Re: [Sframe] "AES-GCM" with secure short tags

John Mattsson <john.mattsson@ericsson.com> Mon, 27 March 2023 09:16 UTC

From: John Mattsson <john.mattsson@ericsson.com>
To: Benjamin Beurdouche <ietf@beurdouche.com>
CC: "sframe@ietf.org" <sframe@ietf.org>
Thread-Topic: [Sframe] "AES-GCM" with secure short tags
Thread-Index: AQHZYIjqF3NF+6ks9E6VeZpJEy0PQ68OVNyAgAAAqHc=
Date: Mon, 27 Mar 2023 09:15:33 +0000
Message-ID: <GVXPR07MB96780E1B9E263079EA6FDAF7898B9@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <GVXPR07MB967868DFBBBE4EE9AB651B79898B9@GVXPR07MB9678.eurprd07.prod.outlook.com> <92D3C02C-AE3B-4E02-9AC0-82B5723F78CA@beurdouche.com>
In-Reply-To: <92D3C02C-AE3B-4E02-9AC0-82B5723F78CA@beurdouche.com>
Accept-Language: en-US
Content-Language: en-GB
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: J42L6wfuf04QVxp+3TeFr7ceugnMEsgQo9k1Y39Dn41V6uDEb6J92SADtqpy0+DkDtqrpXqan35gr6bjxpyr0LiRI0rp+enIQWJQI+6BdrWkxuN0/y56+Gsqzkt/ENCa0W80lg/FSnQEWF/e1pJr03L77Bj5+wphRYoxo/GhxceGq0Qm//UmdpEKVwz5tIyuWBfLn+Qhy+WpwrNxdyjq0iEyThFy2OHVttwbzpOtsVfmZKvfC1nFcq0xF6Qk2VRWKtKbVCQkktZOdGD+hw/KhaX4eN4jpPnIX8EKCavLjQo3xSOf/2jhR5dx9CAck83ScLfkeEam/168A3CErdQNu3ef37PDTY3d8egyMe9CVIrTebMj2K6FZr7onGzhkfeOd9iSeLsDaOeRedsVvvQk8AjXhXIwwOgbn2S/m21ozM9edD4qLpX8UPT/bB9vLP8nXIi8RylqXnIfWcADMivUPQV+HGEgzzz6iUNbwIbzUO21bRNFRt1E20gqfc1LHGIy9eDLKiogiW3CnlM7ylkOT/Qp0cKd9gTX8qoiWBWq1OwMsgReDJRUAFTP1lrGAkbl9pZkWVOTSYfKIcP0Qgz6UHmEXZWN6qh7r0V9QFcYIGoaPNHkWQxFAt9itDrFyZ1CdqrZTrCHUCNgF+iveN9CxwKEsVjL4BVS6gvzKb2DV1hicd+3ApbV6d62VfetyqqFCEM4szqF6rS1XYHspsAi3jBF1e5+xDRFYlKt33WV1I7otYQ1rLqz3tOgY74wQL+t8M+efrvSPo8ry/IF13RO06fYA/cx9o9XBhuz3FM15dsXin4O/2WXtbZYAtYu5h53J6eSmxe2o9zPUtH1yV93ZucCmqrCFkA+B4p0HaAeyhOkn1V6vwTv2tNVhWowd4d/88LDwRBY3+4Jr44XrntQ4MESya6G1D1iERj9Mj+U+lLH02SJcNahxfik/hF8Iu0ISOjGUO4hwftB11iA8MVBNygx+ODGxoQ3i3lqek8UdrHGeHueVzuh9FJQz12o1WsUvP/6ZjI+3vwM/5+ZWFDtd8Trkv1+nWxQoMRfdajBrm0Q8mf4ZhHK2wOH9tVOpxsmeewv7zThK541q4LpwxD++9Hm9FoYyDjzxhc/MHGJqHkfZv1GpmodlYguBQoOuB2/du5JstMR9VYvXIv4/L8wIYxONUQnMLuvQhLQyOlg9aToR5mkFNUV7udu4rjnuT0A+dF47H3aeFw2eZgrqDCopbcyz8rfnqP702VlK43vRQAttrse4lC0LutjFWUkxUfnuNQbtou4i2i8eHZUbwJ7nh3EvekIGiR60etVYG4BtDIXWxwrIQcSQ9R2GzxefAPoS5+nzxLPZJUs4hm+cKOopv0D4vULG2n3rNhHP+Oa2vKLxr6yIwV+18rYPy87Z8lf4t/vU0TbvyggYLJgjZLfVq3tsF+MPdioWZRA05iGr+GxkTafCOAeEAIyRfsY66MTp0Fw6FEMSeObHQf1XmlQbqKChaZAW2hUg68C+RSVeojtpiRIT/jSqA4IpZU4f9Ovo7ifmEp4sQ4G7oH42dZMb+zZ7gLSB+8uda1EE4gNtQaWpoWM4ZsAdKTYs8qqKcgQ34t1Mx7+Kxoom7by3PXTRhHeHozj3DIS2tIP3miBeyXBJZpCCm1nbpSTdy5BqTn35Tz4LCHobiD9T/3dahV+2w==
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96780E1B9E263079EA6FDAF7898B9GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aaa6e46c-f95e-491d-25ad-08db2ea3d1ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2023 09:15:33.5653 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VNvKmd0VYpwE8iNp6Vf1ID542pYaldzkDKmFflEGVXN2H7tYyEkAs1AybA035ZtTZTeZeLW7rb4W/Ga7JAbxLOs0M7Qv/1qRPXdS61IFLEc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6263
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/sR9kaHBxNGgV0gaGvGkuwPRAswE>
Subject: Re: [Sframe] "AES-GCM" with secure short tags
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2023 09:16:45 -0000

Benjamin Beurdouche wrote:
>Could you point us at the papers for these analysis please ?

The ETSI SAGE documents are not public yet. As there seem to be interest I will try to submit information (likely in draft form) to CFRG as soon as possible.

Richard Barnes wrote:
>I expect something truncatable would be of interest for a variety of media-encryption things (SRTP, SFrame, MoQ, et al.).  Audio packets are small, numerous, and ephemeral, so on the one hand, they are very sensitive in percentage terms to crypto overhead, and on the other hand, you don't care a ton about forgery of any individual packet.

Yes, that a good overview. I agree.

John

From: Benjamin Beurdouche <ietf@beurdouche.com>
Date: Monday, 27 March 2023 at 18:04
To: John Mattsson <john.mattsson@ericsson.com>
Cc: sframe@ietf.org <sframe@ietf.org>
Subject: Re: [Sframe] "AES-GCM" with secure short tags
Hi John,

Would SFRAME WG be interested in such an algorithm (AES-GCM with trucatable tags)? If so I could submit such a draft to to CFRG. ETSI SAGE has done quite a lot of security analysis on this.

Could you point us at the papers for these analysis please ?

Many thanks !
Benjamin

Re: [Sframe] "AES-GCM" with secure short tags Richard Barnes
[Sframe] "AES-GCM" with secure short tags John Mattsson
Re: [Sframe] "AES-GCM" with secure short tags Benjamin Beurdouche
Re: [Sframe] "AES-GCM" with secure short tags John Mattsson
Re: [Sframe] "AES-GCM" with secure short tags Martin Thomson