Return-Path: <neried7@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id DABCCC1D8779
	for <cfrg@ietfa.amsl.com>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level: 
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
	FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
	HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
	RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01]
	autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
	header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yL09rR2x8kri for <cfrg@ietfa.amsl.com>;
	Wed, 15 Jan 2025 14:07:31 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com
 [IPv6:2a00:1450:4864:20::529])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 34B62C1E016E
	for <cfrg@irtf.org>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id
 4fb4d7f45d1cf-5d3bdccba49so386330a12.1
        for <cfrg@irtf.org>; Wed, 15 Jan 2025 14:07:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1736978849; x=1737583649; darn=irtf.org;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=V6m9nJ9dCQjftCpO4bsNGimfI/nL9Uar5tNFjBlcdqY=;
        b=KkWvg9EGhI28PFsJFTaUBauQGiIdT//2oHPoeyH53ABOmCGK2Fjv7vVaRq3GHClj1K
         deI+a+48UFJzjnspSyr5IiYaOrz4u9AzX/1PR6yUeEPBqgXdieQt/YBiCPUwwN+vkoCL
         sOLWOezeacRaXbcyWf7jMbf5t27qkJTCQ91Wggx1X8ZBCbpbZ/2zQbQB5Elam9JegFPh
         F1gmUb7ISKt4x50dTPt0QajdWH0dRkJlOWtpcBQic/AiNMos1SnjMUnTnZ1JrVX8nkfk
         pqOXEMahAq3x62TUafOlCXr0hlzfExzI4u2OEuxaYyqn9Xpiv9qq/irX0x1vjEysmx6R
         XuPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1736978849; x=1737583649;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=V6m9nJ9dCQjftCpO4bsNGimfI/nL9Uar5tNFjBlcdqY=;
        b=CA6cMn/jmf9wz9lmihmBCmZAH37HWIOVZNWvSbwnXBSFqrdVVOk+pT3mF/pRLwE9N5
         o6IWTcqQ3U1dxD/RtRzAsfYFSiwQHpCL5AFT0qpUvO0QS4jv40wt2YYrb09+6J2aePvK
         9S2eVLB7+H+HT5NMqQ0CSx/15lfpAMpDEd35EatS2ZSSc6BJm4jB8eSbQH1qIsF/A9hg
         dk8i020Qn/nsjz9vBltaPTyZXE3KXSApwUqUynimNTUXpGnvixj6Kd26Lf224uoEZMND
         9dKQcHZ+MDd+PGoYJdiIIA3ec5/4mg0+yLW/iVsTNnFjKEA2WGeHNudhOtAAx+qgUvl0
         QH5Q==
X-Gm-Message-State: AOJu0Yyv8u8LggJ7DdFOkw5Y3IqC2YfVXm05WNADYWaucYtH9K5HzccX
	/jm6mmG392oNBsiSOp5G/APWncwPNw+zViQpUHrvmWPTfLTfI2sypZSH8h2hOGyxc5ZUclXMxcA
	+0LWcdLnN+YkdJisqj56/398Cl/6c8g==
X-Gm-Gg: ASbGnculg2+5E0QiCwWo7WqGKEp5toTOmpq6OxmfzeEbD/gWY+4Fqhd89hg7G2+UW6J
	RT7pwsbrS1txQoxxWsqkDJKiQnjTV8B1AgFTGMg==
X-Google-Smtp-Source: 
 AGHT+IGmbiSdk7vAVqF+DI7xJH7B2DKz7xrJx7rcNRQcR9Y2aYqyPJnv+7PaJhM3r94sHjPO3snB/Gj+l6C5EJI7cOQ=
X-Received: by 2002:a05:6402:3550:b0:5d4:1ac2:271b with SMTP id
 4fb4d7f45d1cf-5d972e0ab82mr30143257a12.11.1736978848790; Wed, 15 Jan 2025
 14:07:28 -0800 (PST)
MIME-Version: 1.0
References: 
 <CO6PR09MB797555BA77527376183DDF1C8E202@CO6PR09MB7975.namprd09.prod.outlook.com>
In-Reply-To: 
 <CO6PR09MB797555BA77527376183DDF1C8E202@CO6PR09MB7975.namprd09.prod.outlook.com>
From: Deirdre Connolly <durumcrustulum@gmail.com>
Date: Wed, 15 Jan 2025 17:07:17 -0500
X-Gm-Features: AbW1kvZYqd-UKUE68pSI_zalev3QtXTwy7CPQeF6UOH9X18WQdXiukVJ0O_Tjng
Message-ID: 
 <CAFR824xm-Ekh64tB=S6ULnxgCT_e0H-wjxBWCwg8b9dTuzK-fA@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000043c32c062bc5e757"
Message-ID-Hash: YJB4U3GR6J2DSNZFGMXXSSKZISCFOQ55
X-Message-ID-Hash: YJB4U3GR6J2DSNZFGMXXSSKZISCFOQ55
X-MailFrom: neried7@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BCFRG=5D_Fwd=3A_=5Bpqc-forum=5D_Ordering_of_Shared_Secrets_in_SP?=
	=?utf-8?q?_800-56C_Combiner?=
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/cfrg/2BGveHbLnOhPqoX2t6MK6XpSu3E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

--00000000000043c32c062bc5e757
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

---------- Forwarded message ---------
From: 'Robinson, Angela Y. (Fed)' via pqc-forum <pqc-forum@list.nist.gov>
Date: Tue, Nov 19, 2024, 5:49=E2=80=AFPM
Subject: [pqc-forum] Ordering of Shared Secrets in SP 800-56C Combiner
To: pqc-forum <pqc-forum@list.nist.gov>


Dear All,



The key-derivation methods described in NIST SP 800-56C are currently only
applicable to shared secrets established during a key establishment scheme
as specified in NIST SP 80056A or 800-56B, or to Z =3D Z=E2=80=99||T which =
is the
combination of shared secret Z=E2=80=99 that was generated as specified in =
SP
800-56A or -56B with another shared secret T that is generated in any way.
As previously stated, NIST intends to allow all key-derivation methods in
NIST SP 800-56C to apply to the outputs of the ML-KEM key establishment
scheme specified in FIPS 203.



Further, NIST intends to allow the 800-56C key derivation methods to apply
to shared secrets of the form Z =3D T || Z=E2=80=99, where T and Z=E2=80=99=
 are as described
above but in reverse order.  That is, we will ensure that either order is
allowed for FIPS validation in upcoming revisions to -56C.  Note, however,
that the order of the shared secrets will need to be specified at the
protocol level to avoid confusion.  We are working on guidance to ensure
that this reordering will not introduce security vulnerabilities.  NIST is
open to feedback on the matter.





Angela

NIST PQC

--=20
You received this message because you are subscribed to the Google Groups
"pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to pqc-forum+unsubscribe@list.nist.gov.
To view this discussion visit
https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/CO6PR09MB797555=
BA77527376183DDF1C8E202%40CO6PR09MB7975.namprd09.prod.outlook.com
<https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/CO6PR09MB79755=
5BA77527376183DDF1C8E202%40CO6PR09MB7975.namprd09.prod.outlook.com?utm_medi=
um=3Demail&utm_source=3Dfooter>
.

--00000000000043c32c062bc5e757
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote gmail_quote_contai=
ner"><div dir=3D"ltr" class=3D"gmail_attr">---------- Forwarded message ---=
------<br>From: <strong class=3D"gmail_sendername" dir=3D"auto">&#39;Robins=
on, Angela Y. (Fed)&#39; via pqc-forum</strong> <span dir=3D"auto">&lt;<a h=
ref=3D"mailto:pqc-forum@list.nist.gov">pqc-forum@list.nist.gov</a>&gt;</spa=
n><br>Date: Tue, Nov 19, 2024, 5:49=E2=80=AFPM<br>Subject: [pqc-forum] Orde=
ring of Shared Secrets in SP 800-56C Combiner<br>To: pqc-forum &lt;<a href=
=3D"mailto:pqc-forum@list.nist.gov">pqc-forum@list.nist.gov</a>&gt;<br></di=
v><br><br>





<div lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:b=
reak-word">
<div class=3D"m_5822856030910404419WordSection1">
<p class=3D"MsoNormal">Dear All,<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"m_5822856030910404419xxmsonormal">The key-derivation methods de=
scribed in NIST SP 800-56C are currently only applicable to shared secrets =
established during a key establishment scheme as specified in NIST SP 80056=
A or 800-56B, or to Z =3D Z=E2=80=99||T which is the combination
 of shared secret Z=E2=80=99 that was generated as specified in SP 800-56A =
or -56B with another shared secret T that is generated in any way.=C2=A0 As=
 previously stated, NIST intends to allow all key-derivation methods in NIS=
T SP 800-56C to apply to the outputs of the ML-KEM
 key establishment scheme specified in FIPS 203.<u></u><u></u></p>
<p class=3D"m_5822856030910404419xxmsonormal" style=3D"margin-left:.5in">=
=C2=A0<u></u><u></u></p>
<p class=3D"m_5822856030910404419xxmsonormal">Further, NIST intends to allo=
w the 800-56C key derivation methods to apply to shared secrets of the form=
 Z =3D T || Z=E2=80=99, where T and Z=E2=80=99 are as described above but i=
n reverse order.=C2=A0 That is, we will ensure that either order is allowed=
 for
 FIPS validation in upcoming revisions to -56C.=C2=A0 Note, however, that t=
he order of the shared secrets will need to be specified at the protocol le=
vel to avoid confusion.=C2=A0 We are working on guidance to ensure that thi=
s reordering will not introduce security vulnerabilities.=C2=A0
 NIST is open to feedback on the matter.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">Angela<u></u><u></u></p>
<p class=3D"MsoNormal">NIST PQC<u></u><u></u></p>
</div>
</div>


<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;pqc-forum&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:pqc-forum+unsubscribe@list.nist.gov" target=3D"_b=
lank" rel=3D"noreferrer">pqc-forum+unsubscribe@list.nist.gov</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/a/list.n=
ist.gov/d/msgid/pqc-forum/CO6PR09MB797555BA77527376183DDF1C8E202%40CO6PR09M=
B7975.namprd09.prod.outlook.com?utm_medium=3Demail&amp;utm_source=3Dfooter"=
 target=3D"_blank" rel=3D"noreferrer">https://groups.google.com/a/list.nist=
.gov/d/msgid/pqc-forum/CO6PR09MB797555BA77527376183DDF1C8E202%40CO6PR09MB79=
75.namprd09.prod.outlook.com</a>.<br>
</div></div></div>

--00000000000043c32c062bc5e757--