls@ietf.org>; Wed, 31 Mar 2021 00:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mylvKtncDO2Wl7akA6nGjudDe4fOv00Fw4P52+KS+VA=; b=lE0y4vQT5qYVG6BNVAVxjrti4z0Uooh76as/SDGUOsE0WSl4WzvEv/FglHHrYOXSSv /uWe4/tsU+HxGQzD1QMHv0ckOIdIxoWR8FSo+cGXJuaR4WOaB0mnzSWq94ROpQkYL3Z+ QMLQ0ExefXAiaCFFac9alv+DhJGYDsDkUIFaHDvSA2Yflo3uqWWa1hnZrEBh0El4b2Kl 5QJO1kP27s4SWaJRA63ETdWSeu1S6aGyXSgn032mjGOu8JfhmtqVDACiv7FfqnHdFxaP j62X2DKmW7D/3W0KihGsb2aeoHUJxZXcVzRPkilOzjgnvt819Td/etLAwMisylEwR+If HjAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mylvKtncDO2Wl7akA6nGjudDe4fOv00Fw4P52+KS+VA=; b=AiWcKGlj1KrDPonEoEVmimim/OiUg3zVZkOPL2oz9mNOX+Za8OQ0PxzlxvOsJcfMyz Trsw+MWdz2ebGE0ImydlD8TEyEbcplgrYGotDdcXbettCIBvAgrDvmwgMubsCXvON8DW dVP6rjAoPGPowRobuEj6H+Q8mw8Jv6slEnbXUViIi9gNecnm0uMeeAO0Q/JvBNZE3jbC 9CR1tUq7UE1i7eemoINyKuEWIaO4OCgY33rY5AZKm1CmJMvydAKEwLzfDmD7rBm2ME20 vq3SID6JiuoM8/mf/EO1rN56zxDLimQmuW384Fm0cPSgXNpkBTVZBMv9RN1c96sdJvY9 3Yyw==
X-Gm-Message-State: AOAM532Fo4C+Zm33618vD5rYI572u4C/58Pc5JranAr/7eYN0Dy9iawZ ueu0azfwt5TbzjXQlBB3fVolq9kE67FLfKm6M40=
X-Google-Smtp-Source: ABdhPJzcF5Ck9sGKrCB7QkokautzvaUjiH++ln448ppcPGUxE+Z5t0zJj8OjtIs4FL7pHe13ZAlX2KMBO6BDtW5i2F8=
X-Received: by 2002:a17:907:e87:: with SMTP id ho7mr2134033ejc.2.1617177370172; Wed, 31 Mar 2021 00:56:10 -0700 (PDT)
MIME-Version: 1.0
References: <1529628012.30519.1617089251424@office.mailbox.org> <DBED46A1-F3E3-4C79-B9C5-B13088F7B20D@inria.fr> <965197897.32483.1617096310176@office.mailbox.org> <CABP-pSRLXdiowmd-GO601fj3SLqVJAq92ULOsMCKi-9aVS12Eg@mail.gmail.com> <535299944.41006.1617176490395@office.mailbox.org>
In-Reply-To: <535299944.41006.1617176490395@office.mailbox.org>
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 31 Mar 2021 09:55:58 +0200
Message-ID: <CAJowLmNOOmeaLONAu62wzdTGK=p340mLugo6gZ0k9C1ngotNsA@mail.gmail.com>
To: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Cc: Brendan McMillion <brendan@cloudflare.com>, ML Messaging Layer Security <mls@ietf.org>, Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
Content-Type: multipart/alternative; boundary="000000000000b0202c05bed0729e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/AOx89Ndrp76c0jRMikQasBVTTLo>
Subject: Re: [MLS] Improving entropy in MLS
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 07:56:40 -0000
Hi Konrad, all I agree with Benjamin and Brendan that the protocol is not the right place for something like this. Since you already mention [1], don't you think it would be better to recommend that implementations use RFC 8937 [2] and give an example of how to instantiate G'(n)? Best, Franziskus [1] https://eprint.iacr.org/2018/1057 [2] https://www.rfc-editor.org/rfc/rfc8937.html On Wed, 31 Mar 2021 at 09:41, Konrad Kohbrok <konrad.kohbrok@datashrine.de> wrote: > Hi Brendan, > > Thanks for your feedback! You make two good arguments here, that I want to > address independently. > > The first is the maintenance of layers of abstraction. Yes, ultimately, > we'd like to be able to rely on the OS's (CSP)RNG, but events in the past > (see the introduction of [1] for a few examples) have shown that they are > not always too reliable. As a consequence, protocols should be designed to > be robust against bad sources of randomness. In particular, our design > allows the inclusion of "remote" sources of randomness, which is something > the OS's RNG can't provide. In addition, I'd like to mention that we're not > intending to replace the OS's RNG, but rather complement it. Note, that the > design ensures that no secret can be extracted from the pool without > retrieving fresh randomness from the OS's RNG. > > This brings me to the second point, where I agree that we should keep MLS > free from unnecessary complexity that makes it more prone to bugs and > you're right in that the source of randomness is a particularly fundamental > and thus vulnerable part of MLS. However, the design is conceivably simple > and uses the same, tried, tested and provably secure mechanism that is used > in the key schedule of TLS and MLS: a simple extract-expand cycle. See [2] > for a security proof of the MLS key schedule, which can easily be adapted > to the design of the entropy pool. > > To summarize, we're not proposing to replace the OS's RNG, but rather > extend it such that additional sources of entropy can be included. The > mechanism is simple and, in my opinion, reasonably easy to review, > implement and prove secure without additional assumptions. > > Cheers, > Konrad > > [1] https://eprint.iacr.org/2018/1057 > [2] https://eprint.iacr.org/2021/137 > > > > Brendan McMillion <brendan@cloudflare.com> hat am 30.03.2021 23:01 > geschrieben: > > > > > > Hey Konrad > > > > Thanks for writing this up. However, I feel pretty strongly opposed to > this idea, just as a matter of maintaining proper layers of abstraction. > MLS implementations aren't remotely the only things on a user's system that > require strong randomness, which is why every OS has its own CSPRNG. Those > CSPRNGs are going to be much more robust, better designed, and thoroughly > audited than anything we'd implement. Instead, it's more likely we'd have > MLS implementations do this incorrectly and introduce more > randomness-related vulnerabilities than we prevented. > > > > > > > > On Tue, Mar 30, 2021 at 2:25 AM Konrad Kohbrok < > konrad.kohbrok@datashrine.de> wrote: > > > Great questions. I really should have included our thoughts on the > threat model. > > > > > > We don't assume the entropy pool to be more protected than any other > secret in MLS. > > > > > > Functionally, we want the pool to allow the following: > > > - a party should be able to accrue entropy over time using the OS's > RNG > > > - a party should be able to inject entropy from other sources (in > particular secrets derived from the epoch_secret of any of the party's > groups whenever a fresh commit comes in) > > > > > > Assuming the OS's RNG is really bad (e.g. it spits out only zeroes), > then a party can still have decent entropy once it receives commits from > groups that it is in. Any party that wants to predict the entropy in the > pool would have to know every secret that is injected into the pool. That > means that an adversary would have to compromise all of the party's groups > to predict secrets extracted from the entropy pool. > > > > > > Of course, the pool will take some time to accrue entropy from > various sources, so it doesn't help if the adversary is present from the > start, but it will help if the adversary compromises a party later on. If > that happens, then the compromised party can recover if the adversary > misses (i.e. doesn't intercept and decrypt) any commit from another party > after the compromise. > > > > > > Now we have to make sure that the design doesn't give us any > disadvantages over just sampling from the OS's RNG every time we need fresh > randomness. > > > > > > Let's assume full state compromise. Then > > > 1) the adversary can't obtain entropy extracted from the pool in the > past (because it's essentially a KDF-chain, just as the key schedule) > > > 2) the adversary can't predict what entropy the client will extract > in the future if one of the following is true: > > > - the OS's RNG is good > > > - a commit from a group arrives, where the group itself is not > compromised > > > - any other external entropy gets injected that the adversary doesn't > have access to (e.g. a signature from a secret key that is kept secure in > an HSM) > > > > > > To summarize: It's no silver bullet against bad entropy in general, > but it's cheap, no worse than just relying on the OS's RNG and provides a > framework to accrue randomness over time from various sources even if the > OS's RNG is bad/compromised and it allows parties to recover from > compromise in that case. > > > > > > Hope that shed some light on things. > > > > > > Cheers, > > > Konrad > > > > > > > > > > > > > Benjamin Beurdouche <benjamin.beurdouche@inria.fr> hat am > 30.03.2021 09:53 geschrieben: > > > > > > > > > > > > Hi all, > > > > > > > > I like this idea. I am not fully clear about the threat model, > though. > > > > > > > > From reading this, it looks like we assume that the adversary that > compromised a > > > > principal doesn’t have complete control the entropy pool. > > > > > > > > This is in contrast over what we assume of the AEAD keys or even > the KEM keys > > > > where a full state compromise will gain access to the values. > > > > > > > > However it looks very close to the assumptions about additional > protections for signing keys. > > > > E.g., not directly accessible, and behind an interface that an > adversary can query for certain operations > > > > through an API (e.g. when is stored in an HSM, co-processor or a > functional secure enclave). > > > > > > > > Am I reading this properly? > > > > If yes, I can understand the value in this threat model, but we > should make it clear that the > > > > entropy pool has to get these additional protections to provide > these good properties. > > > > > > > > Seems to me like a good improvement in all cases anyway, so I think > we should consider it. > > > > > > > > Thanks! > > > > Ben > > > > > > > > > On 30 Mar 2021, at 09:27, Konrad Kohbrok < > konrad.kohbrok@datashrine.de> wrote: > > > > > > > > > > Hi everyone, > > > > > > > > > > MLS is a protocol that is very vulnerable to individual parties > with bad randomness. For example, when a party joins a group, the secrecy > of the group's key material relies on the quality of that party's key > material. Similarly, when doing an external join, the groups entropy is > completely replaced by that of the joining member. > > > > > > > > > > There are multiple ways to mitigate this threat and Joël and > Sandro proposed a few of them in the following mail to the list: > https://mailarchive.ietf.org/arch/msg/mls/ZR84smU5xeLrziNTk5W1P1Z1nQI/ > > > > > > > > > > Concretely, there were two approaches: one that would be baked > into the protocol (essentially using a secret derived from old path secrets > to inject into new ones in addition to the current approach) and one that > would mandate the use of an entropy pool. > > > > > > > > > > The ideas were discussed a bit at the time, but nothing has > happened since then. Joël, Sandro and I have just opened a PR with a > concrete design for an entropy pool that is modeled after the key schedule ( > https://github.com/mlswg/mls-protocol/pull/467). Concretely, it allows > gathering entropy over time and for parties with a bad entropy source to > profit from parties with a good one without compromising security. > > > > > > > > > > While for future iterations of MLS, we might want to consider a > solution that is more integral to the protocol, we are aware that the > authors want to avoid breaking changes at this point. With the entropy > pool, we thus propose a solution that does not affect the protocol flow, > but that still offers significant advantages over no mitigations at all. > > > > > > > > > > Cheers, > > > > > Konrad > > > > > > > > > > _______________________________________________ > > > > > MLS mailing list > > > > > MLS@ietf.org > > > > > https://www.ietf.org/mailman/listinfo/mls > > > > > > _______________________________________________ > > > MLS mailing list > > > MLS@ietf.org > > > https://www.ietf.org/mailman/listinfo/mls > > > > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls >
- [MLS] Improving entropy in MLS Konrad Kohbrok
- Re: [MLS] Improving entropy in MLS Benjamin Beurdouche
- Re: [MLS] Improving entropy in MLS Benjamin Beurdouche
- Re: [MLS] Improving entropy in MLS Konrad Kohbrok
- Re: [MLS] Improving entropy in MLS Brendan McMillion
- Re: [MLS] Improving entropy in MLS Benjamin Beurdouche
- Re: [MLS] Improving entropy in MLS Konrad Kohbrok
- Re: [MLS] Improving entropy in MLS Konrad Kohbrok
- Re: [MLS] Improving entropy in MLS Franziskus Kiefer
- Re: [MLS] Improving entropy in MLS Joel Alwen
- Re: [MLS] Improving entropy in MLS Konrad Kohbrok