Re: [TLS] Randomization of nonces
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Mon, 15 August 2016 23:46 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F7212D7AE for <tls@ietfa.amsl.com>; Mon, 15 Aug 2016 16:46:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmDYXpdT8w01 for <tls@ietfa.amsl.com>; Mon, 15 Aug 2016 16:46:29 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20061.outbound.protection.outlook.com [40.107.2.61]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4BE712D7AC for <tls@ietf.org>; Mon, 15 Aug 2016 16:46:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=b1HLBnW5RN7ANUyWNySrCTg0ZvdpY12u2QUTJ+ZcxDA=; b=3reG2Vk41YtdvelxPYSdDPdgPq4XyBjLcw3DL3vuQikTr+C/Nx9R/B6EzfvQuBKicQawRlbkPQKsNt5/vHM4ELwzczQAOt6yRAdoMIlLcyhnw3QPC9QZzATRM7N86yzLLeXcKijDyz6/5SorbdChaLzlrPHZDJhfZ95JsMr1PFA=
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) by VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.15; Mon, 15 Aug 2016 23:46:25 +0000
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) by VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) with mapi id 15.01.0549.026; Mon, 15 Aug 2016 23:46:25 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Watson Ladd <watsonbladd@gmail.com>
Thread-Topic: [TLS] Randomization of nonces
Thread-Index: AQHR905nuk1eL7qDL0+R8CMs1lZU36BKr9vY
Date: Mon, 15 Aug 2016 23:46:25 +0000
Message-ID: <719DD3BC-83DD-4304-9C00-B72715A0FDA2@rhul.ac.uk>
References: <CACsn0cm04Fjh+mvvOCP6WL=OzF6Q81cRtO7bzFSLJPVjpeBFvQ@mail.gmail.com> <CACsn0c=V8dKXd_HVhAQd5ONeqQvmk5AmcVdWjJ8kFNG3189Hzg@mail.gmail.com> <CACsn0c=euLYSZWSoHs-QJgDLL1_HbMXXO2zVUDaf84Cyp22GgQ@mail.gmail.com> <CACsn0ck49LWFuDhXGzoRDN2ufRFOgNVT1-Q_p_mxQRHJouTc0Q@mail.gmail.com> <CACsn0cmPgp8KRTRgU4aOvoEjfLkEp8wG8=Yj-_6AbnkDq_qR_Q@mail.gmail.com> <CACsn0cnrPCVto9Ye=zR1zWg7gC-0HGo6ztALkXgzpKcMVz0FoQ@mail.gmail.com>, <CACsn0cmZ9Q+d6-7EUHJ-v-=hmK9yvFz_1fshAXnMRuwd2RQRFA@mail.gmail.com>
In-Reply-To: <CACsn0cmZ9Q+d6-7EUHJ-v-=hmK9yvFz_1fshAXnMRuwd2RQRFA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-originating-ip: [169.231.115.42]
x-ms-office365-filtering-correlation-id: 7dde8a55-bf41-4a60-c459-08d3c5665eac
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1822; 6:hN2OOlE72jis1tQzEvFN3m1gAp5CvTxGJdvcX2wb3FrB5prRenphYMcFXUW/sN8cgilOrHnV+eORMIn0PlHbYZdZtjnlHx4rQKGMgKZ1gDRR4gojUNbjbOO2IQ47N1+3ujngMJZrDqJOLcrb2TSxEA3wa2tCMdtfH7MM0S5rnc3GaxhaHED/RtpD7IIqZ47R/P0XKY0bHV7h3bOU2BXVUDuXSwy20kurq9DLvHcPhFpyImjBu7dSER5COBAlQRKb6Vvh0kAATQRXY9qW7Meptva+UK+a17tYn6nLppt3iAE=; 5:h2GjF2+PFiFK2b3aRRk8DVbWTKwDWWqG1ZPuXukJKIftpzxvqW13IonO/m8ud9pgYI0mra6g9i7FedJeLQovot6q96WG+tpgXXxRTtjj4/wwhXG893uN9eg1FirYt48rgI4PxF4H0oKXq9Qgg/fc1g==; 24:6ZGyln5YhXQeRaWFxDRUT8+lGoW4hx6y0RHB9pxR6D8rcgeX4MN6Qn6t7f1L7teI7RFjP3qCq2t8uHp2osTkY1jQhVqA4h/zFO1FhcZfzgY=; 7:89ezn0NNCPuyx042zi6r/NGojMmvnTwbjYqo5q5sH8tDvJaCFyqMU8K9BOLqfvTtsuXUDjuMAzGGSDOwaGxyxE/B01Jroj12cCz0VQhzqsesQDLGbhV7Y3U8YQphnUSKz4RqHp1sZkJqQS4m0w01Qx0dkgmscOn8zgPSPr9f8jcrrBwi6WwiKVbvyUUhShYbIjjQ+rXZ80XJvlVRNecV4hQhIH2A5PHuEo3awJRrsEoYWqBE0lOT3p0TcEqRn82h
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1822;
x-microsoft-antispam-prvs: <VI1PR03MB1822D3B65027B4F9EE4D990BBC120@VI1PR03MB1822.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(266576461109395);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:VI1PR03MB1822; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1822;
x-forefront-prvs: 0035B15214
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(24454002)(189002)(199003)(7736002)(86362001)(81156014)(6116002)(2906002)(87936001)(101416001)(2950100001)(33656002)(3846002)(76176999)(7906003)(19580405001)(50986999)(8676002)(11100500001)(83716003)(92566002)(7846002)(66066001)(82746002)(54356999)(122556002)(81166006)(10400500002)(5002640100001)(1411001)(4326007)(74482002)(586003)(77096005)(189998001)(93886004)(3660700001)(102836003)(106356001)(106116001)(105586002)(3280700002)(19580395003)(2900100001)(19617315012)(97736004)(36756003)(110136002)(16236675004)(68736007)(8936002)(15975445007)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1822; H:VI1PR03MB1822.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_719DD3BC83DD43049C00B72715A0FDA2rhulacuk_"
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2016 23:46:25.3857 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1822
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8lAy8JUpTvG7cFwRkd-7c2k9DX4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Randomization of nonces
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2016 23:46:31 -0000
Sadly, you can't implement XGCM using an existing AES-GCM API, because of the way the MAC (which is keyed) is computed over the ciphertext in the standard GCM scheme. This does not contradict what you wrote, but may be a barrier to adoption. Cheers Kenny On 15 Aug 2016, at 16:40, Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>> wrote: Dear TLS list, Sitting in Santa Barbara I have just learned that our nonce randomization does slightly better then GCM in the multiuser setting. However, XGCM would produce even better security. XGCM is GCM with masking applied to blocks before and after each encryption. It can be implemented on top counter mode and GHASH easily. As an alternative we could use 256 bit keys. Sincerely, Watson Ladd _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] Randomization of nonces Atul Luykx
- Re: [TLS] Randomization of nonces Watson Ladd
- Re: [TLS] Randomization of nonces Atul Luykx
- Re: [TLS] Randomization of nonces Martin Thomson
- Re: [TLS] Randomization of nonces Björn Tackmann
- Re: [TLS] Randomization of nonces Bodo Moeller
- Re: [TLS] Randomization of nonces Paterson, Kenny
- [TLS] Randomization of nonces Watson Ladd