IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Watson Ladd <watsonbladd@gmail.com> Sun, 02 February 2025 09:49 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B377EC1D8D4A for <cfrg@ietfa.amsl.com>; Sun, 2 Feb 2025 01:49:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ySNHSprig41 for <cfrg@ietfa.amsl.com>; Sun, 2 Feb 2025 01:49:16 -0800 (PST)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6005AC1D3DFF for <cfrg@irtf.org>; Sun, 2 Feb 2025 01:49:16 -0800 (PST)
Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-436345cc17bso25312675e9.0 for <cfrg@irtf.org>; Sun, 02 Feb 2025 01:49:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738489755; x=1739094555; darn=irtf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=GU4tww0JygNfZeo58JNpNh3ikpmVGVGaTmlyA3/pAPI=; b=VXJFmm4N5Td0VQy93G2tUaIO3fP6/ktFkuBnyRyVBDkhDF8e7cTwAMxnPC4WY7AKLz r/0SNkMHLhsLEzf6GhnMDRo7ehokc8pprC1Ck9DaFptUQdO/lJt9ji2Oa4iXuhBO2qKk G+m2Ws21tWOyVfCPOiV+MRH4l7qKNfOuKZs75qXKW7Zb5lZzhidqtslLkM5BY3g5PQLA 9GEZkSme/yJeWLpYbhS1o5ONzVhUJEl5xTcDDbjdEKETPPA0I82XWY9CzZFGCw9q+XeV kjxctT4T3BrRIR8MaPzCVhFIlLwv+HJXH9RPYcMlvg6kcdcR45vaxqCEQzTlu4WPijf8 RUbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738489755; x=1739094555; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GU4tww0JygNfZeo58JNpNh3ikpmVGVGaTmlyA3/pAPI=; b=YPYSLNWszQPCORMZl5ZUEVlG97Zq8/MKL2cmzJgOLIX8iZOY5PfU6e5ZyR3iDAeCIX LER2gn4KnLwmR1pYPggWWp233pbNxJOtdmalEjOXlLeh56f+efg0+tB700huEUHWQYtC elPJauQ5rBPS3BxHA+loC4TAxdHM0lzEjZ3ioatqqdgQmBQpKBiTp8CuFTKcwoh9Ju2A CrcmVkTpDv6x62jHoSe6EHHBLIXxoR+Ni9LKV31oue+rOrFFDJ6CbEXVKkuTbUTrqeTv fPC33zZx8mL/RQp4ONaw5awSpatrES7ICKzIefqBYV5d4zG8mOTBtJZckXLWvy2htf0H e8gQ==
X-Forwarded-Encrypted: i=1; AJvYcCUOtTJcgiNapR/zPVJGYEGoM4uX0ILnUaYWjkPGJKjSizxbmgBWxavAbH0ip79TkImSGWv/@irtf.org
X-Gm-Message-State: AOJu0YyygZDSz7QaWygR3PpE8vdO/NK/xXPU5jyvR/++NWkf1bMSnWqX ypeNONmOa6pgzgy89XeqvxEvKQezBfw4kPapapfvPtj3Sq2Pg7eX97uYcnMNMpcqIJwDdT9DZxV PLHKS+9Bdb7RH8LdhchK2BPh+mYo=
X-Gm-Gg: ASbGnctFK4ppky+f/T8lXMQ8cHqoThmg9dv/NvVQUzdcmP4hwmEUz/hUxvFnsDJreoW 97qPMphtSs8f4o4ZFCTtfI5GhDq2xUApO11UJy3Z1iHPVCUS5g9ipWrt6Y4n9b9NwOsk4bbcaAV S0/OX92B5p+AvazPZU1VZWE+jGJ5PwyA==
X-Google-Smtp-Source: AGHT+IFJzGAqhOOj54odV5QJLPiZvC0kbwrgtXMSSoCMfwI7/WsbOfzXYT3E68XNz/4GSHf6z0K1jXKzj7+qGVKz5Pc=
X-Received: by 2002:a05:600c:3511:b0:434:f3a1:b214 with SMTP id 5b1f17b1804b1-438dc41ef52mr128903375e9.28.1738489753103; Sun, 02 Feb 2025 01:49:13 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnJ7TgnCp1GsSnRfJCY1rt+t2BBSadm0YkDM8tuL-pE+A@mail.gmail.com> <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com> <CABzBS7kLoP7U=EpQmotCQntASFGcrLXpnSuTQ3i18W-W8Hf5QA@mail.gmail.com> <b7af8867-7386-4f03-b28a-cd5a32297ec4@betaapp.fastmail.com> <87y0yvs2ct.fsf@josefsson.org> <CABcZeBPhr4gENxWkoKKwqdu_dW3=7GRyKjpG0sf10CSHOXGwhg@mail.gmail.com> <4c7e3fae-b6d3-484b-91e0-52a948bffa3d@amongbytes.com> <AS5PR07MB9675B69CC59D88AECA2F9C3D89EE2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com> <CAFR824xTKpsMPU5g_KrAdssd_DLw41Dnkk9t0eXiwUVVX=e8QQ@mail.gmail.com>
In-Reply-To: <CAFR824xTKpsMPU5g_KrAdssd_DLw41Dnkk9t0eXiwUVVX=e8QQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sun, 02 Feb 2025 01:49:01 -0800
X-Gm-Features: AWEUYZls2VNvwYXED1fbG4SF5LGPLHWgXCx4ebfi0fNs4jKx1Qa_h0sJwmSB3-A
Message-ID: <CACsn0ckD4rbBiq=SiOGpf5TsdaJEVefBjM9cszOe-LYvYdtyGA@mail.gmail.com>
To: Deirdre Connolly <durumcrustulum@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: WVCTHGJQC55NV35KDDYAKWFULIKHNOO6
X-Message-ID-Hash: WVCTHGJQC55NV35KDDYAKWFULIKHNOO6
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IRTF CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/F_wFxyZdC_DOgBin5gcyq-Rk6do>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

On Sun, Feb 2, 2025 at 12:16 AM Deirdre Connolly
<durumcrustulum@gmail.com> wrote:
>
> > I think the CFRG needs to run a competition process
>
> Has CFRG ever done anything like this?

Yes and once it was a complete catastrophe (the curves process), and
extremely slow and messy (the PAKE contest). With PAKE contest I think
the differentiating criteria for the winner was something that can't
easily be integrated into protocols for some reason I don't understand
(someting something UC).

We should avoid doing this in the future IMHO. Getting a bunch of
acceptable entries and selecting between them isn't something the
rough consensus process shines at, and it can be unnecessarily taxing
and contentious because of the inherent stakes.

>
> On Wed, Jan 29, 2025, 12:52 PM Quynh Dang <quynh97@gmail.com> wrote:
>>
>> Hi all,
>>
>>
>>
>> Below is my personal view which does not imply any view from NIST or anybody else.
>>
>>
>>
>> I think the CFRG needs to run a competition process to select a lattice-based KEM to provide a good option for the users who don’t want to use ML-KEM or NIST’s standardized cryptographic methods generally.
>>
>>
>>
>> At least there are 2 candidates we all know right now which are NTRU ( see here https://www.ntru.org/) and Streamlined NTRU Prime (see here https://ntruprime.cr.yp.to/) . There are important differences between them; they are not “about” the same. Something is true with NTRU does not mean it is automatically true with Streamlined NTRU Prime (security, performance or IPR etc.).
>>
>>
>>
>> Here are the reports of the second and third rounds of NIST's KEM selection process which had both candidates: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf  and https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413-upd1.pdf .
>>
>>
>>
>> It would be very useful to have performance data of  (many) different implementations of the options of NTRU and Streamlined NTRU Prime on (many) different platforms including constrained ones beside the data we received during the first 3 rounds.
>>
>>
>>
>> Regards,
>>
>> Quynh.
>>
>> PS: I don’t plan to spend my time replying to potential messages asking me all sorts of things. My apologies in advance if I don't reply to your messages.
>>
>>
>> On Wed, Jan 29, 2025 at 6:48 AM John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:
>>>
>>> I agree that CFRG should prioritize things that are likely to be adopted by IETF, but I think it is important that CFRG is not limited to things that have a current customer in the IETF. This would be too limiting for an RG. CFRG must be able to work on things that are likely to be useful by the IETF long-term.
>>>
>>> John
>>>
>>>
>>>
>>> From: Kris Kwiatkowski <kris@amongbytes.com>
>>> Date: Wednesday, 29 January 2025 at 12:30
>>> To: cfrg@irtf.org <cfrg@irtf.org>
>>> Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
>>>
>>> i haven't seen anyone suggest that CFRG should not publish its own
>>>
>>> specifications regardless of what NIST does. That's certainly not
>>>
>>> my position. That would be an odd position to take as CFRG has
>>>
>>> already done this a number of times.
>>>
>>> For primitives like LMS, XMSS, and HKDF, it was IETF that originally developed the specifications, with NIST later incorporating them into its standards.
>>>
>>> +1 for CFRG focuses on defining primitives that are likely to be adopted by IETF, ensuring they are well-vetted before becoming part of widely used protocols.
>>>
>>>
>>>
>>> _______________________________________________
>>> CFRG mailing list -- cfrg@irtf.org
>>> To unsubscribe send an email to cfrg-leave@irtf.org
>>
>> _______________________________________________
>> CFRG mailing list -- cfrg@irtf.org
>> To unsubscribe send an email to cfrg-leave@irtf.org
>
> _______________________________________________
> CFRG mailing list -- cfrg@irtf.org
> To unsubscribe send an email to cfrg-leave@irtf.org



-- 
Astra mortemque praestare gradatim

v2.29.0 | Report a Bug | By Email | System Status