[Cfrg] draft-fluhrer-lms-more-parm-sets-01

Russ Housley <housley@vigilsec.com> Thu, 23 April 2020 19:01 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0ADC73A1193 for <cfrg@ietfa.amsl.com>; Thu, 23 Apr 2020 12:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3gQXzu6sKDEJ for <cfrg@ietfa.amsl.com>; Thu, 23 Apr 2020 12:01:26 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0320A3A111D for <cfrg@irtf.org>; Thu, 23 Apr 2020 12:01:21 -0700 (PDT)
Received: from localhost (localhost []) by mail.smeinc.net (Postfix) with ESMTP id 7C51E300B3E for <cfrg@irtf.org>; Thu, 23 Apr 2020 15:01:18 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([]) by localhost (mail.smeinc.net []) (amavisd-new, port 10026) with ESMTP id B86x7Tps3zNP for <cfrg@irtf.org>; Thu, 23 Apr 2020 15:01:17 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net []) by mail.smeinc.net (Postfix) with ESMTPSA id 0BE8A300471; Thu, 23 Apr 2020 15:01:16 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Message-Id: <3F99CED3-A810-4CF6-98AC-A55E29000D1F@vigilsec.com>
Date: Thu, 23 Apr 2020 15:01:18 -0400
Cc: IRTF CFRG <cfrg@irtf.org>
To: Scott Fluhrer <sfluhrer@cisco.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/DKaSAaJewR65AghizGjsMa3P54Q>
Subject: [Cfrg] draft-fluhrer-lms-more-parm-sets-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 19:01:34 -0000


Thanks for your talk on this draft yesterday.  It raised a few questions.

1) SHA256-192:  I like it.  Does the size of I change?  My guess is that it is still 16 bytes, but I want to be sure.

2) SHAKE256-256 and SHAKE256-192:  Why use an Extendable-Output Function (XOF)?  Since the output in the application is always 256 bits or 192 bits, the normal reason for picking an XOF does not seem relevant.

3) Temporary code points: Why do you have collisions?  For example, LMOTS_SHA256_N24_W1 and LMS_SHA256_M24_H5 are the same, and RFC 8554 avoided overlaps between LMS and LMOTS code points.