IETF Logo Mail Archive

[CFRG] Call for adoption: Hybrid KEM Combiners

Nick Sullivan <nicholas.sullivan@gmail.com> Wed, 31 January 2024 15:29 UTC

Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA1DFC14F5E4 for <cfrg@ietfa.amsl.com>; Wed, 31 Jan 2024 07:29:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YfpOGIW5x0L for <cfrg@ietfa.amsl.com>; Wed, 31 Jan 2024 07:29:04 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D7D4C14F6E4 for <cfrg@irtf.org>; Wed, 31 Jan 2024 07:29:04 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-55ad2a47b7aso5993235a12.3 for <cfrg@irtf.org>; Wed, 31 Jan 2024 07:29:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706714942; x=1707319742; darn=irtf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Wi0YR7WKLelNh8xd47DefOY63mCgGB8brnFcmZeglxc=; b=bDzuHE9rLvwi0NcHeaEUScaBeo9VRKlh75gVAZzMXhJePjASf9n7sv3NMlY7zYFrSg ZXC5cD8ZMHSP/SXEoDZ0FyUGFqljgCQgb9t0YqRBrjAiOY21aP1/bVW53ZLZRRH7UmxU kF0s74UY7+4/Z1TJe3ztZ+reeE2ecLEgecmkJBMnmF/CN6yRNJh3Y+VJLyapdRbXHVKA vAsCAv+ixUCpJVLYE1vVRVKx2szgMcHW2tJUTIMYDA9NEemkehQJArEYhbBKGC5efS0P x7xHItxnsoZ291q9PTVmoJzEFODeVByzCZiY1WRELhAzUOyufCcbAlqAhgLo2Xyr6Bap 1/CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706714942; x=1707319742; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Wi0YR7WKLelNh8xd47DefOY63mCgGB8brnFcmZeglxc=; b=FJCeyLTQncNW/2sNnZWzBHzAueAz7LnpbIMs27PjvIT6QFePUr5wMaNa/jvgymANiD UbLdmdeMYErXZ4FDfE+W365IJXp4JkhfysExoDKWvctxqDp4JrFWrojRwQtOZHhm7BjV v0Rrbt8Zeat9J8Sc/CUgJVv5X5sRLm7pD9Y3yFo4rpuPZEvbTaHYWgAvUkgNgTiQ85q/ A6tvpi0Mfc8+61zXNJnDytzEJ7psY9dq12bkxVbUZVPuz86eHc0Dw7yMG+qQROgrDo6/ zTO4jXLY8cdMxpGZ01dCTaaRck9GpurRLaWx3YUvSWC3JT5irXSzPjF4vAz7GnZzp8Jk PR6w==
X-Gm-Message-State: AOJu0YySLcCDEfZkSf5cSydiLTzG0KWR5CtR+TYntuCdLtA1NaddTdsW ku/1t+a5HgpukUe4X8lpL7WvwZFVPlwwIPHD4Q6kwkcH/OUHltt3LPRVzjDjP/KbuHHftgtpRZR 10r7xtM4+Xn1NvSxLPhOL4/RkYfPXmAIj2B9RuQ==
X-Google-Smtp-Source: AGHT+IE78hAWGqLHSLIfExotXOgxn/o/D27OiExcvHDaL3aSJ3q3IOTlgrc5/vQHT2lG5Se0vzh5OL3bQGuRbNICMBE=
X-Received: by 2002:a50:ed90:0:b0:55e:f024:a327 with SMTP id h16-20020a50ed90000000b0055ef024a327mr1388128edr.31.1706714941942; Wed, 31 Jan 2024 07:29:01 -0800 (PST)
MIME-Version: 1.0
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Wed, 31 Jan 2024 10:28:50 -0500
Message-ID: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="000000000000d8ef9306103f890d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/PSvLFyBWDdrRaOmaXBStRpGoH3c>
Subject: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 15:29:05 -0000

Dear CFRG,

There has been a lot of discussion on the list over the last few weeks
around the topic of hybrid KEMs, including discussion around the topic of
where we should go as a group. There seems to be significant interest in
this topic from around the IETF and in broader industry. We (the chairs)
have decided to open up a research call for adoption for a topic in this
area, described below.

The standard context for the group applies here as always: As part of the
IRTF, the CFRG is a research group, producing research documents relevant
to the IETF and broader community. The CFRG does *not* publish standards
and does *not* dictate cryptographic choices to IETF working groups. CFRG
documents often come with concrete specifications for parameterizations
relevant to groups within the IETF. Recent examples of documents of this
style resulting from topics adopted by the CFRG include RFC 9497 (OPRF) and
RFC 9381 (VRF), which provide a thorough overview of the topic along with
concrete parameterizations that can adopted by protocol designers.

The CFRG has a full docket of important ongoing work, so it’s important to
ensure that any work the CFRG adopts at this point aligns with the charter
by offering necessary guidance (for network security in general and for the
IETF in particular) on the use of emerging mechanisms.

With that preamble done,* this email starts a three-week call for the
adoption* of a work item within the CFRG to produce an informational
document exploring how to safely combine KEMs. This document
* Will use draft-ounsworth-cfrg-kem-combiners as a starting point for
describing generic combiners
* Will include an analysis of the non-generic combiner mechanisms for
specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published
works in the area
* Will describe the security properties and trade-offs of various methods
of combining KEMs
* Will provide concrete instantiations of hybrid KEMs that are relevant to
IETF protocols (potentially similar to X-Wing and Chempat-X), including
pseudocode and test vectors

Please give your views on whether this should be adopted as a CFRG draft
and whether you would be willing to work on this document and/or review it.


Nick, Alexey, Stanislav

v2.23.0 | Report a Bug | By Email