Re-keying Mechanisms for Symmetric Keys
RFC 8645
Document Type RFC - Informational (August 2019; No errata)
Last updated 2019-08-29
Replaces draft-cfrg-re-keying
Stream IRTF
Formats plain text html pdf htmlized bibtex
IETF conflict review conflict-review-irtf-cfrg-re-keying
Stream IRTF state Published RFC
Consensus Boilerplate Yes
Document shepherd Alexey Melnikov
Shepherd write-up Show (last changed 2019-05-15)
IESG IESG state RFC 8645 (Informational)
Telechat date
Responsible AD (None)
Send notices to Alexey Melnikov <alexey.melnikov@isode.com>
IANA IANA review state Version Changed - Review Needed
IANA action state No IANA Actions
Email authors Email RG IPR References Referenced by Nits 
Internet Research Task Force (IRTF)                   S. Smyshlyaev, Ed.
Request for Comments: 8645                                     CryptoPro
Category: Informational                                      August 2019
ISSN: 2070-1721

                Re-keying Mechanisms for Symmetric Keys

Abstract

   A certain maximum amount of data can be safely encrypted when
   encryption is performed under a single key.  This amount is called
   the "key lifetime".  This specification describes a variety of
   methods for increasing the lifetime of symmetric keys.  It provides
   two types of re-keying mechanisms based on hash functions and block
   ciphers that can be used with modes of operations such as CTR, GCM,
   CBC, CFB, and OMAC.

   This document is a product of the Crypto Forum Research Group (CFRG)
   in the IRTF.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Research Task Force
   (IRTF).  The IRTF publishes the results of Internet-related research
   and development activities.  These results might not be suitable for
   deployment.  This RFC represents the consensus of the Crypto Forum
   Research Group of the Internet Research Task Force (IRTF).  Documents
   approved for publication by the IRSG are not candidates for any level
   of Internet Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8645.

Smyshlyaev                    Informational                     [Page 1]
RFC 8645         Re-keying Mechanisms for Symmetric Keys     August 2019

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Smyshlyaev                    Informational                     [Page 2]
RFC 8645         Re-keying Mechanisms for Symmetric Keys     August 2019

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Conventions Used in This Document . . . . . . . . . . . . . .   7
   3.  Basic Terms and Definitions . . . . . . . . . . . . . . . . .   7
   4.  Choosing Constructions and Security Parameters  . . . . . . .   9
   5.  External Re-keying Mechanisms . . . . . . . . . . . . . . . .  11
     5.1.  Methods of Key Lifetime Control . . . . . . . . . . . . .  14
     5.2.  Parallel Constructions  . . . . . . . . . . . . . . . . .  14
       5.2.1.  Parallel Construction Based on a KDF on a Block
               Cipher  . . . . . . . . . . . . . . . . . . . . . . .  15
       5.2.2.  Parallel Construction Based on a KDF on a Hash
               Function  . . . . . . . . . . . . . . . . . . . . . .  16
       5.2.3.  Tree-Based Construction . . . . . . . . . . . . . . .  16
     5.3.  Serial Constructions  . . . . . . . . . . . . . . . . . .  17
       5.3.1.  Serial Construction Based on a KDF on a Block Cipher   19
       5.3.2.  Serial Construction Based on a KDF on a Hash Function  19
     5.4.  Using Additional Entropy during Re-keying . . . . . . . .  19
   6.  Internal Re-keying Mechanisms . . . . . . . . . . . . . . . .  20
     6.1.  Methods of Key Lifetime Control . . . . . . . . . . . . .  22
     6.2.  Constructions that Do Not Require a Master Key  . . . . .  23
       6.2.1.  ACPKM Re-keying Mechanisms  . . . . . . . . . . . . .  23
       6.2.2.  CTR-ACPKM Encryption Mode . . . . . . . . . . . . . .  25
       6.2.3.  GCM-ACPKM Authenticated Encryption Mode . . . . . . .  26
     6.3.  Constructions that Require a Master Key . . . . . . . . .  29
       6.3.1.  ACPKM-Master Key Derivation from the Master Key . . .  29
       6.3.2.  CTR-ACPKM-Master Encryption Mode  . . . . . . . . . .  31
       6.3.3.  GCM-ACPKM-Master Authenticated Encryption Mode  . . .  33
       6.3.4.  CBC-ACPKM-Master Encryption Mode  . . . . . . . . . .  37
       6.3.5.  CFB-ACPKM-Master Encryption Mode  . . . . . . . . . .  39
       6.3.6.  OMAC-ACPKM-Master Authentication Mode . . . . . . . .  40
   7.  Joint Usage of External and Internal Re-keying  . . . . . . .  42
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  43
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  43
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  44
     10.1.  Normative References . . . . . . . . . . . . . . . . . .  44
     10.2.  Informative References . . . . . . . . . . . . . . . . .  45
   Appendix A.  Test Examples  . . . . . . . . . . . . . . . . . . .  48
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools