IETF Logo Mail Archive

Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography

Orie Steele <orie@transmute.industries> Tue, 12 March 2024 22:04 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCA56C14F690 for <cfrg@ietfa.amsl.com>; Tue, 12 Mar 2024 15:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.085
X-Spam-Level:
X-Spam-Status: No, score=-7.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fxPc1XHeJVj for <cfrg@ietfa.amsl.com>; Tue, 12 Mar 2024 15:04:46 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC929C14F6B2 for <cfrg@irtf.org>; Tue, 12 Mar 2024 15:04:46 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-29c54d08d5cso551300a91.3 for <cfrg@irtf.org>; Tue, 12 Mar 2024 15:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1710281086; x=1710885886; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=313eee2VH5a1OiyBHT/y/wq3itWRKLPeHNPc09PD720=; b=QoZxIGsCtzji8kUuFHpOLM3io28p7JvwhukUm66gr3FeOOaEgnu3rXGBvtxLvn+otf IrIsOjsHLxibMeOYo4w6mOzvvzxWGCamlcQ0Q8bNJfMYG/u7p0gNhS098NFm11sYiZZw QYaL2kUzGcLRNYYyl1QEhl35pDKtRz7KCsjH34M2qbPLUjra04an4nZdQQWIvW1+nW9d fW4YaYGrEOLsVBk+8CL5xlHTX/RnQo2NS7EnfNoCAQnIUK82mLWrl14NYWT/KZ7T82uX K7l6lBdfUix1xmAydv2TE/pOB+0F6LW/2z7c5IKWeo4YaK0AXeITOUCzYcKzvmmUzBYF D4PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710281086; x=1710885886; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=313eee2VH5a1OiyBHT/y/wq3itWRKLPeHNPc09PD720=; b=Wmn1FexOQWZ/xZbR2AzblXqq+0JP+kLFRFfNgfAxIdsyR5mcteOVmkKRfEq2q7AaXS DHDcTxR7ZJotyyfOtyl2tWPPDhhA48eDSkeLzF39xbtQOnamg20NFQZAe3ZM+fK5ol+s Dj5aLtSD9V6DfgT2PjZMzJ8BCHMJ2fCh+0HqBq3IrjBzS2eV1z+EvbxssL/YJCy73miQ 1ws1GQePugxQD/ZKwBbNvt9dekKrHsbmVlcaLc4LsK5bmJBiGB1YcNFEpFH2w/omYsL5 5yEBXAaUCjG6UxLZ+ttL81kA/R7E+Qu2cKrqmCNcAiHT5cV/0pyQbKrznWHPqWiWIMSd N4NQ==
X-Gm-Message-State: AOJu0YyAurpRL/ZaK8jS+WwU68tTSRWZWewR2w2kCJEZ0i82kByVhBu5 8YkvkzScAK2q90zXSoZ7wkesAklG5LI9+INL7rXZAp/RCos1OKGS+56pCAApe1PYsLNuOy/yArC SBh9tmDCMPHbTLqVtbijUe1Sx53kH6YdwZv5yVam7GIfF68lhUI+1pw==
X-Google-Smtp-Source: AGHT+IF6YZSxx4y4+fZVM9D0GfxA9H9hw0imIvqmeU6zki4MWsNO1VbfXWbDawUs01neBM2nbdxEQZwQ+vvI8EPo6QY=
X-Received: by 2002:a17:90b:4b4c:b0:29b:ae33:6ffe with SMTP id mi12-20020a17090b4b4c00b0029bae336ffemr9228216pjb.2.1710281085920; Tue, 12 Mar 2024 15:04:45 -0700 (PDT)
MIME-Version: 1.0
References: <2D2B67B4-9E1D-46DA-A2EE-08D89BFE254D@akamai.com>
In-Reply-To: <2D2B67B4-9E1D-46DA-A2EE-08D89BFE254D@akamai.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 12 Mar 2024 17:04:34 -0500
Message-ID: <CAN8C-_J0_bQRTymi0O+OtNOcid6P5m9EYj-MaZP_MJe=_VXKiw@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000097c61406137dd8cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Klz2YYsyruCDGpahSNJoQoFtYFY>
Subject: Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 22:04:50 -0000

I'd like to point out the hybrid recommendations part:

> Our current recommendation for encryption in transit is to use Kyber768
for key agreement in hybrid with X25519 or P256.
> Our current recommendation is to use either Dilithium3 (FIPS 204, ML-DSA)
in hybrid with ECDSA/EdDSA/RSA, or SPHINCS+ (FIPS 205, SLH-DSA) for this
use case.

I fear how many different variants of these we may see in protocols without
some baseline guidance from CFRG.

I'm resisting the urge to share memes about Marvel villains.

Regards,

OS


On Tue, Mar 12, 2024 at 3:25 PM Salz, Rich <rsalz=
40akamai.com@dmarc.ietf.org> wrote:

> I know Sophie’s on this list, but perhaps modesty held her back from
> posting this link:
>
>
> https://bughunters.google.com/blog/5108747984306176/google-s-threat-model-for-post-quantum-cryptography
>
>
>
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email