IETF Logo Mail Archive

Re: [CFRG] Call for adoption: Hybrid KEM Combiners

Kris Kwiatkowski <kris@amongbytes.com> Wed, 07 February 2024 23:57 UTC

Return-Path: <kris@amongbytes.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48124C14F60E for <cfrg@ietfa.amsl.com>; Wed, 7 Feb 2024 15:57:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kpKDKIsgc-e for <cfrg@ietfa.amsl.com>; Wed, 7 Feb 2024 15:57:33 -0800 (PST)
Received: from 7.mo579.mail-out.ovh.net (7.mo579.mail-out.ovh.net [46.105.47.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 916FAC14F6B8 for <cfrg@irtf.org>; Wed, 7 Feb 2024 15:57:32 -0800 (PST)
Received: from mxplan8.mail.ovh.net (unknown [10.109.176.168]) by mo579.mail-out.ovh.net (Postfix) with ESMTPS id 7DBF4226F8 for <cfrg@irtf.org>; Wed, 7 Feb 2024 23:57:31 +0000 (UTC)
Received: from amongbytes.com (37.59.142.96) by mxplan8.mail.ovh.net (172.16.2.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2507.35; Thu, 8 Feb 2024 00:57:30 +0100
Authentication-Results: garm.ovh; auth=pass (GARM-96R001694b7689-483f-4271-b955-74283216be3c, 71BCD42FAF0A80D78160E21158B65CCD98B1B7A3) smtp.auth=kris@amongbytes.com
X-OVh-ClientIp: 62.30.61.232
From: Kris Kwiatkowski <kris@amongbytes.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Date: Wed, 07 Feb 2024 23:57:20 +0000
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com> <CAMjbhoVmri0rgx84vYZ-5xqMHLE70B=ibk4_v2dPt=pfKV+DjQ@mail.gmail.com>
To: cfrg@irtf.org
In-Reply-To: <CAMjbhoVmri0rgx84vYZ-5xqMHLE70B=ibk4_v2dPt=pfKV+DjQ@mail.gmail.com>
Message-ID: <0EE40EE7-21B4-481D-BA89-96F8CDD2B51C@amongbytes.com>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
X-Ovh-Tracer-GUID: abd69855-1cf3-4941-a72d-847be60c8e6e
X-Ovh-Tracer-Id: 1795528878023163671
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvledrtdefgddujecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhephfgtgfgguffffhfvjgfkofesthhqmhdthhdtjeenucfhrhhomhepmfhrihhsucfmfihirghtkhhofihskhhiuceokhhrihhssegrmhhonhhgsgihthgvshdrtghomheqnecuggftrfgrthhtvghrnhepgfehjeegheehueefffdtfedvtedtheeifffghfeivdegfeekudevheevtdefgfeunecuffhomhgrihhnpehirhhtfhdrohhrghenucfkpheptddrtddrtddrtddpiedvrdeftddriedurddvfedvpdefjedrheelrddugedvrdelieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhhtpdhhvghlohepmhigphhlrghnkedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehkrhhishesrghmohhnghgshihtvghsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtoheptghfrhhgsehirhhtfhdrohhrghdpoffvtefjohhsthepmhhoheejle
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/PLls9g0ZJprowxOx7PGJ8i3CelU>
Subject: Re: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 23:57:38 -0000

I'm also support idea of CFRG working on KEM combiners.
Both X-Wing and generic combiner sounds useful to me at the moment.

Cheers,

-- 
Kris Kwiatkowski
Cryptography Dev




> On 6 Feb 2024, at 11:59, Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org> wrote:
> 
> I support the CFRG working on a document that offers concrete guidance on fashioning bespoke hybrids: there is a clear demand, and good resources are currently lacking.
> 
> I do completely agree with Dan that we should not lose track of (at least our) main goal: to help move everyone to a PQ/T hybrid asap.
> 
> Somewhere this year, perhaps around June, NIST will publish the final standards for ML-KEM. That's the moment we should have a KEM ready to go — at least for the common cases. That's the goal of X-Wing.
> 
> Nick, I would like to hear from you if you think that timeline is realistic for the proposed document.
> 
> Best,
> 
>  Bas
> 
> 
> 
> On Wed, Jan 31, 2024 at 4:29 PM Nick Sullivan <nicholas.sullivan@gmail.com> wrote:
> Dear CFRG,
> 
> There has been a lot of discussion on the list over the last few weeks around the topic of hybrid KEMs, including discussion around the topic of where we should go as a group. There seems to be significant interest in this topic from around the IETF and in broader industry. We (the chairs) have decided to open up a research call for adoption for a topic in this area, described below.
> 
> The standard context for the group applies here as always: As part of the IRTF, the CFRG is a research group, producing research documents relevant to the IETF and broader community. The CFRG does not publish standards and does not dictate cryptographic choices to IETF working groups. CFRG documents often come with concrete specifications for parameterizations relevant to groups within the IETF. Recent examples of documents of this style resulting from topics adopted by the CFRG include RFC 9497 (OPRF) and RFC 9381 (VRF), which provide a thorough overview of the topic along with concrete parameterizations that can adopted by protocol designers.
> 
> The CFRG has a full docket of important ongoing work, so it’s important to ensure that any work the CFRG adopts at this point aligns with the charter by offering necessary guidance (for network security in general and for the IETF in particular) on the use of emerging mechanisms.
> 
> With that preamble done, this email starts a three-week call for the adoption of a work item within the CFRG to produce an informational document exploring how to safely combine KEMs. This document
> * Will use draft-ounsworth-cfrg-kem-combiners as a starting point for describing generic combiners
> * Will include an analysis of the non-generic combiner mechanisms for specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published works in the area
> * Will describe the security properties and trade-offs of various methods of combining KEMs
> * Will provide concrete instantiations of hybrid KEMs that are relevant to IETF protocols (potentially similar to X-Wing and Chempat-X), including pseudocode and test vectors
> 
> Please give your views on whether this should be adopted as a CFRG draft and whether you would be willing to work on this document and/or review it.
> 
> 
> Nick, Alexey, Stanislav
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email