Internet Draft S. Kiyomoto Intended status: Standard W. Shin Expires: October 2011 KDDI R&D Laboratories, Inc. April 1, 2011 Use of KCipher-2 in Transport Layer Security draft-kiyomoto-kcipher2-tls-00.txt Abstract This document offers a set of new cipher suit specifications to support KCipher-2 encryption in the Transport Layer Security protocol. KCipher-2 is a stream cipher with a 128-bit key and a 128-bit initialization vector, which provides fast, efficient encryption and decryption. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, and it may not be published except as an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on October 1, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Kiyomoto & Shin Expires October 1, 2011 [Page 1] Internet-Draft Use of KCipher-2 in TLS April 2011 carefully, as they describe your rights and restrictions with respect to this document. 1. Introduction Cryptographic operations used in TLS can be categorized in five ways: digital signing, stream cipher encryption, block cipher encryption, authenticated encryption with additional data encryption, and public key encryption [TLS]. This document defines the cipher suites to use KCipher-2 for stream cipher encryption in TLS. KCipher-2 is a fast, secure stream cipher algorithm [KCipher2]. 1.1. KCipher2 KCipher-2 is a stream cipher algorithm with a 128-bit key and a 128- bit initialization vector (IV). The algorithm and other properties are described in [SECRYPT]. KCipher-2 has been evaluated by the cryptographic technique evaluation project for the Japanese e- Government [CRYPTEC]. KCipher-2 also has been submitted to another international standardization body [ISO18033]. 1.2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. 2. Cipher Suites Values The following are proposed identifiers and values for the cipher suites of TLS. CipherSuite TLS_RSA_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DH_DSS_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DH_RSA_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DHE_DSS_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DHE_RSA_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DH_anon_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; 3. Cipher Suite Definitions 3.1. Key Exchange The RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA, and DH_anon key exchanges are executed as defined in [TLS]. Kiyomoto & Shin Expires October 1, 2011 [Page 2] Internet-Draft Use of KCipher-2 in TLS April 2011 3.2. Cipher The KCIPHER2_128 cipher suites use KCipher-2 with a 128-bit key and a 128-bit initialization vector. 3.3. Hash and Pseudorandom Function For the cipher suites in this document, HMAC [HMAC] based on SHA-256 is used for message integrity, and TLS PRF [TLS] with SHA-256 is used as the pseudorandom function. 4. Security Considerations As of the time this document was written, we are not aware of any attack on KCipher-2. No security vulnerabilities have been identified in the security evaluations by the KCipher-2 developers and other independent institutions [SECRYPT], [CRYPTEC10], [KDDI]. 5. IANA Considerations IANA is requested to allocate the following numbers in the TLS Cipher Suite Registry: CipherSuite TLS_RSA_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DH_DSS_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DH_RSA_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DHE_DSS_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DHE_RSA_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; CipherSuite TLS_DH_anon_WITH_KCIPHER2_128_SHA_256 = { TBD, TBD }; 6. References 6.1. Normative References [TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. 6.2. Informative References [KCipher2] S. Kiyomoto and W. Shin, "A Description of KCipher-2 Encryption Algorithm". http://www.ietf.org/id/draft-kiyomoto-kcipher2-00.txt Kiyomoto & Shin Expires October 1, 2011 [Page 3] Internet-Draft Use of KCipher-2 in TLS April 2011 [SECRYPT] S. Kiyomoto, T. Tanaka and K. Sakurai, "K2: A Stream Cipher Algorithm Using Dynamic Feedback Control", International Conference on Security and Cryptography (SECRYPT), pp.204-213, 2007. [ISO18033] "Information technology - Security techniques - Encryption algorithms - Part 4: Stream ciphers", ISO/IEC JTC 1/SC 27/WG 2, 2011. [CRYPTEC10] A. Bogdanov, B. Preneel, and V. Rijmen, "Security Evaluation of the K2 Stream Cipher", 2010. http://www.cryptrec.go.jp/english/estimation.html [CRYPTEC] Cryptography Research and Evaluation Committees. http://www.cryptrec.go.jp/english/ [KDDI] B. Roy, "Evaluation of the Word-Oriented Stream Cipher: K2", 2009. http://www.kddilabs.jp/kcipher2/kcipher2.htm [HMAC] H. Kwarczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. Authors' Addresses Shinsaku Kiyomoto KDDI R&D Laboratories, Inc. 2-1-15 Ohara, Fujimino-shi, Saitama 356-8502, Japan. Phone: +81-49-278-7885 Fax: +81-49-278-7510 Email: kiyomoto@kddilabs.jp Wook Shin KDDI R&D Laboratories, Inc. 2-1-15 Ohara, Fujimino-shi, Saitama 356-8502, Japan. Email: wookshin@kddilabs.jp Kiyomoto & Shin Expires October 1, 2011 [Page 4]