[CFRG] Per-KEM security considerations: drafts received, and a two week comment period
Nick Sullivan <nicholas.sullivan@gmail.com> Tue, 23 June 2026 17:40 UTC
Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: cfrg@mail2.ietf.org
Delivered-To: cfrg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 33F35105F7249 for <cfrg@mail2.ietf.org>; Tue, 23 Jun 2026 10:40:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1782236443; bh=8DMoU79v4mZKShaywbh4g0PWe0AkxS+TakYJBKJwPsU=; h=From:Date:Subject:To:Cc; b=uoFfxprb7yjkJ83oddqqDNQBV+Q4RWMThgD0R7Dm0qQ2OEawxZAKn/oP6y9LvZHhe 7220toUR5hXnKTusT1C01onRAsydUfuTcvIuESIvK/sSi4L2Ztej9uqSE8aZa49UCa GJDoqOgk7yRkIoYnWhZM7g6l7NR1zPrSKPbjdmjM=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KepFq4YOH72j for <cfrg@mail2.ietf.org>; Tue, 23 Jun 2026 10:40:42 -0700 (PDT)
Received: from mail-yx1-xb12a.google.com (mail-yx1-xb12a.google.com [IPv6:2607:f8b0:4864:20::b12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CF058105F723E for <cfrg@irtf.org>; Tue, 23 Jun 2026 10:40:42 -0700 (PDT)
Received: by mail-yx1-xb12a.google.com with SMTP id 956f58d0204a3-662bb8b1f93so63901d50.1 for <cfrg@irtf.org>; Tue, 23 Jun 2026 10:40:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1782236436; cv=none; d=google.com; s=arc-20240605; b=WbH8PGW3rXQX353NZdvRd31of3lN8Z9VvWHe+o28PBiE1bnoq3BR+7TUbZc30JIaUq 2M3qO1e6chOF5C9dMpvRTILwYsWF6wRQkFaWxz8bnWlY3cPRGLh4py+LifyoLdPO7hwD Q28de/66rmmAANfHRISkBZY4fWItk8R+Z2FoQzgJ8vSyAH2R9wDKVBkeROJGoHdKWTrz VCcf4rIL7nzn1wY567TR2K0IEiuxFuVWDEjKQ/4emN3olifvIy1HOn7UXZ8cxJsGXRvY yVYNHDhITVevkpQrvQjfT4R8kqnfzXYbBe2vx9uazDQAISzB91VngMxX3GwPo84dkuwl bpRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:mime-version:dkim-signature; bh=8DMoU79v4mZKShaywbh4g0PWe0AkxS+TakYJBKJwPsU=; fh=57v5bQznwvd0VZEWkBr1xlPdp9jcIIkQDz3Hoo1EzAE=; b=kuvO5Q05CG7YGPEnTDtgiI05QQHrjm0fmOCUkCO2PlW/QL8j+uHGIMRSJsKs1ncpRD xyCYXc3A+W4s5ZHIWoy6jVkmfaQAnEU7s1zoaDrkfbJu3zY01oH7R/tLkWDHJQ/DGahE A+gshmue1l0r8gsTIt6VcwmH3nQDfZq1cDQ2SGOniXHqJoqo0R1uvAGnmlPh4w1q8r15 dw2gmj7IX5TZaWFRKwIUS1lSZUfEawE6NZIINWCNrvbN93oj1Ptt9m8Yi/cBvFaUwDJS IGxDFFBnINJnJ272tse+dpUCpedFKmmd17ZoVmUDJrMBMBece/dCcE3Q+xGi6Zhzc9Wx rY+Q==; darn=irtf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782236436; x=1782841236; darn=irtf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=8DMoU79v4mZKShaywbh4g0PWe0AkxS+TakYJBKJwPsU=; b=J4OBEzYx2WiQNwNxGIZtLtlCuIUcaidxs36oBtyfT2WkSulr6p1oxnsq5q3VjpN09m SCrajDJgwLwi6v7ueRs8YIBOlXK2oK5LM3Oly77dVMw9CG597L7J+e10stVdBJs+Sv61 jtn8+9CMg/+yzjsO0wtPYDVczrrjJlJMu6bkjHuw7YhAUfYPSlIgtl9mpUJqazuoyjVU D96ih3OT8jkv4qj0bpEIX46AeHUq8c8ffJ/tiXM61NwqZD/GkvYpgTYU1AU1LZZ0IMVn t6N/cAcCgp1C9iKJmlhonKY9BAb/ycYaKPjRqAxW3zyyeTEpDDVYmvoQGhgv99bR2ERU ttDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782236436; x=1782841236; h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8DMoU79v4mZKShaywbh4g0PWe0AkxS+TakYJBKJwPsU=; b=hCxt7Mk4L/X4w7ZIOWytIGL98dKJkJ52Rozm4vogl4FRhDzQYGWCVxTojhcegNX6Ox BLazMUnYQcp5nDZIz/HiGg/31FkCoOOorj8XngyhwrB1RU8ON8nrub4FBv9mBUlUKGQU hQvESilJ7tzUBGL0mUB7hZa+x+qsVsTnbykzsUF624i/eCNPDwXjjByKsS1ADKKJDWN4 Wxh4jRktUxWg4m3M+3KSlsYIDfgIa1UUvDtXrpboU0bCeBxj/8UMTtiTDQ3v49DXCQ/y 52rgg2ANejVQC54fEs05nJDsZNlthdIOMu79/L/XAyG3qqNJonN+PjW8fCOwkGA2E+ct vfVw==
X-Gm-Message-State: AOJu0Yx6AhDXPtWJR7MKiZnEe08lho2FvON/+Zjd8CSxkgHusnWnVTZU fwZmVUEaaJrCJtuJlgaQY/NLYORL5geWR1+H4Cgg8XEB6q74J9oht6zzSqmRWNX2s7RqYLmz6fp Ul3QH2kI+oyy8yj64/Z8MIOe7Dv5iqd04Pa3FZzB0AzP1
X-Gm-Gg: AfdE7cnxwMMNb4uL+G7m/TMjUbg1NyCrAQSZAu6UGQ/Ir47COBKgTHOdxYNjn6gDNVH iUeH1CV5azjLs87S1eMjYroE00PIOk1ro2E8hCxZ4QzWZVVhJ75TIRdaDaUuECostlQ3Eu/Kit2 g55LfI9XoI4sWSkSj7P6WP0PFq/BouM8cqrQY2Cx4dKCUYgVffMM9bi7pBiux3pacmUuaRJyu+0 XURlSceAoOZVFnkYq/NYP40RBQcrN++DzuAnn9QfAZoC+hiuhdTiHPLBoQehb+1HNenyOh5b+Gm OA3xh+q44Ijx1uwKciJ5+stNRiW3L0+4YyVfFUSrBYQmrZ3prPVAZpWGJx4duNnbn4YrW2gGNw+ 0BCLC/uwTp8kv2j5VduwzmPqRS+ckdVqNfJzjKjxiUqZtjl1sQsBdGKLxbhXgidM=
X-Received: by 2002:a05:690e:d0b:b0:660:ea4a:4901 with SMTP id 956f58d0204a3-66359f6d872mr3627328d50.21.1782236436081; Tue, 23 Jun 2026 10:40:36 -0700 (PDT)
MIME-Version: 1.0
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Tue, 23 Jun 2026 13:40:25 -0400
X-Gm-Features: AVVi8CeeHTxMuGrCd_ZVyQa9U09jo51lHq2mYu8n02239WFfMKTKWKRAHd4kZDg
Message-ID: <CAOjisRxuoBfE_qDr-4cOnNFu-GZ+8_0sLusE+aYTvX4HbFTFhg@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: THD377ADMV2YGO2HKQTZAPYRJZPOFB7O
X-Message-ID-Hash: THD377ADMV2YGO2HKQTZAPYRJZPOFB7O
X-MailFrom: nicholas.sullivan@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; header-match-cfrg.irtf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cfrg-chairs@ietf.org" <cfrg-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Per-KEM security considerations: drafts received, and a two week comment period
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/5IygquS2iZfFlidIKLRuUibdIQI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hi CFRG, Thanks to everyone who responded to the April call. The June 22 window has closed, and we have a good set of per-KEM security considerations documents to work with. Before we talk about adoption, the chairs would like to open a two-week comment period so the group can read and react to all of them together. Please send comments to the list by Tuesday, July 7. This will help the chairs decide which documents will form the basis of an adoption call for the topic. Here is what came in: ML-KEM (the existing document): https://datatracker.ietf.org/doc/draft-sfluhrer-cfrg-ml-kem-security-considerations/ FrodoKEM: https://datatracker.ietf.org/doc/draft-longa-cfrg-frodokem-security-considerations/ Classic McEliece: https://datatracker.ietf.org/doc/draft-josefsson-cfrg-mceliece-considerations/ Streamlined NTRU Prime: https://datatracker.ietf.org/doc/draft-josefsson-cfrg-sntrup-considerations/ NTRU+: https://datatracker.ietf.org/doc/draft-jhpark-cfrg-ntruplus-security-considerations/ NTRU: draft-kosuge-cfrg-ntru-kem-security-considerations (announced, being posted to the datatracker, link to follow shortly) NTRU-family review checklist: https://datatracker.ietf.org/doc/draft-liu-cfrg-ntru-family-security-considerations/ One thing stands out. We now have multiple documents in the NTRU family: the NTRU document, NTRU+, and the NTRU-family checklist. There is real overlap between them, and we'd encourage those authors to compare notes and consider combining forces, whether that means a shared checklist the per-KEM documents build on or some other split. Comments from the group on how best to structure that are welcome. To be clear on scope, this comment period is about the documents written in response to this call, and it is not the adoption call itself. The plan is a single adoption call for the topic, informed by the discussion here, rather than a separate call for each document. These don't need to be complete or final to be useful. They just need to be a solid starting point for a working group document. If you already think one is a good basis to work from, please say so, that's useful signal for the adoption call. People developing IETF protocols who are considering any of these KEMs are also encouraged to contribute their perspectives. What's most useful right now: whether each document answers the checklist from the call, where it's thin, and whether you'd be willing to review or implement. We'll take stock after July 7. Thanks, Nick (for the CFRG chairs) For authors: if you haven't signed up for the CFRG mailing list, please do so here: https://mailman3.irtf.org/mailman3/lists/cfrg@irtf.org, which is where the discussion is happening.
- [CFRG] Per-KEM security considerations: drafts re… Nick Sullivan
- [CFRG] Re: Per-KEM security considerations: draft… D. J. Bernstein
- [CFRG] Re: Per-KEM security considerations: draft… Nick Sullivan