Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 12 March 2024 22:24 UTC

Message-ID: <3ee20938-95a5-40d3-9930-8ae8db3ed3d8@cs.tcd.ie>
Date: Tue, 12 Mar 2024 22:24:02 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Orie Steele <orie@transmute.industries>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
References: <2D2B67B4-9E1D-46DA-A2EE-08D89BFE254D@akamai.com> <CAN8C-_J0_bQRTymi0O+OtNOcid6P5m9EYj-MaZP_MJe=_VXKiw@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CAN8C-_J0_bQRTymi0O+OtNOcid6P5m9EYj-MaZP_MJe=_VXKiw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------WWLbHQ6ROYmEbXo81Rkge08h"
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|GV1PR02MB8443:EE_
X-MS-Office365-Filtering-Correlation-Id: 439e05eb-fd77-4556-00f8-08dc42e31fb3
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: uxcE4M1XhhCxr/5uqje3EYIKlbUZ9t/II9FFFuCXjHC+PrrwMQCT3gWrN/pIE+zjqJp92zX0lBrgYISZBGIy2XF5YgxcSLGsSkQDzrb+FT0VlDG+mQvvaT6c2iJYT2lIaHqnsKHaUe2XLHDqKJtax6poHnG3VLl1cTIG5gNRVrNtgbZVjNhgoc6oBihFdZwcx4ygYkDjD+T4OxQoFvConmD2hqh5GoVGbESeIPBEG0TKDGNAaf/egOVvfJHSg1XJOYSTt+jcHuNNtF1OLxNH5qDVUmXGCDL7keqojgE6ug/tXLrL5BQljxfmPhcqmwclgpNVz7qcyxmw+S0Y+fSX9lP7Jd7EfgCz7yNSKmafiKu9HjIZEvEfdQriTxyC5ha27w5tSfoSMKQU1ByggLB8WKf9+pDBGWC5hDiLDxWNtL044HYz3lA5nZ/Rg6NhW9Z/AOwJ+ZohzMlcAULD6QK3h6atmQYIJEQhmMEKCMgvU+GmGHGPrI1pG58C2qRH44HtnmTgwKBslgvk0uIesmNvHK8N/UF6afWQAUpKaxkYnsfCIifTj2G9wrsPbLT2bCSuFjibBTRPl8E7jUhOZcFVLKiAKlfRYL5fIVMpglXDBcIBhQrv6+s4XWlZs0icvp9LlrAhSLe0E7WrLKOu3v/kjn81wOBj0BNlVAigcjWHDfw=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: OLVzFy1/4njZR9PPFeKz28H/poARKt+5o8f+cp5wkeqZb5wEVSQbTSuq8ZJAdBGIFSToMPXfte0IScngHhB7WhwDZ+Pp6zg30AkfbryP7GH5YY4JDv731f0rHT27KbQIrvdLzdRwrPWAiivqm1FQ2RExAqemh3FokZluEXTw8Kypr4KbHvaHxJu63osbWK3CSK9Bt66cMhkSqQKW6WyleONLeAG8WJNLi/19irVGrNcPpvAdaSneeGZzSVKQ6EEJEDYb6oZOouhIDlO/n2LmTs1uXfUvW3uw6sn87yxe/TgW7BEhT0lGxDmToRjwgLToC9Y1LVz8bb9ACA1gDhtoXoo2eEcLCWeA9WtP7SPbesqNUm4H3xw5mvfLdsY8w7naf8yaGTGxWtKJ4noZvWFYOT2JLn8ptaK9Fu53nYGAKEOwCD5BaVxc6KzjrBelXlpqtyEwAmsHLgG/fo3nA/t6AZI16d2jNTAzABhoxcPBaZXMR1UocMVx3y4Vvth720iUikwasPdfYh51I8wNeygJDVucXIOvxO4100HbwYc+nrFjsw83PixuzYn+xlWGFwJPVZmHE4q8G7sLq6sAOdsFIze8q3kMaoOvakj5fnwuR1yezxlvOUedvhEeydPC1zwlXBSQ8XVcpmCB7yB6u98satMEhEW0yorSCutV3tswR8RrXvKoXK9BnXVIU4+O8uc78IRp9xOgLdzvcYgI5xAgOThign9ytk4M5C9t3oLpBsRHREohRJbbfPbsKqEoJvuX34BJlr8q9hKZxIrVuUWnkJBlAkOoHPyZPhgw3qGPK98xUYue5A9n18rzVlfg3UnHjBSQB3DU3XYzupArS7Ht/UHrDtgECOPOSKVhv8r7i8m4FGzGIZumg/tmksO23zM2RKCe+FsNTDElBP2+rihSjBaVlrTJDZSSv80zVCpjd82KLiOHmXPcsc/38njBBg4e901kLXNMrX5y/MtZnf+B0jFEI33ex7Wjk6D+tlFl+Am5fZ4ZKIPpB0JvjX9dO1BGoPGwcfjfx7CW4tqYvxoxBZniCAaxk6Fc/Ct4gnCs3IXZCCWQ4ze1SoC0EvCKnK6d5J0SH0/vVDFiqNuqkpGPoIg2rLF9xCvpsRD5WAyhwHjUQVtOcnrU5B1NWEJ//yaaSu2c5Jh37NijHi+63J+iguBiJz4IEzZK/tTm6mFfbEkShIByiyNhclZAVX8tCL89HONwZRsRk+WYm3IcUdPTI99j8EIP423T1lesoI2MelV0OwzdYuJkhM0XPYoZSmnOYt206+tzRNJ4z44952YTR3m9begBevUHPBIydBZ1+rPWM+ZhcR6AtXedvDAvYNhRbQRl6JRzLfXtrecfZMg0DYs9QPfNOmd3GoCOYsOpBhUqZpHBBVLj8xCuiOigDCfNI6Daj8a3W6/vdsU24zqbiWjtNG1ujMHegp1WO1W3Qla+xWxxYQ3AbNdlGxKKNZcvt8AgN7MSNAzVkWz06XJqAzglgjqIebZHnNpodxrdWOGVJFyk48gjCWVG/zYyYaAine58cks4v29yzL+WvVGmcCIkm6j4IwBQUET1gEIXtsWElwQDCfw5Bdnj6+pKNNfSv0gq+0pvAeEwN7XeVwgAXbDF+sNz7w3M2y9MFPQJnA/2O0KFIjMFCrQtQgveLlW4
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 439e05eb-fd77-4556-00f8-08dc42e31fb3
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2024 22:24:04.3227 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OlfRZV9gwHaO8fM4G7ACnSBKZM7/pYYAxQvHmWOd+6ubz+WeAOGYxzQNyre2q7KC
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR02MB8443
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/8FFSU82FYPnirLT2XSyd9kaGPTY>
Subject: Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 22:24:14 -0000

On 12/03/2024 22:04, Orie Steele wrote:
>> Our current recommendation is to use either Dilithium3 (FIPS 204, ML-DSA)
> in hybrid with ECDSA/EdDSA/RSA, or SPHINCS+ (FIPS 205, SLH-DSA) for this
> use case.
> 
> I fear how many different variants of these we may see in protocols without
> some baseline guidance from CFRG.

I prefer the bits saying to mostly not worry about signatures
for now and chill out a bit wrt those. (yeah, my interpretation:-)

If we did pay attention to that (and we should) I think it takes
away most of the problem with hyrbid combnbatorics.

I'd love it if cfrg had consensus on something like that as I
think it'd save a bunch of IETF WGs a bunch of time over the
next couple of years.

Cheers,
S.

Attachment: OpenPGP_0xE4D8E9F997A833DD.asc
Attachment: OpenPGP_signature.asc

Re: [CFRG] [EXT] Re: Google's (current) Threat mo… D. J. Bernstein
[CFRG] Google's (current) Threat model for Post-Q… Salz, Rich
Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Sophie Schmieg
Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Natanael
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Loganaden Velvindron
Re: [CFRG] Google's (current) Threat model for Po… Scott Fluhrer (sfluhrer)
Re: [CFRG] Google's (current) Threat model for Po… Bas Westerbaan
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Neil Madden
Re: [CFRG] Google's (current) Threat model for Po… John Mattsson
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… John Mattsson
Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
Re: [CFRG] Google's (current) Threat model for Po… Ilari Liusvaara
Re: [CFRG] Google's (current) Threat model for Po… Sophie Schmieg
Re: [CFRG] Google's (current) Threat model for Po… Sophie Schmieg
Re: [CFRG] Google's (current) Threat model for Po… Dennis Jackson
Re: [CFRG] Google's (current) Threat model for Po… Scott Fluhrer (sfluhrer)
Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein
Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Blumenthal, Uri - 0553 - MITLL
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein
Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Blumenthal, Uri - 0553 - MITLL
Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Anna Johnston
Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Blumenthal, Uri - 0553 - MITLL
Re: [CFRG] Google's (current) Threat model for Po… Loganaden Velvindron
Re: [CFRG] [EXT] Re: Google's (current) Threat mo… D. J. Bernstein
Re: [CFRG] [EXT] Re: Google's (current) Threat mo… John Mattsson
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein
Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
Re: [CFRG] Google's (current) Threat model for Po… Daniel Kahn Gillmor
Re: [CFRG] Google's (current) Threat model for Po… Daniel Kahn Gillmor
Re: [CFRG] Google's (current) Threat model for Po… John Mattsson
Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein

Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography

Attachment: OpenPGP_0xE4D8E9F997A833DD.asc

Attachment: OpenPGP_signature.asc