Re: [MLS] Re-randomized TreeKEM

Karthik Bhargavan <karthikeyan.bhargavan@inria.fr> Thu, 17 October 2019 05:43 UTC

Return-Path: <karthikeyan.bhargavan@inria.fr>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 103E5120821 for <mls@ietfa.amsl.com>; Wed, 16 Oct 2019 22:43:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZISady4tDon for <mls@ietfa.amsl.com>; Wed, 16 Oct 2019 22:43:03 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AF2E120236 for <mls@ietf.org>; Wed, 16 Oct 2019 22:43:02 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.67,306,1566856800"; d="scan'208";a="406531636"
Received: from 89-156-101-160.rev.numericable.fr (HELO [192.168.0.62]) ([89.156.101.160]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2019 07:42:56 +0200
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Karthik Bhargavan <karthikeyan.bhargavan@inria.fr>
In-Reply-To: <5b1d9cb1-509a-da7d-1361-188dfe0f21d6@wickr.com>
Date: Thu, 17 Oct 2019 07:42:54 +0200
Cc: mls@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4BEAE096-9597-4619-ADD4-CE13E899481B@inria.fr>
References: <5b1d9cb1-509a-da7d-1361-188dfe0f21d6@wickr.com>
To: Joel Alwen <jalwen@wickr.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/TtC7GXzrJioeHSFtUHGAan1yTRA>
Subject: Re: [MLS] Re-randomized TreeKEM
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 05:43:05 -0000

Hi Joel,

This looks very interesting. It is new to me since I was not at the interim.
After reading the paper and the slides, I am still a bit fuzzy about what the recipient of an update needs to do.

For example, for the running example in your slide deck, it would help if I could see:
- what secret keys does each leaf need to keep
- how do these secrets change when an update from some other node is received.
Just working this out for one update is enough.

I know that this is made precise in the eprint, but it would be faster if you could help us understand it :)

Best,
Karthik

> On 16 Oct 2019, at 23:51, Joel Alwen <jalwen@wickr.com> wrote:
> 
> <FS-TreeKEM.pdf>