IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

John Mattsson <john.mattsson@ericsson.com> Tue, 28 January 2025 13:38 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D3EFC157927 for <cfrg@ietfa.amsl.com>; Tue, 28 Jan 2025 05:38:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ukdM1MX_3rYq for <cfrg@ietfa.amsl.com>; Tue, 28 Jan 2025 05:38:16 -0800 (PST)
Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazlp170130004.outbound.protection.outlook.com [IPv6:2a01:111:f403:c200::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E83FDC14F70D for <cfrg@irtf.org>; Tue, 28 Jan 2025 05:38:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VR3N8lKEnZXYIpaVbkIZ7Byv02AC66i/7hQBLngzSRhw6/YYhh92eyWn8SvTA5TKKQcD3QMRxrZVg94etcEGdOiYxiDBR5MEb9lFGJ4E1O8bcUg3n5r+kM+3N1UlH1jVb5URQNX0l4DOewlea6g0uJQDdz6Mj0eP2czMTZbFSfeZOYOrUlqgucbLD3PsKr91+H3VkqWznSZ3hPSKFayZeWqUVhd2Lcq6yb/O3KqDI1mN6NJBiK+rSJoMavLvG/+LCURxrfG0H0+TXRZfafnrmVLMZAhL1QCLpo3GB0mXkViue25ubWi9tgijwrC4T3HR8m2Xn/xN3mMudid/4VeQfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5aPLju0OhLWlPKBCJxgqyOYQ2a4uKAJyZojycUHsKr8=; b=C9vvKFk4epDmmBm7GCIde0DKk3dZPD6KUhZZNaslY8kGZ21PtTi10UrBQLBM6kC7l+TqQMGDxTtbaaZVEOfjJKMF/+OykzUzVKD2KN61B8DPoKZtqFSes2Cb9XSQYniOY7pDQp/8gMW+5YRVB2lHFML2klLfiQwe8DlM/maG/rJbOoQhpcuQ3yaeAekQV82RY53ZHLH1HJbhfJGvuXRoLz3at4iAWsBsjMqjoyHfbyvyVAlPulqbGpHJOC67H8HZM3S3DFPa8G2n0dCd8TBPM5M2DxwAfUvtwnU9uyuuSZyvUgpdOjIcjOxKAXaZ1ZOZkIKzbMMuCitEme9ZqLvNVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5aPLju0OhLWlPKBCJxgqyOYQ2a4uKAJyZojycUHsKr8=; b=MiNxlZCY9S7rgBFQeTaIRktnRPWlPz7sCCWEWd/RbCktDO9MTP80p/5QMWpC2X4oEGtUp3yDz0wWEnR6QtCDZAMe8q6OmyWjTtKhZ/8QcpnuENoxcLTAKahcttkgLEOAdGhiHdKTaU6Y4+reDETvVKiVh4BeyNDo7J7cosUU/UQ+/laGY/hh7JS0cv0GIL6r0yZRbeG38yxX14Ujw4YIxcbH9hRV8Lgsh5xnlhv7qLcyZD8Tb92Jx+W+0KWhJbT/0iiOGTrCSuL+uowfClUE02M54wAV5K9i6I1Qy7fkZeymTGHMCzb8ZcGGRXZEUarfKCZBfcT8tjXUp++w3GXpfA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DB8PR07MB6251.eurprd07.prod.outlook.com (2603:10a6:10:138::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.22; Tue, 28 Jan 2025 13:38:13 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%6]) with mapi id 15.20.8377.021; Tue, 28 Jan 2025 13:38:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>
Thread-Topic: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
Thread-Index: AQHbcYh1KetUyurFR0GmG5dfOULCJg==
Date: Tue, 28 Jan 2025 13:38:11 +0000
Message-ID: <GVXPR07MB9678285896AAE03BF25E8DFE89EF2@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DB8PR07MB6251:EE_
x-ms-office365-filtering-correlation-id: 0b47039a-f5b3-46b5-74c9-08dd3fa10262
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|8096899003|13003099007|38070700018;
x-microsoft-antispam-message-info: iI0DxuuYGm5pskZp0x0WvrWGgw9DQcNi2QPS/f8XfX1p8yYeydk28VrYzp10x3W5U5BODhpAFJEdUHmkJ/W4u/1+7AkW+XzB+MjFubq59duG+dTDn3Odve01ndJQvn21TOxDOtOHVjdZtN5iO92pOyTbKdyQYr4pFgzsNIt8JrWu/ZqCOItwrklOFnfvfttSpKK0AH8porOUDvxUWojqNxFvX/KF6a6rc66yXJyoDRIMd+nsaea++QikTJ/y4kJIdqsjcdPMeV2q6oOeP/pBiJiC0iC2hc0XWdLNYi7L5sFsF3m/m5OYhiY4xw2q0KI/Kllr8oNCZYLP+4Sl55W/fSs+cSVVPj9q9foPpYjTBwTi663AqFT2XxX72uPlAu5V34ehKnTOIsclNdB5du47JTy+jYW2+qM516TqUAq+7+TJA3Ne/IiEAKLq0oiGCWKc+dbWg+MRR/Gvxsuvt3J8nc1EenJC+5OdIx9zwmt8DZDZrOznZ1V7gOdsFvYX/qmMJxcURbDFzvcW0EVa+gvDTxBoDZmAu+bFe76Fs5HhrgU5IqnO+EVIHca9kOme7FxTAME7HeWkrSL+apon6dxbkmFYv0OIv/uHPnFmCJEVDxVLG+LvCaj02StsOw0Vif/seUPWqydkPwQzZD2DYya+TkM4qUNNv/tZJmSGA1AW4HXpAd2QfRXQ73G6570h3hhMlrQWmck77Q31d4DGDwcNK3yZ+GB1Xg6dlJDffu1D4ljBjOn4Kv2fjg8b3qHbYHZU5iGYI0R88GWVaW8Qcn7gZ7YtMHNTuuL6oPrsAn4c4uU+H+JtHhDKMyD/FVcUCUUr37tpi91TJJFUfmG6117s8xGLdclxHwYR1Z9neMHvMZcPTZC7iAiMrgDDwePHO8OO0M1fZrrPHesx22FjxlDhPydtwcZ2l3osZ6XJAvkdMbH+FXb0QzUPWy9Y6E8xOpQe9Dt4nrjCEZ3LeQ84B8SjO1TXoCRf+VYufWW02bAqp5rtEc35yB8VCfScaTONs7ZmMwGI0o2Q4g38zucAyteo7+wdpFEZYERv7DqzVk7FMFHHSd4haCJh1HT2dm48OVZBLWPnNHfJsUcfOitk1cIQkjP1V1FYFclrC7G2R7M4vZw7wElzFE/Zsq2DrL8oWZyRMm0YFEpBF9qm1SYKIPZk/fQk4salHLIdjFcIhNuyvpJV0pfSfrnX91Ye57EooqPTKltjviBr/jSDe7qg2o702m0JK4rLLgFEYwOSW00Nj1iig0d5CJ0ZJzD07wzi4rqHk6Se8gkMiQplx4mz8PndRlb/Iz0YIyVnOQB+lU/IcInTrIJDL+82e5IjpzqMjwV/Ikwo/wRVVijqVpIVJX7P+jhS/4JJzcAK085IIyv0+LJAGglickCJW29N7LOrt6Z/
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(8096899003)(13003099007)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yDPgFP5XoTFyRgKBrgCmuVTteOCdn1WRWGAihnVmB/LQiT68Je514LVSgMFR7nzWuo+wIUhh8ZxfYSzSF/de46yrQhGWAcqtHNsWAWOhUqH1H/t9Q3dGuO5jT61WpIoYYnE1RGOuG3AfxWUz6Bap/isXNFKYO7B+acGAJ4Ua2VdUypu22rN9Lq+CTWBc9/ta+94P9YX3BSLh75jLLYzHEkjJnZ33szj3qp/PsKtW+4JyRPmSESgEl8cQH900rm+hX65SAeRkZyka2lYvERWFKcqUddBgp221GNZpT/j8cNMR4OyY0Yb8X9TspREbsd0YNn37djr+fsYai5pGZuS+QEB8cu6I5CIA6Lnvt/TVPkAgPwtc7CR+zkEKOudYOROlNJ+47wSYNwLF8ePu8q+o7MpiYYWvZFu8pEXRGKsk6BpZzLUJjpLvgLi0wdAshYU9aERU6xUv+OAuzkBvl09isV5uZSFAQd1d/UmiWVUhY2EDC9NYW1oGrfPhOA0cr57EJIypz18KudLTG9JWfNYNU2mRkLaEHVfZyhIYcvjpQw68BderVScjYOfPQkSkjZh00MDOSeet3f6oedSYPKcPuuL3O3jVRkkzO53iz6/EbatGTsVVeI8DhsW9aONTMqOg5v77gS4sGGHR6cj71Uq8lgPxqIDeJ3LlrTYs501lRrUqQpHu/CRh8W5NljiuOhPLgGyAzwLOtVD3fRxT6G9UyFuYMtAB+UaKVBtvhNlrDn0gIbcYaXwZqm6jzQ8qGwHwQMivoReSPUOjkM1ETSZfdfaWfiWBrcY53E0bdn0rmMkbm5AIzcCV4yNH4Roew8tZKW3tZbZcRK1iRidgPAe8WzVySu8O23G3zQ4THG279KQHvw+2u4CUo29SwtT5BtRpBt+XtnPVdB7vGpW3Hbfh7gkx7FrzIBhUN4Wm2ryVHbmoBvsPc5c0IrTMXBqqocMVMpeo9sL/YX/IvzFqVhPBtbSJrQMItsnlWu6uYBNvBRCLYTc9BluxgZ3fB1jg/kqla8+FvEldpTEJI34KNKTJ5GjgUhtt0bhT6uGZIy2f3DJZasv7MGZP3zMSmEP2109WTuvGqBIq/eaKcbzfyi907wXwkEPOLSA9WaJZl1kg58rKCUs7Ds6DYA4WnxybhGczVoMJmOwNVJLAV83RFkTTBJYkFrKA8ZZdkxpcVOX9KpGLlBnw3ovqjAZBYtlvcdn4ZDMN1X4leDquf0c/+boVY6/RVhC5naBsNCemSKK7SpoJutSE58fmI9lw5XqtKAGNGKD/fzKPVkt9AA3iniajF/nJWqEE9ij9Y8xQqitrpggd/Hp5y5W7XtiE91lenXWKAdat/UboDu8l+Q/0OyZjfFdPqCFu2mnhQTWi7/FgFRRrujdib1atMEnzV+sBlFisYl76l3Av5gdFjA26ugbWyb4njIYoEMxvwNcM5yI9b7ih5boyyImVkESBjzTg8ELfhFsRyLNMlwzStUU8i3IRARTBzvOVWcxAdXS0Xoajp1sMFUeIpuTw+5ksoCZ94KhwSa29Hh1lZwgxpygGOO7YCXiwBJXJPmXtIK0vsHzZU8LRL7fRCXX3LxLFw6g8ehn0ggw9k1UXQ2Ol5wqoQ9kK577pM24sBsgE/obcwKp+izQ=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678285896AAE03BF25E8DFE89EF2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b47039a-f5b3-46b5-74c9-08dd3fa10262
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2025 13:38:11.8546 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b6K+R7+olAAp6kv6eCQD+qBIe70wuSrscr2fsfY8Nx0XT8UBP5imkfnp6hUHv5PbA/q6ePKhWTDeXUnq7RqXi4O3afZ5MobAR/i1GLPkUSo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR07MB6251
Message-ID-Hash: K6PUDUAGXV6ZCAEPR7666BCX4KHR5RLN
X-Message-ID-Hash: K6PUDUAGXV6ZCAEPR7666BCX4KHR5RLN
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/FXKZhBKCSd113MAg_4BuB-aeyjQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Martin Thompson wrote:
>With a 240 byte ciphertext (I had trouble finding a specific value, so this might be incorrect), that's quite a lot smaller than ML-KEM-768.  The ~800 bytes of saving per message means that you need to clear ~1200 messages for each public key transfer before the overall transfer cost is neutral.

Just hours before you sent this, I made a graph illustrating the overhead of the static encapsulation key and ciphertexts in ML-KEM and Classic McEliece as a function of the number of encapsulations. When the public key is provisioned in-band, I think Classic McEliece has less overhead than ML-KEM at the same security level after just a few hundred encapsulations, see Figure 1 of [1]. Also, users might be comfortable with a lower security category for Classic McEliece compared to ML-KEM, given its attack complexity has remained stable for decades.

>But the likelihood that messages fit in a single packet is a huge gain that has value far beyond what a simple tally might suggest.
That the small ciphertexts avoid fragmentation is a great reflection, I agree that is very important. I added that to my paper [1] before submitting to NIST.

Cheers,
John

[1] ML-KEM is Great! What’s Missing?
https://emanjon.github.io/Publications/ML-KEM%20is%20Great!%20What's%20Missing.pdf

v2.29.0 | Report a Bug | By Email | System Status