IETF Logo Mail Archive

Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybrid KEM Combiners

Watson Ladd <watsonbladd@gmail.com> Tue, 20 February 2024 21:26 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E92DC14F73E for <cfrg@ietfa.amsl.com>; Tue, 20 Feb 2024 13:26:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LR8PR5_thsl3 for <cfrg@ietfa.amsl.com>; Tue, 20 Feb 2024 13:26:02 -0800 (PST)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 122AEC14F736 for <cfrg@irtf.org>; Tue, 20 Feb 2024 13:26:02 -0800 (PST)
Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-4125cf71eecso25452665e9.1 for <cfrg@irtf.org>; Tue, 20 Feb 2024 13:26:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708464360; x=1709069160; darn=irtf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=onTYQU3jkQmFjqOaKo5OtOPfx0yBCxZhdog4GqQNSEc=; b=IxcWSKuR7/HZTXF/m86TUcSq8v/YpqxH7EY3AfEokz1H++f3nW7vOcymSg432xoaEI HGei2+HfUlhoDJnkDFHB22ONN1gn5L22fsfcnGFMTg3R3n2Us+Boz83qX0mulAfjE5jw /cJDCbVwutPls7QHIIfcqu+Pjsj0oUjkVaSg6a4q9yMFeZOXGqwUoGWEZivkjr6W/1dy K3bMOH0ZR8m2+djvns6c5rqpCPN6PS4AZemi4ahKE5pvL6bgI4FgpC/5CMaqT8MuCL+z 5s+Kk5FZ8BAeyYcJMw0dbaTAswhVO/+qo2N72l/kKJXL1rV/YIR6z5smpdR2cuMdhnQh egTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708464360; x=1709069160; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=onTYQU3jkQmFjqOaKo5OtOPfx0yBCxZhdog4GqQNSEc=; b=O0gB1qXguSrkq8VYggC6HtvOdFFMH5bTe/JyOzLFV1Xz0x7D+XdYw4hqA4QauokcoD wOK+9Xpi7sHq9QT9PVgqEJS8wMdGDQiz50rybZYP8nSfiCaHzlfURlQYnQUmsdOA72JQ rQ0KOzrN+a+v8Ehuhm0e22vfHvcdS8vbYwky8aByaV8waKXzrMNjZI7iErNDZZXzfKgn vhvA2VH8gDl/Er4dMJL4Z34QRkx70z7BE+K5R9PAQ09FOAfVMl884QqRFLLc8EYkHqhy g+2GRc3Efnv6+mdq7myHJ5EKZfAjK64GT/7sze+IRZ01EZe4X0x390CZJTBHFHpDXcI8 iYig==
X-Forwarded-Encrypted: i=1; AJvYcCUe8g7o/KT2fTmaDzBmubAawZdDz7+koR2gFL1eqij7WWZt/Oz5DwM+ucFHmelqQNkcJx39x9HvB12O6xpF
X-Gm-Message-State: AOJu0Yzlt/F1IzNEKfUxd82R/724k7nxaKF4WjQtK5AUzhJOghQpgZDC Ivt8SHDw9q9W96ox+Eq0VdP31/4WatCK+P/5b0vBRQ4BDo0jU7dJ105+EVee2qVgSNcSWRk3EFy kAatdYEK7kwj6EifYSCzubib6BdU=
X-Google-Smtp-Source: AGHT+IEU4ngVLvQ5gg0T3+upZ4lKq/1CWMhGerUt8NIjr7X+HXRmLWzLy4S5l1h1pEcEOEbXz2WEXE8ZCejifAv7Fy4=
X-Received: by 2002:a05:600c:4ed4:b0:412:5299:7e60 with SMTP id g20-20020a05600c4ed400b0041252997e60mr8946911wmq.26.1708464360422; Tue, 20 Feb 2024 13:26:00 -0800 (PST)
MIME-Version: 1.0
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com> <ZdIhou0UPo2YH-hx@LK-Perkele-VII2.locald> <4341fe61620343f8a4b6d43a6895ac06@bsi.bund.de> <ZdOM0Ju-_Mo6WUnJ@LK-Perkele-VII2.locald> <448616f1d7864b81a2f7e4b18ae4ddee@bsi.bund.de> <CAEEbLAbmEG-V5NbOUH9HGHHe6Gr3fbKd=t1rV37ds4+mh9bSaw@mail.gmail.com> <CH0PR11MB5739C5D339D52F1F2F9B251B9F502@CH0PR11MB5739.namprd11.prod.outlook.com> <CACsn0cncaCcO1cLVKOLykZ+bPGPLOSYBrhBvMw6hgKdE4hVrLw@mail.gmail.com> <CH0PR11MB5739EC39F2420BE3A3CDB9D39F502@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739EC39F2420BE3A3CDB9D39F502@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 20 Feb 2024 13:25:49 -0800
Message-ID: <CACsn0c=1TnYtPubmVxF6x=2uiex2rbcJ+J1kyQ-Lx5Yp6QFS9Q@mail.gmail.com>
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: Sophie Schmieg <sschmieg@google.com>, "Kousidis, Stavros" <stavros.kousidis@bsi.bund.de>, CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/SPFDA-ZO3J1AJFtc3akTH-eSRRk>
Subject: Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 21:26:02 -0000

On Tue, Feb 20, 2024 at 1:10 PM Mike Ounsworth
<Mike.Ounsworth@entrust.com> wrote:
>
> > We SHOULD NOT do this. We need to reduce the number of deployed algorithms.
>
>
>
> Right, but who gets to decide what is the correct set of reduced algorithms?
>
>
>
> On the one hand, we see the IETF people saying “If you don’t support X25519 then we can’t help you”. And on the other side, we have customers with very large PKIs who have yet to implement RSA-OAEP, never mind any form of elliptic curve. These customers want to leverage their existing crypto code for the hybrid and not implement new code on both sides of the hybrid.

I'm a little confused by what you mean by customers and code here, and
PKI is really more a signature issue than a KEM issue. If your
customers are implementing the algorithms themselves, they need to
write new code for the combiner and the new algorithm all of which is
security sensitive: adding in X25519 support is not that expensive on
top, especially given the large number of implementations available.

If you mean adapting the configuration/application code, all KEMs look
the same: you have an updated library, and use it. It doesn't matter
what's in it. I feel I'm missing something and some more details will
help.
>
>
>
> This is exactly the point. Who gets to play God and decide what that reduced set of algorithms is?

I'd flip that around: why should everyone get to increase the burden
on library developers by asking for yet another algorithm and letting
it proliferate. Can you make a case for including each of the
combinations you would like, bearing in mind the existence of each
other one?

Sincerely,
Watson Ladd

v2.46.0 | Report a Bug | By Email | System Status