[{"author": "Yoav Nir", "text": "
Hello
", "time": "2022-11-07T09:32:27Z"}, {"author": "Jonathan Hoyland", "text": "Happy to jabber scribe if it's needed these days
", "time": "2022-11-07T09:33:44Z"}, {"author": "Richard Barnes", "text": "audio is good remotely
", "time": "2022-11-07T09:41:03Z"}, {"author": "Richard Barnes", "text": "note that while this is a signature, the way it gets used is quite different
", "time": "2022-11-07T09:42:32Z"}, {"author": "Alexey Melnikov", "text": "Thank you Jonathan
", "time": "2022-11-07T09:43:07Z"}, {"author": "Alexey Melnikov", "text": "The draft being talked about: https://datatracker.ietf.org/doc/draft-bozhko-cfrg-aead-properties/
", "time": "2022-11-07T09:56:39Z"}, {"author": "Richard Barnes", "text": "the idea of application mappings is a good one. examples of why these properties are important would be quite helpful.
", "time": "2022-11-07T09:58:56Z"}, {"author": "Jonathan Hoyland", "text": "Just taking the first example:
\n3.1.1. Confidentiality\n\n Definition. An AEAD algorithm guarantees that data is available only\n to those authorized to obtain it. That property is required for the\n AEAD algorithm to be called secure.\n\n Synonyms. Privacy.\n\n Further reading. [R2002], [BN2000]\n
I would say there is a sharp and important distinction between confidentiality and privacy.
", "time": "2022-11-07T09:59:46Z"}, {"author": "Richard Barnes", "text": "in addition to enumerating these properties, we probably need some prioritization, which ones are most important, broadly speaking
", "time": "2022-11-07T10:00:32Z"}, {"author": "Yoav Nir", "text": "While this draft is useful in itself, ISTM that this is a precursor to work of classifying the existing AEAD algorithms that we have based on these criteria. The current draft doesn't mention algorithm names.
", "time": "2022-11-07T10:01:19Z"}, {"author": "Richard Barnes", "text": "@meetecho - can camera show presenter?
", "time": "2022-11-07T10:01:34Z"}, {"author": "Richard Barnes", "text": "thanks
", "time": "2022-11-07T10:01:52Z"}, {"author": "Yoav Nir", "text": "The security analysis of Rocca-S should be referenced from the draft. Currently it's not.
", "time": "2022-11-07T10:13:32Z"}, {"author": "Jonathan Hoyland", "text": "Is Rocca-S the same as Rocca?
\nRocca is by the speaker
He said it's based on Rocca, but not exactly the same (perhaps a specialization to AES-256? Not clear)
", "time": "2022-11-07T10:15:47Z"}, {"author": "Jonathan Hoyland", "text": "Yeah, it says it in the draft
\n In this document, we present an AES-based AEAD encryption scheme with\n a 256-bit key and 256-bit tag called Rocca-S, which is a variant of\n Rocca described in [ROCCA]. The goal of Rocca-S is to further\n improve the security of Rocca while maintaining its performance\n advantage.\n
Rocca seems like a nice faster alternative to AEGIS. Similar in that they both use the AES round function and not the full AES function. Very high performance AEAD algorithms are interesting.
", "time": "2022-11-07T10:17:06Z"}, {"author": "Jonathan Hoyland", "text": "There is a published attack on Rocca, is Rocca-S resistant to it?
\nAnand, Ravi, and Takanori Isobe. "Differential Fault Attack on Rocca." International Conference on Information Security and Cryptology. Springer, Cham, 2022.\n
I support Scott's NTRU draft existing. It should probably wait for patent details to go public before a call-for-adoption.
", "time": "2022-11-07T10:18:33Z"}, {"author": "Massimiliano Pala", "text": "Thank you!
", "time": "2022-11-07T10:21:19Z"}, {"author": "Robert Lee", "text": "Question on the kyber license agreement. What would you need to see in the NIST-negotiated agreement in order to drop the NTRU draft? Do you have concrete minimum requirements it must hit?
", "time": "2022-11-07T10:23:32Z"}]