Hello
", "time": "2022-11-07T09:32:27Z"}, {"author": "Jonathan Hoyland", "text": "Happy to jabber scribe if it's needed these days
", "time": "2022-11-07T09:33:44Z"}, {"author": "Richard Barnes", "text": "audio is good remotely
", "time": "2022-11-07T09:41:03Z"}, {"author": "Richard Barnes", "text": "note that while this is a signature, the way it gets used is quite different
", "time": "2022-11-07T09:42:32Z"}, {"author": "Alexey Melnikov", "text": "Thank you Jonathan
", "time": "2022-11-07T09:43:07Z"}, {"author": "Alexey Melnikov", "text": "The draft being talked about: https://datatracker.ietf.org/doc/draft-bozhko-cfrg-aead-properties/
", "time": "2022-11-07T09:56:39Z"}, {"author": "Richard Barnes", "text": "the idea of application mappings is a good one. examples of why these properties are important would be quite helpful.
", "time": "2022-11-07T09:58:56Z"}, {"author": "Jonathan Hoyland", "text": "Just taking the first example:
\n3.1.1. Confidentiality\n\n Definition. An AEAD algorithm guarantees that data is available only\n to those authorized to obtain it. That property is required for the\n AEAD algorithm to be called secure.\n\n Synonyms. Privacy.\n\n Further reading. [R2002], [BN2000]\nI would say there is a sharp and important distinction between confidentiality and privacy.
", "time": "2022-11-07T09:59:46Z"}, {"author": "Richard Barnes", "text": "in addition to enumerating these properties, we probably need some prioritization, which ones are most important, broadly speaking
", "time": "2022-11-07T10:00:32Z"}, {"author": "Yoav Nir", "text": "While this draft is useful in itself, ISTM that this is a precursor to work of classifying the existing AEAD algorithms that we have based on these criteria. The current draft doesn't mention algorithm names.
", "time": "2022-11-07T10:01:19Z"}, {"author": "Richard Barnes", "text": "@meetecho - can camera show presenter?
", "time": "2022-11-07T10:01:34Z"}, {"author": "Richard Barnes", "text": "thanks
", "time": "2022-11-07T10:01:52Z"}, {"author": "Yoav Nir", "text": "The security analysis of Rocca-S should be referenced from the draft. Currently it's not.
", "time": "2022-11-07T10:13:32Z"}, {"author": "Jonathan Hoyland", "text": "Is Rocca-S the same as Rocca?
\nRocca is by the speaker
He said it's based on Rocca, but not exactly the same (perhaps a specialization to AES-256? Not clear)
", "time": "2022-11-07T10:15:47Z"}, {"author": "Jonathan Hoyland", "text": "Yeah, it says it in the draft
\n In this document, we present an AES-based AEAD encryption scheme with\n a 256-bit key and 256-bit tag called Rocca-S, which is a variant of\n Rocca described in [ROCCA]. The goal of Rocca-S is to further\n improve the security of Rocca while maintaining its performance\n advantage.\nRocca seems like a nice faster alternative to AEGIS. Similar in that they both use the AES round function and not the full AES function. Very high performance AEAD algorithms are interesting.
", "time": "2022-11-07T10:17:06Z"}, {"author": "Jonathan Hoyland", "text": "There is a published attack on Rocca, is Rocca-S resistant to it?
\nAnand, Ravi, and Takanori Isobe. "Differential Fault Attack on Rocca." International Conference on Information Security and Cryptology. Springer, Cham, 2022.\nI support Scott's NTRU draft existing. It should probably wait for patent details to go public before a call-for-adoption.
", "time": "2022-11-07T10:18:33Z"}, {"author": "Massimiliano Pala", "text": "Thank you!
", "time": "2022-11-07T10:21:19Z"}, {"author": "Robert Lee", "text": "Question on the kyber license agreement. What would you need to see in the NIST-negotiated agreement in order to drop the NTRU draft? Do you have concrete minimum requirements it must hit?
", "time": "2022-11-07T10:23:32Z"}]