[Cryptography] Hohha Protocol : 1. Key renewal review

[Ersin Taskin]

On Sun, Nov 25, 2018 at 8:42 AM Ismail Kizir <ikizir at gmail.com> wrote:

> Dear Colleagues,
>
> When I've sent here Hohha Protocol Draft, was to find the best
> protocol with your helps.
>
> Dear Ismail,

Let me wrap up what I have shared regarding Hohha so far in several mails:

Context I propose: P2P PQ-resistant messaing to be used by ordinary people
whose security is based on physical habits only. No need for
pinning,OTP,2FA, 3rd party and very easy to use with the only requirement
that you physically contact the person you want to communicate PQ-r once at
least. You do the PSK initialization (creation and sharing) per
correspondent. Communication is done via any channel (on the Internet) and
stored anywhere in the cloud.

The threat model: The communication is under the threat of the mim. The PSK
threat model requires severe physical contact. The data stored in the cloud
service needs PSK + the user credentials. (The same credentials can be used
to further secure the communication). The threat models for user
credentials apply.

Session keys are ADH on PSK. This means the secret key input to be used for
the ADH is the PSK of the communicating parties. This is PQ-resistant
against mim. If the mim can also get the PSKs which requires severe
physcial contact like theft, then session keys do not provide PQ-resistance
but may provide good security for most contexts.

You base the randomness of your root of trust for the cloud storage and
store it independently. Someone who gets the PSK's cannot read the stored
messages because it relies on an independent scheme for user credentials.
If user credentials are compormised then the content is still safe since
the attacker needs the PSK2s. For PQ-r, you may memorize a long enough
random key for instance. Good news is this can be done once per life. My
daughter memorized the 436 digits of the number Pi in the pi day contest in
one day when she was 12. She did not achieve this with talent but by
applying simple techniques she learned just then. Human brain can memorize
random bits with easy to use techniques.

The foundation of the scheme is at its simplicity. This brings its ultimate
security-convenaince. The only thing to do is physical contact once per
correspondent and keep a simple physical security habbit. Then you get PQ-r
messaging. If you want PQ-r on top when PSK's are compromised (i.e. when
you failed the physical security habbit) then you shall do some
memorization which can be used for the storage and communication.

I.e. the non-crypto user decides the conveniance-security trade-off in a
simplified and undertandable fashion. If you want to communicate PQ-r with
some people, contact them physically once and keep your device phsyically
secure. Even if your device gets comporimised physically you are pretty
safe for most contexts. If you want PQ-r even then, you will have less
conveniance. For example; memorize some random stream of alfanumeric
characters (base64 code is good) once in your life. Remember you will need
to enter this everytime you log in to your service or use other
OTP/2FA/Biometric etc. based password vaults/authenticators. The more PQ-r
you want the more inconvenaince you get. But the above scheme is a good
start and fits most people, I believe.

Stick to KISS not to get kissed (to get kissed is a polite way to say to
get screwed in contexts like this one in Turkish;))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181126/b2502e03/attachment.html>