Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography
Orie Steele <orie@transmute.industries> Tue, 12 March 2024 22:04 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCA56C14F690 for <cfrg@ietfa.amsl.com>; Tue, 12 Mar 2024 15:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.085
X-Spam-Level:
X-Spam-Status: No, score=-7.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fxPc1XHeJVj for <cfrg@ietfa.amsl.com>; Tue, 12 Mar 2024 15:04:46 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC929C14F6B2 for <cfrg@irtf.org>; Tue, 12 Mar 2024 15:04:46 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-29c54d08d5cso551300a91.3 for <cfrg@irtf.org>; Tue, 12 Mar 2024 15:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1710281086; x=1710885886; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=313eee2VH5a1OiyBHT/y/wq3itWRKLPeHNPc09PD720=; b=QoZxIGsCtzji8kUuFHpOLM3io28p7JvwhukUm66gr3FeOOaEgnu3rXGBvtxLvn+otf IrIsOjsHLxibMeOYo4w6mOzvvzxWGCamlcQ0Q8bNJfMYG/u7p0gNhS098NFm11sYiZZw QYaL2kUzGcLRNYYyl1QEhl35pDKtRz7KCsjH34M2qbPLUjra04an4nZdQQWIvW1+nW9d fW4YaYGrEOLsVBk+8CL5xlHTX/RnQo2NS7EnfNoCAQnIUK82mLWrl14NYWT/KZ7T82uX K7l6lBdfUix1xmAydv2TE/pOB+0F6LW/2z7c5IKWeo4YaK0AXeITOUCzYcKzvmmUzBYF D4PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710281086; x=1710885886; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=313eee2VH5a1OiyBHT/y/wq3itWRKLPeHNPc09PD720=; b=Wmn1FexOQWZ/xZbR2AzblXqq+0JP+kLFRFfNgfAxIdsyR5mcteOVmkKRfEq2q7AaXS DHDcTxR7ZJotyyfOtyl2tWPPDhhA48eDSkeLzF39xbtQOnamg20NFQZAe3ZM+fK5ol+s Dj5aLtSD9V6DfgT2PjZMzJ8BCHMJ2fCh+0HqBq3IrjBzS2eV1z+EvbxssL/YJCy73miQ 1ws1GQePugxQD/ZKwBbNvt9dekKrHsbmVlcaLc4LsK5bmJBiGB1YcNFEpFH2w/omYsL5 5yEBXAaUCjG6UxLZ+ttL81kA/R7E+Qu2cKrqmCNcAiHT5cV/0pyQbKrznWHPqWiWIMSd N4NQ==
X-Gm-Message-State: AOJu0YyAurpRL/ZaK8jS+WwU68tTSRWZWewR2w2kCJEZ0i82kByVhBu5 8YkvkzScAK2q90zXSoZ7wkesAklG5LI9+INL7rXZAp/RCos1OKGS+56pCAApe1PYsLNuOy/yArC SBh9tmDCMPHbTLqVtbijUe1Sx53kH6YdwZv5yVam7GIfF68lhUI+1pw==
X-Google-Smtp-Source: AGHT+IF6YZSxx4y4+fZVM9D0GfxA9H9hw0imIvqmeU6zki4MWsNO1VbfXWbDawUs01neBM2nbdxEQZwQ+vvI8EPo6QY=
X-Received: by 2002:a17:90b:4b4c:b0:29b:ae33:6ffe with SMTP id mi12-20020a17090b4b4c00b0029bae336ffemr9228216pjb.2.1710281085920; Tue, 12 Mar 2024 15:04:45 -0700 (PDT)
MIME-Version: 1.0
References: <2D2B67B4-9E1D-46DA-A2EE-08D89BFE254D@akamai.com>
In-Reply-To: <2D2B67B4-9E1D-46DA-A2EE-08D89BFE254D@akamai.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 12 Mar 2024 17:04:34 -0500
Message-ID: <CAN8C-_J0_bQRTymi0O+OtNOcid6P5m9EYj-MaZP_MJe=_VXKiw@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000097c61406137dd8cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Klz2YYsyruCDGpahSNJoQoFtYFY>
Subject: Re: [CFRG] Google's (current) Threat model for Post-Quantum Cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 22:04:50 -0000
I'd like to point out the hybrid recommendations part: > Our current recommendation for encryption in transit is to use Kyber768 for key agreement in hybrid with X25519 or P256. > Our current recommendation is to use either Dilithium3 (FIPS 204, ML-DSA) in hybrid with ECDSA/EdDSA/RSA, or SPHINCS+ (FIPS 205, SLH-DSA) for this use case. I fear how many different variants of these we may see in protocols without some baseline guidance from CFRG. I'm resisting the urge to share memes about Marvel villains. Regards, OS On Tue, Mar 12, 2024 at 3:25 PM Salz, Rich <rsalz= 40akamai.com@dmarc.ietf.org> wrote: > I know Sophie’s on this list, but perhaps modesty held her back from > posting this link: > > > https://bughunters.google.com/blog/5108747984306176/google-s-threat-model-for-post-quantum-cryptography > > > > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://mailman.irtf.org/mailman/listinfo/cfrg > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… D. J. Bernstein
- [CFRG] Google's (current) Threat model for Post-Q… Salz, Rich
- Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Sophie Schmieg
- Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Natanael
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Loganaden Velvindron
- Re: [CFRG] Google's (current) Threat model for Po… Scott Fluhrer (sfluhrer)
- Re: [CFRG] Google's (current) Threat model for Po… Bas Westerbaan
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Neil Madden
- Re: [CFRG] Google's (current) Threat model for Po… John Mattsson
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… John Mattsson
- Re: [CFRG] Google's (current) Threat model for Po… Orie Steele
- Re: [CFRG] Google's (current) Threat model for Po… Ilari Liusvaara
- Re: [CFRG] Google's (current) Threat model for Po… Sophie Schmieg
- Re: [CFRG] Google's (current) Threat model for Po… Sophie Schmieg
- Re: [CFRG] Google's (current) Threat model for Po… Dennis Jackson
- Re: [CFRG] Google's (current) Threat model for Po… Scott Fluhrer (sfluhrer)
- Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Anna Johnston
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Google's (current) Threat model for Po… Loganaden Velvindron
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… D. J. Bernstein
- Re: [CFRG] [EXT] Re: Google's (current) Threat mo… John Mattsson
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein
- Re: [CFRG] Google's (current) Threat model for Po… Stephen Farrell
- Re: [CFRG] Google's (current) Threat model for Po… Daniel Kahn Gillmor
- Re: [CFRG] Google's (current) Threat model for Po… Daniel Kahn Gillmor
- Re: [CFRG] Google's (current) Threat model for Po… John Mattsson
- Re: [CFRG] Google's (current) Threat model for Po… D. J. Bernstein