[CFRG] Fwd: [pqc-forum] Ordering of Shared Secrets in SP 800-56C Combiner
Deirdre Connolly <durumcrustulum@gmail.com> Wed, 15 January 2025 22:07 UTC
Return-Path: <neried7@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABCCC1D8779 for <cfrg@ietfa.amsl.com>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yL09rR2x8kri for <cfrg@ietfa.amsl.com>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34B62C1E016E for <cfrg@irtf.org>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5d3bdccba49so386330a12.1 for <cfrg@irtf.org>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736978849; x=1737583649; darn=irtf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=V6m9nJ9dCQjftCpO4bsNGimfI/nL9Uar5tNFjBlcdqY=; b=KkWvg9EGhI28PFsJFTaUBauQGiIdT//2oHPoeyH53ABOmCGK2Fjv7vVaRq3GHClj1K deI+a+48UFJzjnspSyr5IiYaOrz4u9AzX/1PR6yUeEPBqgXdieQt/YBiCPUwwN+vkoCL sOLWOezeacRaXbcyWf7jMbf5t27qkJTCQ91Wggx1X8ZBCbpbZ/2zQbQB5Elam9JegFPh F1gmUb7ISKt4x50dTPt0QajdWH0dRkJlOWtpcBQic/AiNMos1SnjMUnTnZ1JrVX8nkfk pqOXEMahAq3x62TUafOlCXr0hlzfExzI4u2OEuxaYyqn9Xpiv9qq/irX0x1vjEysmx6R XuPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736978849; x=1737583649; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V6m9nJ9dCQjftCpO4bsNGimfI/nL9Uar5tNFjBlcdqY=; b=CA6cMn/jmf9wz9lmihmBCmZAH37HWIOVZNWvSbwnXBSFqrdVVOk+pT3mF/pRLwE9N5 o6IWTcqQ3U1dxD/RtRzAsfYFSiwQHpCL5AFT0qpUvO0QS4jv40wt2YYrb09+6J2aePvK 9S2eVLB7+H+HT5NMqQ0CSx/15lfpAMpDEd35EatS2ZSSc6BJm4jB8eSbQH1qIsF/A9hg dk8i020Qn/nsjz9vBltaPTyZXE3KXSApwUqUynimNTUXpGnvixj6Kd26Lf224uoEZMND 9dKQcHZ+MDd+PGoYJdiIIA3ec5/4mg0+yLW/iVsTNnFjKEA2WGeHNudhOtAAx+qgUvl0 QH5Q==
X-Gm-Message-State: AOJu0Yyv8u8LggJ7DdFOkw5Y3IqC2YfVXm05WNADYWaucYtH9K5HzccX /jm6mmG392oNBsiSOp5G/APWncwPNw+zViQpUHrvmWPTfLTfI2sypZSH8h2hOGyxc5ZUclXMxcA +0LWcdLnN+YkdJisqj56/398Cl/6c8g==
X-Gm-Gg: ASbGnculg2+5E0QiCwWo7WqGKEp5toTOmpq6OxmfzeEbD/gWY+4Fqhd89hg7G2+UW6J RT7pwsbrS1txQoxxWsqkDJKiQnjTV8B1AgFTGMg==
X-Google-Smtp-Source: AGHT+IGmbiSdk7vAVqF+DI7xJH7B2DKz7xrJx7rcNRQcR9Y2aYqyPJnv+7PaJhM3r94sHjPO3snB/Gj+l6C5EJI7cOQ=
X-Received: by 2002:a05:6402:3550:b0:5d4:1ac2:271b with SMTP id 4fb4d7f45d1cf-5d972e0ab82mr30143257a12.11.1736978848790; Wed, 15 Jan 2025 14:07:28 -0800 (PST)
MIME-Version: 1.0
References: <CO6PR09MB797555BA77527376183DDF1C8E202@CO6PR09MB7975.namprd09.prod.outlook.com>
In-Reply-To: <CO6PR09MB797555BA77527376183DDF1C8E202@CO6PR09MB7975.namprd09.prod.outlook.com>
From: Deirdre Connolly <durumcrustulum@gmail.com>
Date: Wed, 15 Jan 2025 17:07:17 -0500
X-Gm-Features: AbW1kvZYqd-UKUE68pSI_zalev3QtXTwy7CPQeF6UOH9X18WQdXiukVJ0O_Tjng
Message-ID: <CAFR824xm-Ekh64tB=S6ULnxgCT_e0H-wjxBWCwg8b9dTuzK-fA@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000043c32c062bc5e757"
Message-ID-Hash: YJB4U3GR6J2DSNZFGMXXSSKZISCFOQ55
X-Message-ID-Hash: YJB4U3GR6J2DSNZFGMXXSSKZISCFOQ55
X-MailFrom: neried7@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Fwd: [pqc-forum] Ordering of Shared Secrets in SP 800-56C Combiner
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/2BGveHbLnOhPqoX2t6MK6XpSu3E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
---------- Forwarded message --------- From: 'Robinson, Angela Y. (Fed)' via pqc-forum <pqc-forum@list.nist.gov> Date: Tue, Nov 19, 2024, 5:49 PM Subject: [pqc-forum] Ordering of Shared Secrets in SP 800-56C Combiner To: pqc-forum <pqc-forum@list.nist.gov> Dear All, The key-derivation methods described in NIST SP 800-56C are currently only applicable to shared secrets established during a key establishment scheme as specified in NIST SP 80056A or 800-56B, or to Z = Z’||T which is the combination of shared secret Z’ that was generated as specified in SP 800-56A or -56B with another shared secret T that is generated in any way. As previously stated, NIST intends to allow all key-derivation methods in NIST SP 800-56C to apply to the outputs of the ML-KEM key establishment scheme specified in FIPS 203. Further, NIST intends to allow the 800-56C key derivation methods to apply to shared secrets of the form Z = T || Z’, where T and Z’ are as described above but in reverse order. That is, we will ensure that either order is allowed for FIPS validation in upcoming revisions to -56C. Note, however, that the order of the shared secrets will need to be specified at the protocol level to avoid confusion. We are working on guidance to ensure that this reordering will not introduce security vulnerabilities. NIST is open to feedback on the matter. Angela NIST PQC -- You received this message because you are subscribed to the Google Groups "pqc-forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+unsubscribe@list.nist.gov. To view this discussion visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/CO6PR09MB797555BA77527376183DDF1C8E202%40CO6PR09MB7975.namprd09.prod.outlook.com <https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/CO6PR09MB797555BA77527376183DDF1C8E202%40CO6PR09MB7975.namprd09.prod.outlook.com?utm_medium=email&utm_source=footer> .
- [CFRG] Fwd: [pqc-forum] Ordering of Shared Secret… Deirdre Connolly