[CFRG] FW: PQC Standardization Beyond NIST PQC Round 4
John Mattsson <john.mattsson@ericsson.com> Tue, 12 October 2021 10:14 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEEA03A088F for <cfrg@ietfa.amsl.com>; Tue, 12 Oct 2021 03:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_XnqUSbX8Nf for <cfrg@ietfa.amsl.com>; Tue, 12 Oct 2021 03:14:54 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70052.outbound.protection.outlook.com [40.107.7.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68FB33A088D for <cfrg@irtf.org>; Tue, 12 Oct 2021 03:14:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dgT/5oWuvzTNuwWs0zKX57sIfdREr49C8Oy+RIFK4HT+NK02abqM+pawwgWL5pOTQHppSd2peaICW+Ar0O+9ovVWcunN0yVmdchNu7yDZxPzRM7kTA1n1CxPtjWvwhuVT5Z31mGcp0SBoBsR8D0btBHI8Tu4QxDcjonAR3zJ2kmMMhnrC0V4VR1sbgITReEHE51rXn/ua+ay/pv8Gz+Y07dgByh0trdf8FFE3qCDMHzbtngayzeIPDmqVEcra7bJMbqc09ctdgzh7DtfQ9BrMXjNFeLq66NgCLHY5ktZBdvdI0+qQxgbpEhFZwTm5HGhUZB6JCemSJvkqDzOHG6Jpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ufHGyZ5/RCQ+dzLF1rp6YDmxtf6yB+QdQGYZr+sOxDo=; b=V+oLr0OYk3xFFhMqgR0d0NF+NHJqAJpIoArReUPlQJe1LMMyYs4JORmXCzZD9VHdcwSBvNcEF1K/pE2eOu+4GfHCa2vMhwCCtRARFV+E/bUnvLovTVM7W71TfpvkZ418SyQCF0DfN8KVMynIoceWPfEboLEPDMFH871Remvyd/eGlnpTCgx9DTLn+0FE1aYOR55Bo7zJe3oD8x/UVAqv+Ytoup2VMU2sXBlyHi7LXg8bpmWf8BH5+tzBOQgxhlPzkfcD9YxZa8vn7E+7tZz4IlIaGP17JWzow/OqtdFXom8YUvFA9EqrSG+J3+B1+3FUbbufDPujgub0kVYOP8wWvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ufHGyZ5/RCQ+dzLF1rp6YDmxtf6yB+QdQGYZr+sOxDo=; b=VlRb2/Wcyvy/M0yJclzWWzyFjXRgFzFNwNk69y3hJNs0s4rXEMRPmxtnQyldWFnatvah0aZ4g7ZWSpgtxYkJilZDgyoH6a5LyH6wpkSzNTz4hO0Dbew7iq+y+4G932gUVa+C6B/Zp396Rt2mh2OWDCkI7ziI2yOdNOUOIIPNuyc=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2508.eurprd07.prod.outlook.com (2603:10a6:3:72::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.12; Tue, 12 Oct 2021 10:14:45 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::d012:63e4:344b:a81b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::d012:63e4:344b:a81b%8]) with mapi id 15.20.4608.014; Tue, 12 Oct 2021 10:14:44 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: PQC Standardization Beyond NIST PQC Round 4
Thread-Index: AQHXv1CUSXmp4/l0hkm4x1Gy7H8hD6vPIpTH
Date: Tue, 12 Oct 2021 10:14:44 +0000
Message-ID: <HE1PR0701MB30501A35FE6C664D83CDB68A89B69@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <CACOo0Qg3QwoA-sgfRyaUaKg8P+FyCOPuySOCLu=Rxvbt+UzDkA@mail.gmail.com> <4f61d62c-b83b-4729-8726-d10232ae2b93n@list.nist.gov> <HE1PR0701MB30504EA4511240DF16131CAE89B69@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB30504EA4511240DF16131CAE89B69@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 51c2fc28-d596-434b-42c4-08d98d691d28
x-ms-traffictypediagnostic: HE1PR0701MB2508:
x-microsoft-antispam-prvs: <HE1PR0701MB2508821FB006B9D4710DF86989B69@HE1PR0701MB2508.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DDqyAdIX7+VugFZ0zhQauH7+Y+htpfqe8mkuAYFED7Csn2LlIXTGu5Y1UMDxhfco4ZOawEdX3p9UGwE3HhB7JwOpbdb91fXszWIBnq4CpMG9/9U0AT0IIdxZV0foc21G7xvfkLXz9hFfj7guUiXsHQenz1WirYZszO3g61m7nLEMP/Gc+jf8y59XFnmueoPBehEVS+2fwsyM2bGhkv1sTwuOHzutbIRSjyo2r6bNPCQVjrO/RiITLj0w5jzJxcpVhf0tryXnZAGZVeBZS1pcKuVft7TXPsb3MiqdBQXXdbbTxDfkbuRI0zPvM+J7/y7QMoaWndmjwWJBbYJuT6aq82+40hMnOrSX1iaeUjyzhG+WUCrAhAkSwYT5FVN5NdSLKeET+VT4TnIPZWBO0qMEchpbT1Wl/kfsmVlqEzATF/fHqIrMVbHB4k+irrLn3cimqDQVbPqhWoaL3B04HOT1tbXDIttFEVQ0+Kbq6xeB3hyYxT3/wyag93FAbvQwTYqjAyYviS2zH8mGZfdDn1Qy+rFVZzc/S5KGulIUw4ENAfvSulMp4kie2Iu+f2yscrJEbQ0/uUW0JoskDY6ejWHT36xIMZgmkb5bLRIg3FL9RKfKeU1o7fkUZC1oJNEZ2x3rVod5lbSU7djdL/KiTVq3DegmCzxSQzpKi2jUiHYOAvYm5u6Pv/6A8msxXO54xuqaN5bOacVqYKj/XphPuM3yjifGVrIggyuPKnwel9qs9FsVPj+JOxLoOouD082jQnjUn7LEVmcNmmzt4/TktT0UF0FJbGebYRJT0OQUpPk1RHEWtOqHxEC9REcOVsVfMqok
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(7696005)(6506007)(53546011)(33656002)(8676002)(186003)(71200400001)(66446008)(9686003)(122000001)(166002)(8936002)(26005)(966005)(64756008)(66476007)(66556008)(76116006)(508600001)(66946007)(2906002)(83380400001)(55016002)(6916009)(52536014)(44832011)(38070700005)(38100700002)(91956017)(86362001)(5660300002)(2940100002)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 66feKcnaz+QvFgQzcfkTU5PkynskqOOAi7TlX3dwZss8QakJhckURA/lJUgVX2uGNFei4F2MUlC+zeGeO5ya4PNCo7I30eTI0SpjAr3WL2kifYg59v3WETihHlYBh6Dku7QTnIfJYye3zYPs0dvwWM8B98nWEI9dssESGZoNMjkbWDUNbuPj45ZCteCF2A5s5S1TdgrrwLxI5o7JNmr5mUZT46mbgbqgP2wisrl9wwgaNto/zgM4Dq7YDo5ZbyEoK/FWB5ddymCpbX9k12n9rkvdsoPDc+fRkv2VvsZ3r7Fkw9egy2QWbfXVBMOcTnGLXHybjAN7ovs6s92qv0P4Gij427eHQcxcYPFvIW3WROuVYoHIfTCUCJRSx1B69v8HRNa9cVmVKktU23KpeLyvYXRtsaSVd8WWximecdYS91hnwbJ7vXiJq9TCYo+Dy7/MyQDobuq30+yETy8VYaQ0l5G68sIDFzlSkN8cvFHNcNvgq26NDQSdtClSfz7WAC3W/OYDxbGpAVZo63SlnLS4Np6Qur/ar18xTJpMvSysobt2D0nrFkiJjnSV67PKUxIfIatQhCRXM0GOS89iIJP2oaG3Rd9vWVX1sjWj4N0Ex+Fi/JccVsyFNsdvW7EijrxayVNAoQJOrup4lmmDQ65YzHPmchufybPODCOZM74/LX20U7dQe2vKCWBPk/ZX9S3W7A/6oyjTVga6/h+Mkq6YuAfLnbIegkYUqoLrIF4iMchMCnNeRIyyaZ4XgqSkTJ+N70o7xuvva82598OfUmYZqSw/b/MspxHHYEFcRHKIM5ww8QL/gT7yUxLMtogJHyDyxi51aJ8/sDNlOLs+RjXir1xyLpnHTaIbLxbw0puOmdKQBm5T76t0M3bQ2OV1m00y5UyjWwftEMwi4hVGmfXAD/Ldfb2B+aTRhCbyhTtbLpDSpSJ+wu4sKgbMIS2ZT+DsbX4qoM6c7xj6AeG/tvPC42Ay8b4guRRNKorWpAKgkz8AzzPGFbTg14AE+FqNHWedHdmx+lHWGCUMn3NHjtRgUvCF/27WjmPBsN/7X2bb81kVzQa61+3JYwtcPQpczl+WMjXTklnR0jWW5mM5Sefx5MzXbBXNhWO1rPvAB4r8LGnLX8yZedMXENOM81Sm7u2mmpOMxjxCavqkVaoR4nwiOabRuHY2Drjj3JLIea25iCwyhmcQzJ2v62ao0AkBiQ3ZWRj4rTbvp1/d1Boiftur0Q/e28gh/JkFg6LwrRZM5oVD2MAzPT1UPZFJOG3mKjw9gpfKGKC6VRw8ZoxTYMCFpTP1DK8MPjDVHvMCJh5F5m0IT3U3B7z4VU+w/XbKYm8aFAy1E/ShXtel4Ykf8XbExg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30501A35FE6C664D83CDB68A89B69HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 51c2fc28-d596-434b-42c4-08d98d691d28
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2021 10:14:44.8766 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0l+sH0HncfkNWgHUd3BwteB1Mko0DW7vAGaeOPuE1rIi9Sh3Xhsh2dPMAf4LLeXzkXaC2IA06y8BJxZGa2HNMg4m+RdTOnBl6TECEkJn2gw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2508
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/N9D7_Bqy-6PsSeTZmovvx9amw7U>
Subject: [CFRG] FW: PQC Standardization Beyond NIST PQC Round 4
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2021 10:15:00 -0000
Hi, Forwarding a mail I just sent to the NIST Post-Quantum Cryptography Email List that points out the need discuss and plan the future of PQC standardization. I think a likely and desired outcome is that NIST and CFRG works on future mechanisms in a collaborative way. Cheers, John From: John Mattsson <john.mattsson@ericsson.com> Date: Tuesday, 12 October 2021 at 12:04 To: pqc-forum <pqc-forum@list.nist.gov> Subject: PQC Standardization Beyond NIST PQC Round 4 Hi, We are now very close to the end of round 3. As US government plans to update the CNSA suite already at the end of round 3, we might very soon see use of PQC in a lot of operational systems. https://www.nsa.gov/Cybersecurity/Post-Quantum-Cybersecurity-Resources/ NIST seems to have a sensible and concrete plan for Round 4 with a new call of proposals. https://csrc.nist.gov/CSRC/media/Presentations/status-update-on-the-3rd-round/images-media/session-1-moody-nist-round-3-update.pdf But round 4 will still be limited to KEMs and Signatures, which is a great start but clearly limiting. The most obvious thing missing is maybe NIKE. Static-Static DH has been used a lot for a long time. While Static-Static and Ephemeral-Static DH have for good reasons been replaced Ephemeral-Ephemeral DH in TLS, the use of Static-Static Key Exchange and Ephemeral-Static DH for implicit authentication has increased in other areas to lower the number of flights / message size / complexity, or to move away from the insecure use of symmetrical group keys. KEMs can do implicit authentication, but not very efficiently. https://s3.amazonaws.com/files.douglas.stebila.ca/files/research/presentations/20210513-Alphabet.pdf https://signal.org/docs/specifications/x3dh/ https://noiseexplorer.com/patterns/XX/ https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/ https://datatracker.ietf.org/doc/html/rfc8152 https://datatracker.ietf.org/doc/draft-ietf-core-oscore-groupcomm/ https://ieeexplore.ieee.org/document/8950068 There are of course also a lot of other use cases where public-key cryptography is used such as Privacy-Enhancing Cryptography, Identity-Based Encryption, Signature Aggregation, etc., that cannot directly be replaced by KEMs and simple signatures. https://csrc.nist.gov/projects/pec https://www.ietf.org/archive/id/draft-irtf-cfrg-bls-signature-04 https://csrc.nist.gov/CSRC/media/Presentations/crystals-dilithium-round-3-presentation/images-media/session-1-crystals-dilithium-lyubashevsky.pdf The community should start to discuss what comes after round 4. Standardization and deployment takes a long time. It is possible that CRQCs will never exist, but in the worst case we only have 10-20 years. Some of this work might be done in CFRG which lately has complemented NIST in a very nice way, with NIST adopting CFRG publications such as Curve25519, EdDSA, XMSS, and LMS. https://datatracker.ietf.org/rg/cfrg/documents/ Cheers, John Preuß Mattsson Ericsson
- [CFRG] FW: PQC Standardization Beyond NIST PQC Ro… John Mattsson