IETF Logo Mail Archive

[Sframe] "AES-GCM" with secure short tags

John Mattsson <john.mattsson@ericsson.com> Mon, 27 March 2023 08:57 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1940AC1516E0 for <sframe@ietfa.amsl.com>; Mon, 27 Mar 2023 01:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cx1NZ6LSv4E0 for <sframe@ietfa.amsl.com>; Mon, 27 Mar 2023 01:57:31 -0700 (PDT)
Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20600.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe13::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0173C1524DD for <sframe@ietf.org>; Mon, 27 Mar 2023 01:57:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NZztHszHcrGHDzYUVaf/2mUfZXSjtLcfg5qdtzbNFkehlHiCV3Hggsx2yMvOjDdtdnN+QrLYruq00afevjV6fIJzDd0xQ9g4Bz2tHE9mykSszVfdx+qO49wzZ/irahalv9fAJTmXpp3cXphLMf6K6fQmrB0HtitL6lIcAmQU18q4wlLllM0Xhuyt6QM4LNW/bPI3wvXdvbVFJhdfMeQzfkhxUS+XOo9JKO4+rht3XlES5BBCzgdT9j+3DscOEmQM86LPzVDaFLjCS5qzlv45mgPdOHKoM+UidRFwvHBtsNK8vkPyEPPicpMGNQA+OWjUH+mPgKZm08oIEIol+qbLvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YXCHQ/7CGoM9FLEXCizGLxalrXiaycz1PXlgZQg+BQI=; b=QPN71gKs/DNGk0XNip2Y+GKNdxtLL7WlwHBFTC1Di0WnKEWqM23P2sjIObE79j2uUiMDFLjKXxUqEBmq0jnYPbS5P92IEUJvDaVpQbY9kZwEti4GTsmqcvbbR6bmm1Yzb+DpkoKNAgkVRSucyH/D4k/2Ln0qkafwq9OwdRjF9RKpHwz5NK4sbPIYavE4B5SJgbMjn2XmQuoMkIa9kcGtl6/FwjIqrvEUBgiRrx/oxGWMYrEPeKPPd6/b9zkMN4LgNurz4M5sf4ZbmSqMm79hTUZHxVWJnzfVs/M7JM9DndAad+/OzdmN0DfWxaaX6wtAI9zG0azxIgoolPY5JZ3+/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YXCHQ/7CGoM9FLEXCizGLxalrXiaycz1PXlgZQg+BQI=; b=girONh+Ibl7BSfGjD8egXBRJT0NS8+zgVGqigngqKnkTTVJ89GcS0VcKGRdWlABrnyDOHPp95d0ugb8lrESNBr6QPb71wbnl/CKUxdCFa4H5z3jGUlrPouj9WPT4huR7U1xCxwlXX6Y2saC9Qwghiy+5bizHeayrmV3Sjww6gws=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PA4PR07MB8597.eurprd07.prod.outlook.com (2603:10a6:102:26e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.41; Mon, 27 Mar 2023 08:57:22 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::99aa:ce11:6aca:bc8a]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::99aa:ce11:6aca:bc8a%5]) with mapi id 15.20.6222.028; Mon, 27 Mar 2023 08:57:22 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "sframe@ietf.org" <sframe@ietf.org>
Thread-Topic: "AES-GCM" with secure short tags
Thread-Index: AQHZYIjqF3NF+6ks9E6VeZpJEy0PQw==
Date: Mon, 27 Mar 2023 08:57:22 +0000
Message-ID: <GVXPR07MB967868DFBBBE4EE9AB651B79898B9@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PA4PR07MB8597:EE_
x-ms-office365-filtering-correlation-id: 952def2b-fb3c-44b6-96b0-08db2ea1474b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DvT4DKAjRxHHdbKrL9PODtDTMTcSyb6ExITi4VrnLMND+QLrEmv8wmmZDnG4mzZ7t6mF7Vt3p0HS1MURUOO+LKecvsCy4Fi1c0oVPOTVQtSv72HtKxoTiGFtyo1bbm68WoWYCtY33gHNjk89v1JGSJ+RVTGChW0eet2nDUaw0yacVxpwVxjOzacp8Sp6EW80kC3DHi9plafTRhfgCBpXHTbk3iY8z5SC7LQua/LXVZuDOYRDqU9PovPQZ4nYj5t+XMVgW5vnfrUS0mI0ZcTOMWnEC9cu0AwvoGV+CPI0foRHRnjwJErVjvdbli3jc5eo9V67Pq6BjFrePJ2agUqGM7FM/V00cZWTjcF8LOazmoj55Jmzt3t4RiLXsAZ9qrEFKxv/eUvkKrkKqeyGGtKCtS6R38tpaQeqnLCbj2b8oNoxaJpE24ONLW497uC7OX+PJWnZoc4Zfz2j35yiure4Omi22rmm6kaVlkGciwEZT1GPpvkDKUIj8UqcK8bYpOgtzG5EynPFAmJ8I19twAnWnfoYFYgRlgMvecQSEpnfsntVGE7ZTiBCiQkg5XQQybH+n9fjUAKB34Xs/w/9mDJ35iF3JVo+9bQL5OGnCw0yqhN57cayBV42VlUk1LmI/Wrd
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(136003)(366004)(39860400002)(376002)(346002)(451199021)(7696005)(44832011)(6506007)(41300700001)(52536014)(71200400001)(186003)(5660300002)(8936002)(478600001)(9686003)(66476007)(8676002)(66556008)(66946007)(66446008)(76116006)(91956017)(83380400001)(6916009)(316002)(64756008)(82960400001)(38100700002)(122000001)(2906002)(38070700005)(55016003)(33656002)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EduDYVHkssy5XDdpg5Fq/yd3nSqo0BX0rfbKn+tWkAA0gkKMEJeI6zebDRbVX1PPeDt5UxHWVQI4T2vQrMiDRYpb/TCNHx3oSke/Q8YPARVeKsfTt5sVvF/E3onRZGcJFSiVGKRRbOjHsypDttPC4AeiSvfyajcBQUyK/kpghO5pZBpHjrwZgh+KNKcB0p3RRVJp5evs+bxjBnuSIXKS7J+1nnr0DR5YFCW+V1JkvZG1CXiQlsJ+jl5aUAx1GWZTnjAmJA+gzRlLOq3rVmPanHsuaUJjtjuxWhZJuF5KKUeZ1ZxzUO5DctU+3Jwn4K2NAMlFTOhf8PGhfa3tPAcSRpMCtt/+u2BfyNDN9lyof/1r6a15L0doG66rTAj2me111PUyxnf3rbh5swLsSNhSA7I+2LeYF+rCopxPAwo74UiXcN/3ampYhIDeG8Twq41Do/+2rn4fOnAqPW4MjzJMtmZH6VI62uUoJxFG9GCYVy152VIhnXQuTTksizTnaI/Ffl7aNl+dI7lasIOKT5A6mpjtU34PdyZm6c28nrKG8qe894BIOiMB4ZK16m0lWZpssTidM+Wm950wff+eXYuVzwOvooWofvAilPmDgCUtoc0oqFo+7Ja5IGX3W+fJSKwwp0N3kUtxOWSMxaTKrsI0+e7ik++QI0i2v0V7mIVgNx+FBpA+rtIzDeWHTNvLFO3Kda2IJrO/Q6yYZ67KAIG/kB4HfYvT1wvrpmcNCbh9nTNgEGwuv/Q2ByjCJXJvQx5C+s5yjHUhDn79pFgJuYr8rFvYdj3NZidWkIHaxGTit/OINgOfc4ACqu4lZVXVBk6NpOUx1MP+ahaJtJKjCf9jlGdl3EP39D3BqeOx9mHK9Vt6BsVRFy26465et7j7TW07426+osyXqeCx2UGBQu9jN006ySNMLa8orAwZwhd/uJr50wxOZlYg5wcB7S9fc5LM3jZLNRzJHIkMoLROve64EEdxFm1YRXOgkltLcYi9RE0yqDaaRa5eSbuVESyyfDukMRS4QLaXMrVd6cmFTkbF81tjJvO5cZnwIKaM/9znu4dG9qESAhd+4IlSmM3iY89TnNPc01fEGcvIDM3brVmzYcG0U41FGV9fQWvPq7Dc9vhPm9Nzwna9ywN9LRbWNAYbNne48GupotEiuZnRfIe1ZS8EgUF7u0woXzJparJVMFie2rC7UWqLhps40C+1R13zMkNkKbF9T8YqlXJCqtRJR6zCi2m2ibb/B4yiP0q43QC6a14clDLYwXSCSc9XXZp5e5gyLDtjNgsIQOk6wUvMeNxsdiBl+FiZYxYokPiU/p5LHdWFcIPUBn0w2/lwFQ6qfHky+PPqJhXHG9itEawqab8s7aaHVKgONnuLJSmMuGK3SV3UU4dotRm57dPKV2zUxr3BMCip+laq/LIzF9+66hJwACzjmC8ooH1b4TKa6oj7Ti9XcmnF9pauJf7Bfg4ufy04N9jWQPlCozqBHq+o4zvhiIS0v4pGLEY/97S5Lf6RLOGytzM/weqGdLe6Ph/JJcIXdZ0Oy5F6znP9KV32Q4zONib4cEEPnCFX4/P4zbABZncGroU7z8WJi8Cl6nStxNtrBxArPTym/uK77vZgeikmKoJujhBFe6pLBJMzPKPHqh4LDvEKV+qnb0sJNFKZtYDX2Jy+GKggXOrRWDemsA==
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB967868DFBBBE4EE9AB651B79898B9GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 952def2b-fb3c-44b6-96b0-08db2ea1474b
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2023 08:57:22.3296 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l1TxlZxfnItc+iSFgontXvA2YjFw61KNHaf1RatTcPE+slK82lNIW9mrXQaiQtbdR5PzkJ91JoaGb71rB4etOZMfS/p6PkgGGBoQYdfqZbY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB8597
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/Xa05l2UWsx2PpRU-A4QhWOxiPHw>
Subject: [Sframe] "AES-GCM" with secure short tags
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2023 08:57:35 -0000

Hi,

I saw that draft-ietf-sframe-enc uses AES-CTR with HMAC-SHA-256 for 32, 64, and 80 bit tags. 3GPP realised that 5G needs for something like AES-GCM with short tags a few years ago and asked ETSI SAGE (the CFRG of 3GPP) to suggest a solution. AES-GCM has quite bad properties if you truncate the tags.

ETSI SAGE recently specified and recommended a mode based on AES-GCM but with some important differences. In addition to the GCM key H, the new mode uses an additional secret point 𝑄 which is multiplied in the last step, before the masking with the secret value. This allows short tags with good security properties. This type of construction is not new and can be in an old paper by Kaisa Nyberg. ETSI SAGE also recommends using a different polynomial taken from GCM-SIV for impoved performance compared to GCM but this is not needed for the trucation.

Would SFRAME WG be interested in such an algorithm (AES-GCM with trucatable tags)? If so I could submit such a draft to to CFRG. ETSI SAGE has done quite a lot of security analysis on this.

Cheers,
John

v2.23.0 | Report a Bug | By Email