IETF Logo Mail Archive

[TLS] TLS client puzzles

Dmitry Khovratovich <khovratovich@gmail.com> Wed, 29 June 2016 17:00 UTC

Return-Path: <khovratovich@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 357E012D1CA for <tls@ietfa.amsl.com>; Wed, 29 Jun 2016 10:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QGGzvAeU-0X for <tls@ietfa.amsl.com>; Wed, 29 Jun 2016 10:00:32 -0700 (PDT)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE73812D0D3 for <tls@ietf.org>; Wed, 29 Jun 2016 10:00:32 -0700 (PDT)
Received: by mail-io0-x231.google.com with SMTP id f30so51476412ioj.2 for <tls@ietf.org>; Wed, 29 Jun 2016 10:00:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc; bh=I0NCmPAZuWvA/T3/ez0yfhcV9m5BMRtibkMNV/28nZg=; b=djTzHTH9Xi6J8rSDwhLySjNh3NlLjxvX8ErzBgrBLVqH43RZmw5ElawWukcV8ByXSM srocij1D1O/jzUPvcfhsKSeQPwNDuj+tJmiuyPcQeuZRbkHYwcSNh/Pyo1KbFNc1xB0M QCqdF8XqM0lo+WnzyXSaCesBnsXJJbTwXeMXup+pqrTe15KtfJuWpygdMCeGAoEWjyVv ITa3AoC5Epw42UW/HYi83sPaLc/6K7kn/6m1dDN+4Kh9lX0espaiIvJ9Ki1/S4+ACpHt J9mQBQTNc/ovVHM6Nt+QptAwO3AE7KN6EB0OsbHHCng2ndPHZX0nHYxdG4AKVu4XqYy1 qmAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=I0NCmPAZuWvA/T3/ez0yfhcV9m5BMRtibkMNV/28nZg=; b=NY1OKMd7N27/YEpc6gzlwpDmho/J0xcNP9QbOn7vB3pmVs33sPV3rm4wp5qC4gMy96 zcIBRcXSHWHxwfVOJ17PeJtQ47gxNq3B1DIqwtGLw1k6p8rfrjtLyhy/cOtRmHDGSBBg s6dDvv1rhU225QV7eus87Ko8Y/bICrk0R239B6Kk55CdDWHeXtQzf/2zIsxVG0sLwGoJ oJJOepDCaplod4kzysSlu4x3P0nZoPcqGrp0dz2iz/TnLD2in7etPBLUysPnwanXyiW1 Woy5pdaqx8bhPCAs6CmddxECfX8xYD+cz/+1aQUBEp4cwTsA34N/J+/pG05WXggVsOMZ xHTQ==
X-Gm-Message-State: ALyK8tL1Mszj2Dqp9y0EhzC3JzznCmzLKVPtIf9OAgFPS4csPlKEYu2BWzl1lyYex+uLOIHUzsrLFd94i4AxkQ==
X-Received: by 10.107.34.5 with SMTP id i5mr11967136ioi.8.1467219632025; Wed, 29 Jun 2016 10:00:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.115.36 with HTTP; Wed, 29 Jun 2016 10:00:17 -0700 (PDT)
From: Dmitry Khovratovich <khovratovich@gmail.com>
Date: Wed, 29 Jun 2016 19:00:17 +0200
Message-ID: <CALW8-7Kv01Dw3YBiW20SBEScWqkup53xpCjy8834PpLDkgb4cg@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="001a1140ea50f9752f05366db09a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cPOToqCZp1ihUzKSQ6ePFZBcppA>
Cc: Alex Biryukov - UNI <alex.biryukov@uni.lu>, "Nygren, Erik" <nygren@akamai.com>
Subject: [TLS] TLS client puzzles
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 17:00:37 -0000

Dear all,

together with our colleagues from Akamai, we would like to pursue further
the draft on the TLS client puzzles, the first version of which was aired
in 2015. As before, the client puzzles allow a server to request clients
perform a selected amount of computation prior to the server performing
expensive cryptographic operations such as signature computation.

The distinction of the current version is that it includes, besides the
well-known SHA-2 puzzle, a memory-hard puzzle called Equihash. The latter
is a recent development by our team in Luxembourg, presented at this year
NDSS. It allows cheap and memoryless verification by the server even though
the puzzle solving guaranteely requires dozens of MB of RAM from a client
(time, memory, and client-server asymmetry are tunable parameters).
Equihash has been recently adopted as primary proof-of-work in the
privacy-enhanced cryptocurrency protocol Zcash.

The draft is available at
https://datatracker.ietf.org/doc/draft-nygren-tls-client-puzzles/
and the Equihash paper at
https://www.internetsociety.org/sites/default/files/blogs-media/equihash-asymmetric-proof-of-work-based-generalized-birthday-problem.pdf

We would appreciate comments and discussion, and would like to present the
draft at the upcoming IETF meeting in Berlin.


-- 
Best regards,
Dmitry Khovratovich
University of Luxembourg

v2.15.0 | Report a Bug | By Email