IETF Logo Mail Archive

Re: [MLS] Improving entropy in MLS

Franziskus Kiefer <franziskuskiefer@gmail.com> Wed, 31 March 2021 07:56 UTC

Return-Path: <franziskuskiefer@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DA513A1EEF for <mls@ietfa.amsl.com>; Wed, 31 Mar 2021 00:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16kw7khYMGrh for <mls@ietfa.amsl.com>; Wed, 31 Mar 2021 00:56:34 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 738C03A1EFF for <mls@ietf.org>; Wed, 31 Mar 2021 00:56:12 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id a7so28644025ejs.3 for <mls@ietf.org>; Wed, 31 Mar 2021 00:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mylvKtncDO2Wl7akA6nGjudDe4fOv00Fw4P52+KS+VA=; b=lE0y4vQT5qYVG6BNVAVxjrti4z0Uooh76as/SDGUOsE0WSl4WzvEv/FglHHrYOXSSv /uWe4/tsU+HxGQzD1QMHv0ckOIdIxoWR8FSo+cGXJuaR4WOaB0mnzSWq94ROpQkYL3Z+ QMLQ0ExefXAiaCFFac9alv+DhJGYDsDkUIFaHDvSA2Yflo3uqWWa1hnZrEBh0El4b2Kl 5QJO1kP27s4SWaJRA63ETdWSeu1S6aGyXSgn032mjGOu8JfhmtqVDACiv7FfqnHdFxaP j62X2DKmW7D/3W0KihGsb2aeoHUJxZXcVzRPkilOzjgnvt819Td/etLAwMisylEwR+If HjAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mylvKtncDO2Wl7akA6nGjudDe4fOv00Fw4P52+KS+VA=; b=AiWcKGlj1KrDPonEoEVmimim/OiUg3zVZkOPL2oz9mNOX+Za8OQ0PxzlxvOsJcfMyz Trsw+MWdz2ebGE0ImydlD8TEyEbcplgrYGotDdcXbettCIBvAgrDvmwgMubsCXvON8DW dVP6rjAoPGPowRobuEj6H+Q8mw8Jv6slEnbXUViIi9gNecnm0uMeeAO0Q/JvBNZE3jbC 9CR1tUq7UE1i7eemoINyKuEWIaO4OCgY33rY5AZKm1CmJMvydAKEwLzfDmD7rBm2ME20 vq3SID6JiuoM8/mf/EO1rN56zxDLimQmuW384Fm0cPSgXNpkBTVZBMv9RN1c96sdJvY9 3Yyw==
X-Gm-Message-State: AOAM532Fo4C+Zm33618vD5rYI572u4C/58Pc5JranAr/7eYN0Dy9iawZ ueu0azfwt5TbzjXQlBB3fVolq9kE67FLfKm6M40=
X-Google-Smtp-Source: ABdhPJzcF5Ck9sGKrCB7QkokautzvaUjiH++ln448ppcPGUxE+Z5t0zJj8OjtIs4FL7pHe13ZAlX2KMBO6BDtW5i2F8=
X-Received: by 2002:a17:907:e87:: with SMTP id ho7mr2134033ejc.2.1617177370172; Wed, 31 Mar 2021 00:56:10 -0700 (PDT)
MIME-Version: 1.0
References: <1529628012.30519.1617089251424@office.mailbox.org> <DBED46A1-F3E3-4C79-B9C5-B13088F7B20D@inria.fr> <965197897.32483.1617096310176@office.mailbox.org> <CABP-pSRLXdiowmd-GO601fj3SLqVJAq92ULOsMCKi-9aVS12Eg@mail.gmail.com> <535299944.41006.1617176490395@office.mailbox.org>
In-Reply-To: <535299944.41006.1617176490395@office.mailbox.org>
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Wed, 31 Mar 2021 09:55:58 +0200
Message-ID: <CAJowLmNOOmeaLONAu62wzdTGK=p340mLugo6gZ0k9C1ngotNsA@mail.gmail.com>
To: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Cc: Brendan McMillion <brendan@cloudflare.com>, ML Messaging Layer Security <mls@ietf.org>, Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
Content-Type: multipart/alternative; boundary="000000000000b0202c05bed0729e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/AOx89Ndrp76c0jRMikQasBVTTLo>
Subject: Re: [MLS] Improving entropy in MLS
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 07:56:40 -0000

Hi Konrad, all

I agree with Benjamin and Brendan that the protocol is not the right place
for something like this.
Since you already mention [1], don't you think it would be better to
recommend that implementations use RFC 8937 [2] and give an example of how
to instantiate G'(n)?

Best,
Franziskus

[1] https://eprint.iacr.org/2018/1057
[2] https://www.rfc-editor.org/rfc/rfc8937.html

On Wed, 31 Mar 2021 at 09:41, Konrad Kohbrok <konrad.kohbrok@datashrine.de>
wrote:

> Hi Brendan,
>
> Thanks for your feedback! You make two good arguments here, that I want to
> address independently.
>
> The first is the maintenance of layers of abstraction. Yes, ultimately,
> we'd like to be able to rely on the OS's (CSP)RNG, but events in the past
> (see the introduction of [1] for a few examples) have shown that they are
> not always too reliable. As a consequence, protocols should be designed to
> be robust against bad sources of randomness. In particular, our design
> allows the inclusion of "remote" sources of randomness, which is something
> the OS's RNG can't provide. In addition, I'd like to mention that we're not
> intending to replace the OS's RNG, but rather complement it. Note, that the
> design ensures that no secret can be extracted from the pool without
> retrieving fresh randomness from the OS's RNG.
>
> This brings me to the second point, where I agree that we should keep MLS
> free from unnecessary complexity that makes it more prone to bugs and
> you're right in that the source of randomness is a particularly fundamental
> and thus vulnerable part of MLS. However, the design is conceivably simple
> and uses the same, tried, tested and provably secure mechanism that is used
> in the key schedule of TLS and MLS: a simple extract-expand cycle. See [2]
> for a security proof of the MLS key schedule, which can easily be adapted
> to the design of the entropy pool.
>
> To summarize, we're not proposing to replace the OS's RNG, but rather
> extend it such that additional sources of entropy can be included. The
> mechanism is simple and, in my opinion, reasonably easy to review,
> implement and prove secure without additional assumptions.
>
> Cheers,
> Konrad
>
> [1] https://eprint.iacr.org/2018/1057
> [2] https://eprint.iacr.org/2021/137
>
>
> > Brendan McMillion <brendan@cloudflare.com> hat am 30.03.2021 23:01
> geschrieben:
> >
> >
> > Hey Konrad
> >
> > Thanks for writing this up. However, I feel pretty strongly opposed to
> this idea, just as a matter of maintaining proper layers of abstraction.
> MLS implementations aren't remotely the only things on a user's system that
> require strong randomness, which is why every OS has its own CSPRNG. Those
> CSPRNGs are going to be much more robust, better designed, and thoroughly
> audited than anything we'd implement. Instead, it's more likely we'd have
> MLS implementations do this incorrectly and introduce more
> randomness-related vulnerabilities than we prevented.
> >
> >
> >
> > On Tue, Mar 30, 2021 at 2:25 AM Konrad Kohbrok <
> konrad.kohbrok@datashrine.de> wrote:
> > > Great questions. I really should have included our thoughts on the
> threat model.
> > >
> > >  We don't assume the entropy pool to be more protected than any other
> secret in MLS.
> > >
> > >  Functionally, we want the pool to allow the following:
> > >  - a party should be able to accrue entropy over time using the OS's
> RNG
> > >  - a party should be able to inject entropy from other sources (in
> particular secrets derived from the epoch_secret of any of the party's
> groups whenever a fresh commit comes in)
> > >
> > >  Assuming the OS's RNG is really bad (e.g. it spits out only zeroes),
> then a party can still have decent entropy once it receives commits from
> groups that it is in. Any party that wants to predict the entropy in the
> pool would have to know every secret that is injected into the pool. That
> means that an adversary would have to compromise all of the party's groups
> to predict secrets extracted from the entropy pool.
> > >
> > >  Of course, the pool will take some time to accrue entropy from
> various sources, so it doesn't help if the adversary is present from the
> start, but it will help if the adversary compromises a party later on. If
> that happens, then the compromised party can recover if the adversary
> misses (i.e. doesn't intercept and decrypt) any commit from another party
> after the compromise.
> > >
> > >  Now we have to make sure that the design doesn't give us any
> disadvantages over just sampling from the OS's RNG every time we need fresh
> randomness.
> > >
> > >  Let's assume full state compromise. Then
> > >  1) the adversary can't obtain entropy extracted from the pool in the
> past (because it's essentially a KDF-chain, just as the key schedule)
> > >  2) the adversary can't predict what entropy the client will extract
> in the future if one of the following is true:
> > >  - the OS's RNG is good
> > >  - a commit from a group arrives, where the group itself is not
> compromised
> > >  - any other external entropy gets injected that the adversary doesn't
> have access to (e.g. a signature from a secret key that is kept secure in
> an HSM)
> > >
> > >  To summarize: It's no silver bullet against bad entropy in general,
> but it's cheap, no worse than just relying on the OS's RNG and provides a
> framework to accrue randomness over time from various sources even if the
> OS's RNG is bad/compromised and it allows parties to recover from
> compromise in that case.
> > >
> > >  Hope that shed some light on things.
> > >
> > >  Cheers,
> > >  Konrad
> > >
> > >
> > >
> > >  > Benjamin Beurdouche <benjamin.beurdouche@inria.fr> hat am
> 30.03.2021 09:53 geschrieben:
> > >  >
> > >  >
> > >  > Hi all,
> > >  >
> > >  > I like this idea. I am not fully clear about the threat model,
> though.
> > >  >
> > >  > From reading this, it looks like we assume that the adversary that
> compromised a
> > >  > principal doesn’t have complete control the entropy pool.
> > >  >
> > >  > This is in contrast over what we assume of the AEAD keys or even
> the KEM keys
> > >  > where a full state compromise will gain access to the values.
> > >  >
> > >  > However it looks very close to the assumptions about additional
> protections for signing keys.
> > >  > E.g., not directly accessible, and behind an interface that an
> adversary can query for certain operations
> > >  > through an API (e.g. when is stored in an HSM, co-processor or a
> functional secure enclave).
> > >  >
> > >  > Am I reading this properly?
> > >  > If yes, I can understand the value in this threat model, but we
> should make it clear that the
> > >  > entropy pool has to get these additional protections to provide
> these good properties.
> > >  >
> > >  > Seems to me like a good improvement in all cases anyway, so I think
> we should consider it.
> > >  >
> > >  > Thanks!
> > >  > Ben
> > >  >
> > >  > > On 30 Mar 2021, at 09:27, Konrad Kohbrok <
> konrad.kohbrok@datashrine.de> wrote:
> > >  > >
> > >  > > Hi everyone,
> > >  > >
> > >  > > MLS is a protocol that is very vulnerable to individual parties
> with bad randomness. For example, when a party joins a group, the secrecy
> of the group's key material relies on the quality of that party's key
> material. Similarly, when doing an external join, the groups entropy is
> completely replaced by that of the joining member.
> > >  > >
> > >  > > There are multiple ways to mitigate this threat and Joël and
> Sandro proposed a few of them in the following mail to the list:
> https://mailarchive.ietf.org/arch/msg/mls/ZR84smU5xeLrziNTk5W1P1Z1nQI/
> > >  > >
> > >  > > Concretely, there were two approaches: one that would be baked
> into the protocol (essentially using a secret derived from old path secrets
> to inject into new ones in addition to the current approach) and one that
> would mandate the use of an entropy pool.
> > >  > >
> > >  > > The ideas were discussed a bit at the time, but nothing has
> happened since then. Joël, Sandro and I have just opened a PR with a
> concrete design for an entropy pool that is modeled after the key schedule (
> https://github.com/mlswg/mls-protocol/pull/467). Concretely, it allows
> gathering entropy over time and for parties with a bad entropy source to
> profit from parties with a good one without compromising security.
> > >  > >
> > >  > > While for future iterations of MLS, we might want to consider a
> solution that is more integral to the protocol, we are aware that the
> authors want to avoid breaking changes at this point. With the entropy
> pool, we thus propose a solution that does not affect the protocol flow,
> but that still offers significant advantages over no mitigations at all.
> > >  > >
> > >  > > Cheers,
> > >  > > Konrad
> > >  > >
> > >  > > _______________________________________________
> > >  > > MLS mailing list
> > >  > > MLS@ietf.org
> > >  > > https://www.ietf.org/mailman/listinfo/mls
> > >
> > >  _______________________________________________
> > >  MLS mailing list
> > >  MLS@ietf.org
> > >  https://www.ietf.org/mailman/listinfo/mls
> > >
>
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls
>

v2.23.0 | Report a Bug | By Email