Re: [Cfrg] KEX from the ring-LWE Problem: draft-khera-lpr-ring-lwe-kex-00
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 25 October 2017 08:24 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503F6139436 for <cfrg@ietfa.amsl.com>; Wed, 25 Oct 2017 01:24:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yYkJEjeip3M for <cfrg@ietfa.amsl.com>; Wed, 25 Oct 2017 01:24:24 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20041.outbound.protection.outlook.com [40.107.2.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4051C13A292 for <cfrg@irtf.org>; Wed, 25 Oct 2017 01:24:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4rdOTsBoeNEjQP0lN7EiKRH5CgTofHbJhc7acckB5W4=; b=gKQnUaMFwZJ47lwx+c6wZ31iv7Bw6Pl+iovbYbRDzCkeBSB4eILFJtaeI3yMiMB8I3HrQX7KCj07jXDa7u7IL8R6Vk/13QxncJwy206Zo18MI2s5W3ZJXNJB9bVpuEKQsRMCUo+hNO7ZdXBxrqNLEEMcySVQSKUQz06k/YUqD8M=
Received: from AM4PR0301MB1906.eurprd03.prod.outlook.com (10.168.2.156) by AM4PR0301MB1907.eurprd03.prod.outlook.com (10.168.3.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 25 Oct 2017 08:24:21 +0000
Received: from AM4PR0301MB1906.eurprd03.prod.outlook.com ([fe80::adb1:d3e2:d068:a07]) by AM4PR0301MB1906.eurprd03.prod.outlook.com ([fe80::adb1:d3e2:d068:a07%13]) with mapi id 15.20.0178.007; Wed, 25 Oct 2017 08:24:21 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Watson Ladd <watsonbladd@gmail.com>, Rohit Khera <rkhera@pivotal.io>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] KEX from the ring-LWE Problem: draft-khera-lpr-ring-lwe-kex-00
Thread-Index: AQHTTSosfgiEyGIa0USqG4qlaSE7AKLzu6WAgACQm4A=
Date: Wed, 25 Oct 2017 08:24:21 +0000
Message-ID: <D6160849.A27F6%kenny.paterson@rhul.ac.uk>
References: <CAKuGhdPDmfT57jQq22FYyV4+R0smj9gz3Bi1WpPNjWmNeSfLSg@mail.gmail.com> <CACsn0ckpw7epxZyBhE=gVV9rCup4yHckyU_EvAEeGQ94zqSdyQ@mail.gmail.com>
In-Reply-To: <CACsn0ckpw7epxZyBhE=gVV9rCup4yHckyU_EvAEeGQ94zqSdyQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-originating-ip: [78.146.55.193]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0301MB1907; 6:5uhoVf9FbJLRNItCCktIaEtBmclCYHeH+AK28ZywQKGWw0s0NyJUgWGGeFxs+eWKKoDzIf9ekRDFnZvwUt+I1w3b7R1QbJ94PX7SuXIo7JTEytx2FmxvdMZf0Vjt9mlrZqWLW49DGQMRk9y0MX0zKhB9O1WYIwriP1ffZHnYKCl0QNoHttKum9DwCs9HkhgBggRf0c8qcqDiJZnFzXHog/7Di0pbmmFyQw01i4SQTHHQ3Si+S1oCLJBNXzNPx+RoZNg8i4V/vrHuy1t0v9L1dWZPHltJCIiYJ56B4gG7LvIaYMiyO9iHyV629ri5k9sIrBPD/grSLpnoe0oVJN4GDKKMQPA5em+vwQS0MLBGeOw=; 5:1dA+wmyKHDRpB0q+wESrc+hKJB4ppGyZL+IAVsAAjFJuW1T2pPWLyUgvHGGl8O+u8/SPyWe8S1XjTVf2pCfBT5WHB/ppShgQZ1osfvbGApxt5RUE4WlOjEu251nEqKFOBnPce/cgNisGwjae+gDtyKHTkg/PRCt3gp1f+WTcWNY=; 24:Kgpj2aoAd4+wHmtbbLfM2/saPkPb9IgymjIYc7Cl7iH2uGFlnADxwGbkKKt7A6gfFSwn6Wvma3a8bnuVd3mWdIVGPygo8bA9UiSDBeQnvrg=; 7:Z040B3Yc5iBk8RsPV2zgqOb9YjyRtNBYkvrUoq6NKtivs7AtYqXcISFyh77aruu6a2+k2YD4M5rvHcnNcgMYpyt9Vcxr79pU+eJgMsH9IWSCa/su+igNj+sSBJxEAPAoUMn//Ne2HSOxqH25lC82TFEGVKWy7Z2gi/kXTqdwSdk29UOJEcOFxvDJ710BgQRO+Qpri2f2cXhcqhr0qjeORXFwh/gwqQVEW2+EV1fzEZ5ePqLHznkSM3501QLxytna
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(189002)(199003)(24454002)(51414003)(305945005)(83506002)(3660700001)(189998001)(99286003)(3280700002)(86362001)(58126008)(6512007)(6306002)(106356001)(105586002)(110136005)(42882006)(6486002)(101416001)(2950100002)(54356999)(50986999)(76176999)(5660300001)(2906002)(230783001)(6436002)(68196006)(25786009)(229853002)(36756003)(14454004)(7736002)(6506006)(4326008)(66066001)(68736007)(8936002)(2900100001)(6116002)(81166006)(102836003)(81156014)(3846002)(5250100002)(53936002)(786003)(8676002)(6246003)(97736004)(72206003)(478600001)(74482002)(316002)(39060400002)(53546010); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0301MB1907; H:AM4PR0301MB1906.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
x-ms-office365-filtering-correlation-id: ec8ee179-9283-4a6a-beb1-08d51b81cb2a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:AM4PR0301MB1907;
x-ms-traffictypediagnostic: AM4PR0301MB1907:
x-exchange-antispam-report-test: UriScan:(120809045254105)(266576461109395);
x-microsoft-antispam-prvs: <AM4PR0301MB1907F6DBAE31F5778143BA61BC440@AM4PR0301MB1907.eurprd03.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(3002001)(3231020)(10201501046)(6041248)(20161123560025)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0301MB1907; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0301MB1907;
x-forefront-prvs: 0471B73328
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <623A396E9672064992445D9335DA362E@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: ec8ee179-9283-4a6a-beb1-08d51b81cb2a
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2017 08:24:21.5319 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0301MB1907
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/0kd372s6h7zxjndL5b868ne73q8>
Subject: Re: [Cfrg] KEX from the ring-LWE Problem: draft-khera-lpr-ring-lwe-kex-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 08:24:27 -0000
This question has been discussed on the list several times. It is the settled opinion of the CFRG chairs that we should wait for the NIST process. Our approach can be revisited, but only if a significant number of people come forward with good arguments for why we should do so. Regards, Kenny (for the chairs) On 25/10/2017 01:48, "Cfrg on behalf of Watson Ladd" <cfrg-bounces@irtf.org on behalf of watsonbladd@gmail.com> wrote: >Why don't we wait for the NIST process? > >On Tue, Oct 24, 2017 at 5:42 PM, Rohit Khera ><rkhera@pivotal.io> wrote: > >Dear Members of the CFRG, > >I have started a draft to outline a key exchange method based on the >ring-LWE (RLWE) assumption. Recent years have seen implementations of key >exchange methods based on this problem. > > >The basis for such implementations (and for the method detailed in this >draft) is chiefly the foundational work of Ajtai, Micciancio, Regev, >Lyubashevsky and Peikert on reductions from worst case problems on >lattices, to the average > case hardness of certain problems (including certain learning problems). > > > >I am not aware of any efforts within the IRTF, and the CFRG in >particular, that are focused on the more recent lattice based schemes, >and request the CFRG to consider adoption of this draft, which is >available here: > > >https://datatracker.ietf.org/doc/draft-khera-lpr-ring-lwe-kex/?include_tex >t=1 > > > >As you read through the draft, you will notice that some areas around >specifying TLS extensions for hybrid RLWE cipher suites are a work in >progress. > > >Thanks for considering this draft, and I look forward to your feedback! > > >Regards, >Rohit > > > >_______________________________________________ >Cfrg mailing list >Cfrg@irtf.org >https://www.irtf.org/mailman/listinfo/cfrg > > > > > > > > >-- >"Man is born free, but everywhere he is in chains". >--Rousseau. >
- [Cfrg] KEX from the ring-LWE Problem: draft-khera… Rohit Khera
- Re: [Cfrg] KEX from the ring-LWE Problem: draft-k… Watson Ladd
- Re: [Cfrg] KEX from the ring-LWE Problem: draft-k… Ilari Liusvaara
- Re: [Cfrg] KEX from the ring-LWE Problem: draft-k… Paterson, Kenny