[Cfrg] KEX from the ring-LWE Problem: draft-khera-lpr-ring-lwe-kex-00

Rohit Khera <rkhera@pivotal.io> Wed, 25 October 2017 00:42 UTC

Return-Path: <rkhera@pivotal.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD07013AAC7 for <cfrg@ietfa.amsl.com>; Tue, 24 Oct 2017 17:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.272
X-Spam-Level:
X-Spam-Status: No, score=-0.272 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pivotal-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlZxQWFrnBun for <cfrg@ietfa.amsl.com>; Tue, 24 Oct 2017 17:42:05 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA53D13C8B0 for <cfrg@irtf.org>; Tue, 24 Oct 2017 17:42:04 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id 47so16642996uas.8 for <cfrg@irtf.org>; Tue, 24 Oct 2017 17:42:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pivotal-io.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=PZobzVuuasYOfUuuh5kvGCXkCuwMUMynnPGBXhmv04o=; b=YUAU0ru9ujdCK5YlLoAfcdNqa5/1miL/H0shoLCqjWQ9y8uTPy4f3bsu9yYXGHJOuE H6HXurFxFSZdPsMewr6W2B7tfBkNloCamm7dzXeQYP306XLlcF/rJZLxtTZ7fPuJRSMJ 0r7qIGzsjP3B0hcXDRvmH66FwJeUh2BqhO/hFvnOa84cE4pg3FdGYu5e/lmYWm9/tNWI nXwGb6ajqKryhtiYTOz5btySn/B06atBX7oBGxgyfa5FGg2/RpAKc/JXMTOot17yUTAP ssJHt4n6TO7afGad9JhIVA6lVfccI/LZmgqmyOIn6x8mKZt5CwaR6wQZ32NaeuomqSM/ CqDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PZobzVuuasYOfUuuh5kvGCXkCuwMUMynnPGBXhmv04o=; b=YkvNeUdMLp9vEXu0BNdTRygeD4lsYkz/2zM2OFQiKYaZMgz3noBV3ywtEbbQRfyxnw 8v9qbDhhS7W1UsYchQ0cL9oZZoGwluZew/vjDOejfKOgT5/hMzOnIEhVocBwKPO0oYnb +ZAagOiVqzpwjphtXl8QVL3Z6gkzb+9jCI9h7BcsFvJECnPeKVsEsCpzvSkWddQfSM0U ZwFi9Xzr8PR8uGR4nEF+AARc6ucKIsbqPALyTWE9Hzo1veJSqiUde/tPiSAaurFKIIXe iWeaLPYVucC115kDqjKDayyms9xRKlSy1sEWcq2JhpDqhYJ+QLJ2MCrASa0M2k+X2b0o gNuQ==
X-Gm-Message-State: AMCzsaW179fUX4br0J985JEb8KSpJbieQFRyMaNfbCTH7woR+ku5q4kf Xl1nF2kVtq1NQYZE7M27IEGx0qA3JBHhkqzkyoC8rq/Q
X-Google-Smtp-Source: ABhQp+RhUyZGvXJEg0YAw0R4t7k0JqTvtM5HbY0rLCmoDb0ivLxzfulUHL/M22jTTlaOnr611mYW8TgzQMxQ0CrjKKM=
X-Received: by 10.176.80.70 with SMTP id z6mr423318uaz.84.1508892123418; Tue, 24 Oct 2017 17:42:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.68.84 with HTTP; Tue, 24 Oct 2017 17:42:03 -0700 (PDT)
From: Rohit Khera <rkhera@pivotal.io>
Date: Tue, 24 Oct 2017 17:42:03 -0700
Message-ID: <CAKuGhdPDmfT57jQq22FYyV4+R0smj9gz3Bi1WpPNjWmNeSfLSg@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="94eb2c192310057315055c545372"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/D7x2Z_YSqA2PV2dGkGMmziMGS7I>
Subject: [Cfrg] KEX from the ring-LWE Problem: draft-khera-lpr-ring-lwe-kex-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 00:42:07 -0000

Dear Members of the CFRG,

I have started a draft to outline a key exchange method based on the
ring-LWE (RLWE) assumption. Recent years have seen implementations of key
exchange methods based on this problem.

The basis for such implementations (and for the method detailed in this
draft) is chiefly the foundational work of Ajtai, Micciancio, Regev,
Lyubashevsky and Peikert on reductions from worst case problems on
lattices, to the average case hardness of certain problems (including
certain learning problems).

I am not aware of any efforts within the IRTF, and the CFRG in particular,
that are focused on the more recent lattice based schemes, and request the
CFRG to consider adoption of this draft, which is available here:
https://datatracker.ietf.org/doc/draft-khera-lpr-ring-lwe-ke
x/?include_text=1

As you read through the draft, you will notice that some areas around
specifying TLS extensions for hybrid RLWE cipher suites are a work in
progress.

Thanks for considering this draft, and I look forward to your feedback!

Regards,
Rohit