IETF Logo Mail Archive

Re: [CFRG] Call for adoption: Hybrid KEM Combiners

"Kousidis, Stavros" <stavros.kousidis@bsi.bund.de> Thu, 01 February 2024 10:37 UTC

Return-Path: <stavros.kousidis@bsi.bund.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5FACC14F71F for <cfrg@ietfa.amsl.com>; Thu, 1 Feb 2024 02:37:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.004
X-Spam-Level:
X-Spam-Status: No, score=-2.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=bsi.bund.de header.b="Bn55jzGB"; dkim=pass (2048-bit key) header.d=bsi.bund.de header.b="Y+JM3tDW"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMXg6LrF-04W for <cfrg@ietfa.amsl.com>; Thu, 1 Feb 2024 02:37:24 -0800 (PST)
Received: from m3-bn.bund.de (m3-bn.bund.de [77.87.228.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE0C8C14F6F1 for <cfrg@irtf.org>; Thu, 1 Feb 2024 02:37:22 -0800 (PST)
Received: from m3-bn.bund.de (localhost [127.0.0.1]) by m3-bn.bund.de (Postfix) with ESMTP id 82B7A671753; Thu, 1 Feb 2024 11:37:19 +0100 (CET)
Received: (from localhost) by m3-bn.bund.de (MSCAN) id 4/m3-bn.bund.de/smtp-gw/mscan; Thu Feb 1 11:37:19 2024
X-NdB-Source: NdB
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=bsi.bund.de; s=211014-e768-ed25519; t=1706783832; bh=c/EjkN3VReQwNiBm6kHlPaq5HNdl4iFNWIph/TtYo7o=; h=From:To:CC:Subject:Date:Content-Type:Content-Transfer-Encoding: MIME-Version:Autocrypt:Cc:Content-Transfer-Encoding:Content-Type: Date:From:In-Reply-To:Mime-Version:Openpgp:References:Reply-To: Resent-To:Sender:Subject:To; b=Bn55jzGB7jmmSPHLKnFgfhtTHQetIJf5bIn0SdEakokyGPO7AHbkd37eHSdI922Z5 nkGow/tRBJreupuu+IqDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bsi.bund.de; s=211014-e768-rsa; t=1706783832; bh=c/EjkN3VReQwNiBm6kHlPaq5HNdl4iFNWIph/TtYo7o=; h=From:To:CC:Subject:Date:Content-Type:Content-Transfer-Encoding: MIME-Version:Autocrypt:Cc:Content-Transfer-Encoding:Content-Type: Date:From:In-Reply-To:Mime-Version:Openpgp:References:Reply-To: Resent-To:Sender:Subject:To; b=Y+JM3tDWcSBzERMbZPDFJeaCfhY2GfaNncxRmzhBwoRez7KqM24Z49tFmwqsN/QZ8 m8bntkOKHwJowAYdqldlb8cqwSJ/I3IMkSL+Jb7lNLdbNXGNcemwF1StfDezmZmxQg LArJvKm7GB1c8L4zJdTQSfx5oUU+zUt1Ss9Mn799Q8FcikIzivDN+lS6J5qyAOV/7F qa4ydEbmvoQ0IjSEvCPZrVjqnJ1GcoRJdvEjTR5WygLp9QgDyj2GePf2yvdK7qGDaz noUG463uXAsFIPMXuDuEixFhLquASik8MFIrdv9z8xovYuJq0SyKtO2AZkHDGGOWdZ FO/xXopxArDdg==
X-P350-Id: 2ddba2ba2360dc06
X-Virus-Scanned: amavisd-new at bsi.bund.de
From: "Kousidis, Stavros" <stavros.kousidis@bsi.bund.de>
To: "nicholas.sullivan@gmail.com" <nicholas.sullivan@gmail.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: Call for adoption: Hybrid KEM Combiners
Thread-Index: AdpU+AZtFCZZA9BQQbycXRFqiCj3sg==
Date: Thu, 01 Feb 2024 10:36:57 +0000
Message-ID: <922ac0b045864262add87a5761957859@bsi.bund.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Old-x-esetresult: clean, is OK
Old-x-esetid: 37303A292EA56255667260
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EsetResult: clean, is OK
X-EsetId: 37303A29B8016555667260
X-Rusd: domwl, Pass through domain bsi.bund.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/7F-BSXEpE8J_aUsZAGL6QwSnp3Q>
Subject: Re: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2024 10:37:28 -0000

Hi,

as an author of draft-ounsworth-cfrg-kem-combiners I support adoption of that topic as I think that guidance is needed in order to ensure safe constructions and mitigate cascading divergence. I am happy to contribute by working on and reviewing documents.

Best
Stavros

----------------------------------------------------------------------

Date: Wed, 31 Jan 2024 10:28:50 -0500
From: Nick Sullivan <nicholas.sullivan@gmail.com>
To: cfrg@irtf.org
Subject: [CFRG] Call for adoption: Hybrid KEM Combiners
Message-ID:
	<CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Dear CFRG,

There has been a lot of discussion on the list over the last few weeks
around the topic of hybrid KEMs, including discussion around the topic of
where we should go as a group. There seems to be significant interest in
this topic from around the IETF and in broader industry. We (the chairs)
have decided to open up a research call for adoption for a topic in this
area, described below.

The standard context for the group applies here as always: As part of the
IRTF, the CFRG is a research group, producing research documents relevant
to the IETF and broader community. The CFRG does *not* publish standards
and does *not* dictate cryptographic choices to IETF working groups. CFRG
documents often come with concrete specifications for parameterizations
relevant to groups within the IETF. Recent examples of documents of this
style resulting from topics adopted by the CFRG include RFC 9497 (OPRF) and
RFC 9381 (VRF), which provide a thorough overview of the topic along with
concrete parameterizations that can adopted by protocol designers.

The CFRG has a full docket of important ongoing work, so it?s important to
ensure that any work the CFRG adopts at this point aligns with the charter
by offering necessary guidance (for network security in general and for the
IETF in particular) on the use of emerging mechanisms.

With that preamble done,* this email starts a three-week call for the
adoption* of a work item within the CFRG to produce an informational
document exploring how to safely combine KEMs. This document
* Will use draft-ounsworth-cfrg-kem-combiners as a starting point for
describing generic combiners
* Will include an analysis of the non-generic combiner mechanisms for
specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published
works in the area
* Will describe the security properties and trade-offs of various methods
of combining KEMs
* Will provide concrete instantiations of hybrid KEMs that are relevant to
IETF protocols (potentially similar to X-Wing and Chempat-X), including
pseudocode and test vectors

Please give your views on whether this should be adopted as a CFRG draft
and whether you would be willing to work on this document and/or review it.


Nick, Alexey, Stanislav

v2.23.0 | Report a Bug | By Email