IETF Logo Mail Archive

Re: [MLS] Subgroups

Natanael <natanael.l@gmail.com> Wed, 20 March 2024 16:26 UTC

Return-Path: <natanael.l@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D25FC14F739 for <mls@ietfa.amsl.com>; Wed, 20 Mar 2024 09:26:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uapJ5_4NDGjz for <mls@ietfa.amsl.com>; Wed, 20 Mar 2024 09:26:17 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60013C14F70C for <mls@ietf.org>; Wed, 20 Mar 2024 09:26:17 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id 38308e7fff4ca-2d68c6a4630so622441fa.3 for <mls@ietf.org>; Wed, 20 Mar 2024 09:26:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710951973; x=1711556773; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RoSTAHEME+Mdt8WmZg9QVSQvoPNuTky5Ct3IFBIKwRs=; b=cyla+T/nYUSq7DMtLZquTQhSYqGpMqCJ7eioXYTS2NQXdIw6MX3myKzPEI0+DywJfD I6aJyzwiZWt1OtjqXdQJs3zv6Q5vBGChX31/Yyn7Ls7V7aDB0uCBlx23uSR7c7/FxH2+ vt9AH0s3aRLL97YIDaqta5sDXkahpn8DuaVuXanRlybawRJk6EKJfENOGuYQHnhhS1Tc sVbk9JAaFZQisr85h2oAbJKM5Ry45fMyUIQxtYYHRWcSNVWhVT2a3bip4HMbPbl5SWFH K25D5VvibaH2MgobO5ZI1FVAAsk/JKNAYq7TrSx8nIKEUs0nC/Qmefmh7rALhmObQIbe n3Bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710951973; x=1711556773; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RoSTAHEME+Mdt8WmZg9QVSQvoPNuTky5Ct3IFBIKwRs=; b=CM4r6qZHfk+wFoNaj6h4MWBWTJPvo5FBjVKiJ6am7VzCn7b3UwVkWDDt9zcvnJPp5S seQ4U6vfPmNIE5a8JznTCpaVbPZzyqlQucYAPga0m2cqjhZRSfGj0Yzc/qFdSjOixuKh LLOQ+eGEBwJTQbUpS3s1IvFkN7lGhAl0IdaHMKSJDlVCsksOemezY4qRBccKvNB1iXA4 LukJ04vhfCeibWkYhZemXNvLYnuLFeWwhCudfMIxDb5+MPxXiCevQdfT8ob+I4+tqsUN Lx2qx31WgmP7K0V8sPmlqOxkSySeQ8CBf7DTWAaB/yyqEXMyoUi+9GNiUJHxCB5uKsSO LcuQ==
X-Forwarded-Encrypted: i=1; AJvYcCWzIjJnA8JjlIQU1ZsoQIC29HMGFrqhYp9FADNFkPvJpbOWYfWWb6Wf9j8dennQP4SYRz9wszGtP3PpasY=
X-Gm-Message-State: AOJu0YyHKnSx6DSg5iiygzOahCIF6xYNCn8/qoej/mwnmXMk/whl0kR7 GNLrM8VLVreirInMEliGUVZG9Dy9n9h6JnKVU4/jIhcXtbcUq/L6q2vBCxJJXziLDe3ycN5COAO LpjhCzn82GSFAsNG5+wLEn0f38H8=
X-Google-Smtp-Source: AGHT+IGGJT8JsGPTD82YLL3vLbpzSogAaqig7IdHJ6jujjs2uAEuIqFTCt7HXM2g8bw4r84vgQ3qrv/MOvbUXwGPEFw=
X-Received: by 2002:ac2:43c1:0:b0:513:cab1:dc9a with SMTP id u1-20020ac243c1000000b00513cab1dc9amr4313213lfl.19.1710951973118; Wed, 20 Mar 2024 09:26:13 -0700 (PDT)
MIME-Version: 1.0
References: <CAJTd26+ZU9_iwRAWW7aFLTh2vo35YDQc5_vLh+pOVjKeBNY6XQ@mail.gmail.com> <15C66118-2240-4891-81A6-228CF094459F@datashrine.de> <CAJTd26JLVS9o6CopXRgKY_VJqTyRj30ggJpKM3+DWi39nMJdKA@mail.gmail.com> <F4ABFE2C-A7F3-4BF8-B84B-B07802B3D5B3@amazon.com>
In-Reply-To: <F4ABFE2C-A7F3-4BF8-B84B-B07802B3D5B3@amazon.com>
From: Natanael <natanael.l@gmail.com>
Date: Wed, 20 Mar 2024 17:25:59 +0100
Message-ID: <CAAt2M1-m1kgkPFFm4OgdrSga-r0KJ7qAZ8=3BO3tF1VYq=wg7w@mail.gmail.com>
To: "Mularczyk, Marta" <mulmarta=40amazon.ch@dmarc.ietf.org>
Cc: Brendan McMillion <brendanmcmillion@gmail.com>, Konrad Kohbrok <konrad.kohbrok@datashrine.de>, MLS List <mls@ietf.org>, "Alwen, Joel" <alwenjo@amazon.com>, "Mularczyk, Marta" <mulmarta@amazon.ch>
Content-Type: multipart/alternative; boundary="00000000000095fbcb06141a0c4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/jePUHmIA5z3SkdxebX6iqMrUEJg>
Subject: Re: [MLS] Subgroups
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 16:26:21 -0000

Den ons 20 mars 2024 17:03Mularczyk, Marta <mulmarta=
40amazon.ch@dmarc.ietf.org> skrev:

> Hi Brendan,
>
>
>
> Thanks a lot for the input! The idea of using PRP to hide the leaf index
> is quite elegant. Here are our thoughts and questions about the overall
> design:
>
>
>
> * What were your high-level goals for the new design? Which of them were
> not met by our proposal?
>
>
>
> * Do you know how available production quality implementations of FF1 are
> (especially, FIPS certified ones)? We’re a bit worried that this may be a
> blocker for adoption in some case
>

If the reason for FF1 is to control ciphertext size, not format, then you
may be interested in this;

https://csrc.nist.gov/Events/2024/accordion-cipher-mode-workshop-2024

> NIST plans to develop a new mode of the AES that is a tweakable,
variable-input-length-strong pseudorandom permutation (VIL-SPRP) with a
reduction proof to the security of the underlying block cipher.

> An accordion mode could also be adapted to provide key wrapping that is
more efficient than KW and KWP.

v2.23.0 | Report a Bug | By Email