IETF Logo Mail Archive

Re: [Cfrg] Applied Quantum Resistant Crypto

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Wed, 18 July 2018 03:01 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D11B130EA6 for <cfrg@ietfa.amsl.com>; Tue, 17 Jul 2018 20:01:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KtUqyVojqbKo for <cfrg@ietfa.amsl.com>; Tue, 17 Jul 2018 20:01:17 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E85E1130E51 for <cfrg@irtf.org>; Tue, 17 Jul 2018 20:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=41061; q=dns/txt; s=iport; t=1531882877; x=1533092477; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=eYAQ1COT84GUTlSDKHTt24IB5tlWONXNPW9+Bl5jAm8=; b=Qy3AYWTenIIo34REhRJpmQFmiftkTOUZoeCz++DplxBQD4zCYCt7rm2K 9tQTvWyO9tfjh7qDdICoYjuw6ZH2EdiR0OlBoCni3yuRPx5etgfB47H8V 9T/1M/OZA7W5d+naP5pgtQuDApf/WqlHFI/JYMJCfqiqBpJ9BOOUfSQg+ k=;
X-Files: image001.png : 3146
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DoAQABrE5b/4MNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYJTSC5jfygKg3SUQYIMgnuSPoF3AwgBAhgBDIRHAheCWSE1FwECAQECAQECbRwMhTYBAQEEAQEDHgIIAUAbAgEIEQQBAQYBAQEYAQYDAgICBRABDgELFAkIAgQBEQEGAgaDE4F/D6o/gS4fihwPh0SBPoFXP4ERghN+gxkBAQMBghKCS4JVAodxG44lgysJAoU0AVOJFYFLhBGIEYY2gUeCPIc0AhEUgSQfAjQmgSxwFTuCaQmCGxiDRYF/gxWFPm8Bi3KBGgEB
X-IronPort-AV: E=Sophos;i="5.51,368,1526342400"; d="png'150?scan'150,208,217,150";a="144104720"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jul 2018 03:01:15 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id w6I31FX3021592 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Jul 2018 03:01:15 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 17 Jul 2018 22:01:15 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1320.000; Tue, 17 Jul 2018 22:01:14 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Kris Kwiatkowski <kris=40cloudflare.com@dmarc.ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Applied Quantum Resistant Crypto
Thread-Index: AQHUHhUT0Yx5FRl0uUmY1GnmVnVTUqSUQzCg
Date: Wed, 18 Jul 2018 03:01:14 +0000
Message-ID: <1b8ed08eaa56457b93e1dfd3b0e7235e@XCH-ALN-010.cisco.com>
References: <42efe1a4-0532-dbb0-a21a-10120f6656b3@openca.org> <37a4f236-6842-b1ce-68f4-805f2e3f8a48@cloudflare.com>
In-Reply-To: <37a4f236-6842-b1ce-68f4-805f2e3f8a48@cloudflare.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.209.9]
Content-Type: multipart/related; boundary="_004_1b8ed08eaa56457b93e1dfd3b0e7235eXCHALN010ciscocom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/1ewk3M2pmFWdUQQFITOhxzIpB20>
Subject: Re: [Cfrg] Applied Quantum Resistant Crypto
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 03:01:20 -0000

Hi Kris,

Thank you for the update. Interested to see your results and SIKE’s performance.

Were you thinking to use SIKE in TLS 1.3 a similar manner to the one proposed in https://tools.ietf.org/html/draft-whyte-qsh-tls13-06 which uses a hybrid approach (traditional+QRC) KEM?

Also, SIKE has pretty small keys, but performance is much higher. From the reference benchmarks performance SIKE seemed to be 10^4 more expensive than the best candidate that does not have prohibitive KEM pk and ciphertext sizes. Any reason why you chose SIKE that you can share?

Rgs,
Panos


From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Kris Kwiatkowski
Sent: Tuesday, July 17, 2018 5:28 PM
To: cfrg@irtf.org
Subject: Re: [Cfrg] Applied Quantum Resistant Crypto

Hi,

At Cloudflare we are currently implementing SIKE/SIDH in Go (https://github.com/cloudflare/p751sidh/pulls). Next step will be to add it to TLS 1.3 (https://github.com/cloudflare/tls-tris). We may want to use it for some some other things.
I'm definitely interested in discussion regarding QRC in real-world crypto.

Kind regards,
Kris Kwiatkowski

On 7/17/18 8:35 PM, Dr. Pala wrote:

Hi all,

I was wondering if there are people interested in setting up some sort of discussion forum where to discuss the deployment (from a practical point of view) for QRC in their systems. The intent here would be to share the experiences, provide feedback, and possibly even share implementations/references/etc.

Moreover, being this quite a new field when it comes to real-world applications, it would be interesting to understand the new requirements so that we can plan for algorithm agility correctly and not having to go through what we suffered in the past (and in some cases with current protocols) to upgrade/switch among different schemes/algorithms.

For example, some of the topics might include:

  *   How to deploy PKI services
  *   Mixed environments considerations (QRC and "Traditional" Crypto)
  *   Mixed environments (stateful vs. stateless)
  *   Encryption and Key-Exchange for QRC - what are the options there (it seems auth is well understood, but other problems are still open)?
  *   Are there implications for the deployment of PKIs we need to be aware of and are not currently mentioned/addressed?
  *   Any real-world deployment out there (or plans for it)?
  *   Algorithm Agility, what to plan for?
  *   Applicability to Revocation Services

Most of the activities to standardize QRC in CMS/SecFirmware/etc. that I can see are related to the use of Stateful HASHSIG and I have not seen any "standardization" activities around stateless schemes (e.g., SPHINCS), but if I am wrong, please let me know (and if you could provide some interesting links, that would be great). I think it would be useful to understand how to practically deploy these new schemes and how to refine / provide the building blocks required for their implementation and deployment.

Here's some references:

Merkle Tree Signatures (Stateful):

  *   https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs/
  *   https://datatracker.ietf.org/doc/draft-housley-cms-mts-hash-sig/
  *   https://www.ietf.org/id/draft-housley-suit-cose-hash-sig-04.txt
  *   https://datatracker.ietf.org/doc/rfc8391/ (XMSS)
  *   https://eprint.iacr.org/2018/063 (Viability of Post Quantum X.509 Certs Paper)
  *   Implementations:

     *   https://github.com/cisco/hash-sigs

SPHINCS Related (Stateless):

  *   https://sphincs.org/
  *   Implementations:

     *   https://sphincs.org/data/sphincs+-reference-implementation-20180313.tar.bz2

Other Relevant Links:

  *   https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/
  *   https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
  *   http://test-pqpki.com/

I guess this is all for now - you can reply privately at the following addresses:

    director@openca.org<mailto:director@openca.org>
    m.pala@cablelabs.com<mailto:m.pala@cablelabs.com>

Thanks,
Max
--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
[OpenCA Logo]



_______________________________________________

Cfrg mailing list

Cfrg@irtf.org<mailto:Cfrg@irtf.org>

https://www.irtf.org/mailman/listinfo/cfrg




--

Kris Kwiatkowski

Cryptography Engineer

Cloudflare

v2.23.0 | Report a Bug | By Email