IETF Logo Mail Archive

Re: [CFRG] Call for adoption: Hybrid KEM Combiners

Flo D <Flo.D@ncsc.gov.uk> Fri, 02 February 2024 10:00 UTC

Return-Path: <Flo.D@ncsc.gov.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5687C14CE42 for <cfrg@ietfa.amsl.com>; Fri, 2 Feb 2024 02:00:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.107
X-Spam-Level:
X-Spam-Status: No, score=-8.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.999, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6CU-ad9zzx4H for <cfrg@ietfa.amsl.com>; Fri, 2 Feb 2024 02:00:20 -0800 (PST)
Received: from GBR01-CWX-obe.outbound.protection.outlook.com (mail-cwxgbr01on20601.outbound.protection.outlook.com [IPv6:2a01:111:f403:261b::601]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0FDEC14F700 for <cfrg@irtf.org>; Fri, 2 Feb 2024 01:59:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mQ2TRhub523im2p1e9HjIz1ebLJIg3gCbDXKiidGNX9sXfABN3lo3JlvsxaL7zf+fxtigNf87mucLyyK2+0OTb5SxEJjwPbPDH2ij6lhxYyFC7srgpvmYfML/CojDuQdUCCC+Mwp3hrwXYtqjmv5sWTfi8rcT17QvtiN40LtPt3na21x3kt99f33fnlNH3A+7/ohloxOMqr+9NQkNZ+v6bhRRqsDC1hpvFCEBJICmD8N+yibQZfIF4GqRPDLReHsKxo1QsyULpYBXnmE4N1Z1XLpNOyP13YR7DPFCgQn7+0U/ALsykp08lq/JIg/j1ryamQI3Qr60UrwS8ZbFNKe5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+RT1pZo2533yIPhnrJY7MH4uZhZQ5Ii3xoOmXaW+3To=; b=NvgsBhWrwwpfeTsEa6WGcsrIisbPZU1YVqPA1rdBa5oEUWaoJ4heaTFRwRaHxybQBvLQjPBPdZJPA9xywgGQluf/o/AMGiDUcHoOGMmtBB29fedBLFGsyo+JznjjsNZdUIBgHw/ZDO7FPVvgC7Y+l+yH+k+wvBczhk96W6oqHS5pLqj4kyMPGGkayy2KFLneN5LYE6qtfMA11GqP495d2Plk5Ouc54UBu6l2ZAQtfRuAZ0Pff/a0Dj1PfooUcDSUuBbnoSt2UsyiBH/9NuhMtN7yKAjiYzUfMgtgIpM5tJwz+CbTsdwC+SfBQIkGfMhRQ3UEB2FvZcCPR76sJjwdOw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+RT1pZo2533yIPhnrJY7MH4uZhZQ5Ii3xoOmXaW+3To=; b=HmNh+MuueLf+ZRIEC6MC0Y/YzfNaC22z5Vw0Y7w/OjjzabvnHB8DniWomN/SfzezoV1vE4nOv7BUTd5jItPqw2331X4eBnL5wqvp9mD51SJojrY2cZwnU3K03aK31h/euBBeL4PXtYjVjizYWE2bFusjU4hz6HYDtgVxXgEChRjtG3GglhlvNRgTj/TH/5RlgamVd1/neqqk26pZSR0wD2rYRK0QN+2JWD5xP67kWmyv+hv56YJpZbjpUgdTB4Uhp4/mPAjFgktpAEN+1L4Wf8BWx3Us1ijtf/fUgGBujI5f6KHTuOKxe9V7bIQi1++t8uvK0x5MOy7uOt1AsDSkRw==
Received: from LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:181::5) by CWLP123MB6036.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:1b8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.30; Fri, 2 Feb 2024 09:59:55 +0000
Received: from LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM ([fe80::cc74:2b10:632b:21bc]) by LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM ([fe80::cc74:2b10:632b:21bc%3]) with mapi id 15.20.7249.027; Fri, 2 Feb 2024 09:59:55 +0000
From: Flo D <Flo.D@ncsc.gov.uk>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] Call for adoption: Hybrid KEM Combiners
Thread-Index: AQHaVFpMmINqXepAE0Kg0Esjne/WIrD209lA
Date: Fri, 02 Feb 2024 09:59:54 +0000
Message-ID: <LO0P123MB4041DE4724584B37DAFC2388A8422@LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM>
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
In-Reply-To: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO0P123MB4041:EE_|CWLP123MB6036:EE_
x-ms-office365-filtering-correlation-id: 96fb5f16-59bf-45a7-e400-08dc23d5b4e1
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1VRxKqAnWTQRKhKh++An3eJUx2bAgeXhhIpVwopnEsZDg7nZEUYVpBzNLogg5vOtc1RkjhDyNk70TawsQcjtxjQgxm/B8+/2/ZtjdsqgBIvvGNt1+KJEhqBdPkKCZ2VB8t8F7epMPtWK3tChJzsqHWcdy+DkSYxMnRsv4GUBHng/O1Ng0Jpgo7i5LDoncKP3t3xA+1DYQO61VGEGgC7y2eaLGGldHZyYHJ++pD0KtxR5jJ/YJUKIMpJRBHzuKdrpdX9/n2anOmpVrteZMQ3/8S7SQWD2yh4Q1KmRXrYnoTpn2cElhBiC/cJrfjxp1+X2Q1gaa9aCoO6fW4ae3UOPrdNyV0bNj4+pO27EJY20jLgveqb+Gl8HOB1wOVzMmZwPlv2m4WVbVM0GJjBx0S2z1+ZFX3/2TTqo5ikx0jwbKwetDU65qPFWFtIlupamOwViveHX6B/aYg0LDX7DnNrpnL8L9XDUH6soqePaWrRh7+YH1MYo+UVUUDl+4lKQ6bqVdWqcgi7M0ZXdkW3w+dFFuH+l6l1dJytZAobB1KsVvEAhJbDexABZnI3n/zovH3ZUx4PqIyfnoFkCkkRIZW9UpcTLfGsiczRm0RC9IwnHfUOFMcR79NI4LbMBATaNFVG6Q0TzP6D7TpeK+WsypVoN0D+P7UGnYjKw5zwHU8TGLbA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(39850400004)(396003)(136003)(366004)(346002)(376002)(230273577357003)(230173577357003)(230922051799003)(186009)(451199024)(64100799003)(1800799012)(26005)(41300700001)(83380400001)(6506007)(7696005)(53546011)(71200400001)(9686003)(66899024)(478600001)(966005)(66446008)(66476007)(66556008)(66946007)(76116006)(64756008)(316002)(6916009)(122000001)(82960400001)(8676002)(55016003)(33656002)(5660300002)(38100700002)(52536014)(8936002)(38070700009)(86362001)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4MDqH7iyY0X5irk3rn8WfFy2rrNxQRxLNk93DtTcvStozAIofgYpJhjC1l6oYikSwVlANKTVUZLWY6VYXFNvrxnlSw1NstRb7usn17j8+jbDX1NrpZlhvhG/JipoWXNsuOQuCu/f6HU/HoFk3IZlR8m+mfk3d7ifAs/Mv+qL5v2hAJywcSI3rbuIUTxlulRIniynyyRdZnn97S7JSZmCOroXc8980dhwNz+hN0cGPd2R03NCz9JClG+L1F629a3BHEeggH/8MxNr7rm1G3TkpqepUo9AtZXKjqvwkajfNHGx7tjUp2EQdKz9h/KQB8Fep1QbaxY78j0hmBPxostOWOdCDn4EHpwYtXEyV4wQWuuGp8ZWdreNpcum16kri7KCpPIxW8cQOuhIay5fD9UoEvc2inZQ2RfBo6ertKF8TLna6d604Fpg2LXIRJ0EWxmxMxVP/C0ThhObU+M3knx3ZUAN3lntrv7U5rOZ5Vgski8y/9jHfkXKn2qlUGMfv9yI8bti2Ra5F0mHCztmWQy/hWsdGLOfTSrPLeeSSne63mHnHp6q3fQYIKa4byyfChjBlLZpv330itezTeNkWqqHXT5nL5iJuwG+kLM6WiX9Xq6KfETPJxU/T+PBVJAy+x16e7CTYW3QArOq/og5VCVEhnqsy85WHOanPBRIFnVzo52TzuU7V6sJXfq1mfMI6vxOb8FEdwL5WAzEqsjFbRamhMRKzdfOSHcPsdguPFApFARIkT8nz4swGKRa+wlNHwhl8NB+AWciPMKPMcm2YZtzK4306+TtwLmbtvFrlLe/29Iso+G6ntAQw/MMoPoiYkMHWzbwPm/8XU8B5URSCHfm2xsfXETLtDx1dmYUUSJe8kZkr4MsFwbKQ8xh5zkx+eFMgYYXxVBApXj177vmRgpMKOVZGhG4FKPcDCaXSR8RXVg/nl0Pybq8sdY7pEjysRlcCxWO/WRgdAUQ9JgCiC4CkWrMN0w92w+8yRoN66PEjQ2XyS+jax+Y51qCsJaVxRDAwl8XePZXPTLMBiN8abKexSnLe7FqRcgZiLwA9y+K35ANKPgJjkGInY0RWKbnobOOULVM0q3+N5LaXv6DbTYi5P4xtDBWpB1kwDY7auKkFDRQgFZmIms/Z+VhbNA73RoARNOBxv9Dg+srb9F5qwzMI0HbBIlioyUM94+yQA6bmBd741Ya0LTNoPwNGyRP8+gRIzCN8fSRopHmvG+IaUPiJieeG3HkjkMb+gzwFF+urosvO9pUA4xPJy0/5aI6tp8bNOCSA88pKdpx39KBWwW+kMzwj8DutokZevX3xFMMhJFAfl5JnarAwzH3MC04M8rVGbKDAGPY0mtIaejLobSf72RSBvtq45kgyqXfSZKKjwiFKS11ZHuV+6AWtJv5bW3/xIAeYlWg23zvNxxs4uy7gHy7n+iG+U6wgOKIYNXDYAJt9WWvUDbgKEBWC/bJP5ANqh5pugQPRBwJp5HRbt36/9bDypNeZVaEvg7m8V7mMJSWjvAeakPtE/+q0kq8AWI5SoYjUcAe5x6FVJ3G3oVR/bxEFKyN16SvLWqaUHOIXEVx+M0F1fW3X2NTonrcO0gl
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 96fb5f16-59bf-45a7-e400-08dc23d5b4e1
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2024 09:59:54.8883 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: H9TRT2p+mkwt+tTbfaQwW8wE4xHXzClfPgonQ4b7e/RYlwsfag6hX8khp912NTrGKuGZPlkQ/2y+z9uRi3E9n7oy1rUXBN/KPZY6ioi9I2Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP123MB6036
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JLWDUQi4CZBWROhJ9-deNglCnGs>
Subject: Re: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2024 10:00:24 -0000

I support adoption.  There are a variety of proposals in this space (both in CFRG and directly in protocol drafts) and not all come with the same level of security analysis or discussion of why particular choices are secure in context. It would be very useful to have a single document that robustly explores the security of different options in different circumstances.  It would also pool the expertise in CFRG into a single document, so we'd likely end up with the best possible analysis and content.

Flo

Flo Driscoll
UK National Cyber Security Centre

From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Nick Sullivan
Sent: Wednesday, January 31, 2024 3:29 PM
To: cfrg@irtf.org
Subject: [CFRG] Call for adoption: Hybrid KEM Combiners


Some people who received this message don't often get email from mailto:nicholas.sullivan@gmail.com. https://aka.ms/LearnAboutSenderIdentification

Dear CFRG,

There has been a lot of discussion on the list over the last few weeks around the topic of hybrid KEMs, including discussion around the topic of where we should go as a group. There seems to be significant interest in this topic from around the IETF and in broader industry. We (the chairs) have decided to open up a research call for adoption for a topic in this area, described below.

The standard context for the group applies here as always: As part of the IRTF, the CFRG is a research group, producing research documents relevant to the IETF and broader community. The CFRG does not publish standards and does not dictate cryptographic choices to IETF working groups. CFRG documents often come with concrete specifications for parameterizations relevant to groups within the IETF. Recent examples of documents of this style resulting from topics adopted by the CFRG include RFC 9497 (OPRF) and RFC 9381 (VRF), which provide a thorough overview of the topic along with concrete parameterizations that can adopted by protocol designers.

The CFRG has a full docket of important ongoing work, so it's important to ensure that any work the CFRG adopts at this point aligns with the charter by offering necessary guidance (for network security in general and for the IETF in particular) on the use of emerging mechanisms.

With that preamble done, this email starts a three-week call for the adoption of a work item within the CFRG to produce an informational document exploring how to safely combine KEMs. This document
* Will use draft-ounsworth-cfrg-kem-combiners as a starting point for describing generic combiners
* Will include an analysis of the non-generic combiner mechanisms for specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published works in the area
* Will describe the security properties and trade-offs of various methods of combining KEMs
* Will provide concrete instantiations of hybrid KEMs that are relevant to IETF protocols (potentially similar to X-Wing and Chempat-X), including pseudocode and test vectors

Please give your views on whether this should be adopted as a CFRG draft and whether you would be willing to work on this document and/or review it.


Nick, Alexey, Stanislav

v2.23.0 | Report a Bug | By Email