IETF Logo Mail Archive

Re: [CFRG] How to construct a hybrid signature combiner?

Loganaden Velvindron <loganaden@gmail.com> Sun, 31 March 2024 19:32 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0C31C14F689 for <cfrg@ietfa.amsl.com>; Sun, 31 Mar 2024 12:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8mCC5ERRJDH for <cfrg@ietfa.amsl.com>; Sun, 31 Mar 2024 12:32:02 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46B81C14F61E for <cfrg@irtf.org>; Sun, 31 Mar 2024 12:32:02 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2d71765d3e1so27820911fa.0 for <cfrg@irtf.org>; Sun, 31 Mar 2024 12:32:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711913520; x=1712518320; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3eqBGGzC9t9viTbxBrqSVdXdMu3dUAPo1e5W7De+biY=; b=mHaZ/194ePcEbdsdsQmyCokkGP+Gq9kU/6zfwo7ArXfZlQUlyyEC/vR2lfpV9ooWO1 TlI1GEfLeL+5S+AcmeHbJzqoZgHzspXleohTKz86TqdtfvCtBx707PfN/Ua3cV3MLq7S c2Pj8U8CTk0sDOha2WAOxRHYl8HsGhdac1P6M9h01XBgmTJLOBS3rHJhvwNF7ri0diDQ qIQn97xwF14puhA8to25naZgO23gllDv6hmFHVR2JrsbPQ/BJdUZSkH+F5x/yfAgMI+c 7BuzQFGDI4+FejRbDyRfa9Os1KIgFqpZ4A0LQPE3PBsaCvb3byAI7sWxM2pLN2ArAr/E m4bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711913520; x=1712518320; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3eqBGGzC9t9viTbxBrqSVdXdMu3dUAPo1e5W7De+biY=; b=NzcIrNkOoT2WZuB/vFzs9m3lgaQka+xfVCjQU3xyMjtVCge6LUOao4RW+4vNcYYF2s 9ZySrrqnbh7IzwrCbkQuFNexXZQZxu1nbofV+dOfgap+VLt52eS/GUIqYp/Kye6Q8SmH dn7G0O/wbOeriezq9++iWKr9OFhA9w3ukrx1Yq9E4kfgDDqPxAj5hJJ4mArpmGXGTf4h /Mcbn/f3CHVQ/n67qWVzsh1U5WcP9/Gu2l5f0FL+/DrVUoOg4k9pcxwKDZogsF5welD+ tHMNMXRf4XfAwGaekJW/gk9sU74jn2xt+B/Jc55idRPS8x2+QgDFX4kPCNZe7LsNkLCG AjpQ==
X-Gm-Message-State: AOJu0YxuQSwLba5etdoWre6PXU6MITyqQPMoW8AfsvJ6Vn4v/zkqoGh7 7FdIL0f+IMkLEkDNm9OUXFcZR091qD7jkD8Lh0xJYrKEwToujQXp0UwefkSc8PNWs6xofkcB7Py 7Cy7RoCSOBeLke4N3jKSRCAq+gWs=
X-Google-Smtp-Source: AGHT+IGMi/3jDavvTk5TJk+HlLH6CdePWE0Xrtc1EhWC2xrvtx5bKuCY4t9SbSVNL0+/d9RDysE6EDKTcez9dtnQ5LU=
X-Received: by 2002:a2e:99da:0:b0:2d4:744c:24ab with SMTP id l26-20020a2e99da000000b002d4744c24abmr4297549ljj.27.1711913519958; Sun, 31 Mar 2024 12:31:59 -0700 (PDT)
MIME-Version: 1.0
References: <87o7b6szhh.fsf@kaka.sjd.se>
In-Reply-To: <87o7b6szhh.fsf@kaka.sjd.se>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Sun, 31 Mar 2024 23:31:47 +0400
Message-ID: <CAOp4FwTSbmmPWXhsbVAT-XMZC_PULQF7i-7FnhyhhOm66t=W8g@mail.gmail.com>
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
Cc: cfrg@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/68LEcrsNSocYbg6M51NrRJUHar0>
Subject: Re: [CFRG] How to construct a hybrid signature combiner?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 19:32:02 -0000

On Sat, 23 Mar 2024 at 01:56, Simon Josefsson
<simon=40josefsson.org@dmarc.ietf.org> wrote:
>
> All,
>
> Prompted by discussions in the OpenPGP WG etc, it would help to
> establish one hybrid signature construct that combine one traditional
> signature scheme (e.g., EdDSA) and one post-quantum signature scheme
> (e.g., robust SPHINCS+) into one instantiated hybrid signature scheme.
> It should be a single identified algorithm that could be dropped into
> any place we use, e.g., Ed25519 today.
>
> Some people dislike hybrid signature schemes, dismissing them as
> unnecessary, but without any concrete hybrid signature scheme to compare
> with, it feels like comparing apples with imaginary oranges and
> dismissing the latter because we already have apples.
>
> For hybrid KEM, we know how to create optimized hybrids (X-Wing) and how
> to safely create generic instances using Chempat --
> https://datatracker.ietf.org/doc/html/draft-josefsson-chempat-00 --
> however understanding the requirements took some time.
>

Chempat looks interesting. I hope it moves forward.

v2.23.0 | Report a Bug | By Email