IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Deirdre Connolly <durumcrustulum@gmail.com> Sun, 02 February 2025 08:19 UTC

Return-Path: <neried7@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C060C1D4CE7 for <cfrg@ietfa.amsl.com>; Sun, 2 Feb 2025 00:19:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.854
X-Spam-Level:
X-Spam-Status: No, score=-1.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZLZAAtZ6DNti for <cfrg@ietfa.amsl.com>; Sun, 2 Feb 2025 00:18:59 -0800 (PST)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB40EC14F61E for <cfrg@irtf.org>; Sun, 2 Feb 2025 00:18:58 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-5d3e6f6cf69so5846879a12.1 for <cfrg@irtf.org>; Sun, 02 Feb 2025 00:18:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738484337; x=1739089137; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MbpVW5ueUqi51cxNclgM7pdaTtMRuODOvz7Z0tf29EI=; b=dsYpMuqxmuISRj938bQh3hMnHsLFu4fbzsIT7VAhzj6LTYG3HZn3jr/EuF/7wCFKbU yiPZrM+mzbFKwjjP0SqvYos6w9IZvIONXXDnNLWCGLrC1qgTx9wX7ale3llpqr0Efu70 f5EtjucMXF5XDGLeC08ZaO1f1O0DDdebJ+0JdIlKXyfzr40lDC00Kc7rKuG9M2rEf4hO 5Vtuy94VuK94eUV8pfrWhOHrVxBtsBVJ55RGhvz34tyYN7ZITEUbvPM920urchAykxyT OqXg8jxlRXBSK424MNPKV5FCdsKWv/Hz19CNTmivPWdMB+8g3ram/4tBfdL9fOFdd0oT WiPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738484337; x=1739089137; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MbpVW5ueUqi51cxNclgM7pdaTtMRuODOvz7Z0tf29EI=; b=F6C8o6oygSOP7mdBeWpMD7t+SUbaLzQrLFOaT6ntbNDReBXjHtcqNqdqldTPqnBYy/ Ffj6L0oat9OlrHAGQXnzOLZDDtEJq3P+sLXATjtfiaNermG+QH2wFGejrx18OfU9X6b+ SBqwtnH+eQ4WPs2yidxS04/Wr4urS4vYHY2qVp+k4niqnZ2tUnffJ9LG3CTQOI7Tpzy6 vQRAgr73jkBPnQY1WuSiJIRT4zaNYdstjiApG0sgItvfW1cbwW/DYliz+UgCiw2oy/wJ Kg0ABHRCUDAqWiGYTQIGdnzImNl+V7noew98zJzMS8BRXWcHgRMSuTxjbvpMNon2ZqDT YRHg==
X-Forwarded-Encrypted: i=1; AJvYcCW9hSECN8+nrlQniaka5PDCl3NrQDXIYK6R29xwDIcp3O8sfRYONzq99Fg95mw/Zzduknem@irtf.org
X-Gm-Message-State: AOJu0YxM+uM3AkEsdIMl4hAq/95OMNDHmY9WmHnpPLpDQjeM+24DCJzK ziQRIexQGoTSP7X09aGSnnfOwigV2cFSNGJ3whqxrQAspIr/InBhxSw3fESz+nQHTD1j2C7Q8AY tUhoiIEq/HioNXQZ4Xq8VOX5Psk4=
X-Gm-Gg: ASbGnctA5Otld17ddvUr58cE6YSUSSfzDUEg6F0bOhY7qP7sr2lPhk3zk7d1ixlTpa8 hZBdtuDLC+WkXByK3tUs86f7Nvj7WrT5+CiIouAG/kdAdTVm73VB7KVcOD0XK2Eczx5sJHMS2
X-Google-Smtp-Source: AGHT+IH9VhZzr1kpIr2nEJ3jEFrUVMhRFzrKK+vlxAJ5i1OkLRDIBtQwEl+LrgXrSf/YVHJzKvuqCcdqgRgGSxORmH8=
X-Received: by 2002:a05:6402:2816:b0:5dc:5e4b:3e21 with SMTP id 4fb4d7f45d1cf-5dc5efbf4aemr18446740a12.9.1738484336603; Sun, 02 Feb 2025 00:18:56 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnJ7TgnCp1GsSnRfJCY1rt+t2BBSadm0YkDM8tuL-pE+A@mail.gmail.com> <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com> <CABzBS7kLoP7U=EpQmotCQntASFGcrLXpnSuTQ3i18W-W8Hf5QA@mail.gmail.com> <b7af8867-7386-4f03-b28a-cd5a32297ec4@betaapp.fastmail.com> <87y0yvs2ct.fsf@josefsson.org> <CABcZeBPhr4gENxWkoKKwqdu_dW3=7GRyKjpG0sf10CSHOXGwhg@mail.gmail.com> <4c7e3fae-b6d3-484b-91e0-52a948bffa3d@amongbytes.com> <AS5PR07MB9675B69CC59D88AECA2F9C3D89EE2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com> <7F0C9C22-EB00-4191-81F6-1D45EB728974@nps.edu>
In-Reply-To: <7F0C9C22-EB00-4191-81F6-1D45EB728974@nps.edu>
From: Deirdre Connolly <durumcrustulum@gmail.com>
Date: Sun, 02 Feb 2025 08:18:44 +0000
X-Gm-Features: AWEUYZmio7KB4v1bejHggR7WAwUV8Cp-NkJ_FMlimPwpW-sv076inseZEnVtDyI
Message-ID: <CAFR824ybcjBwfGnKT1j1=BtfP0+L_ZBySKKYkoqLoU1XxOnZ4g@mail.gmail.com>
To: "Hale, Britta (CIV)" <britta.hale@nps.edu>
Content-Type: multipart/alternative; boundary="00000000000054bacb062d246dea"
Message-ID-Hash: 53OTZS7YAPQDNUGOEI2J7E6VIXZK7I3G
X-Message-ID-Hash: 53OTZS7YAPQDNUGOEI2J7E6VIXZK7I3G
X-MailFrom: neried7@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IRTF CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Sxcwk5WA4EUAJDboj6zBrIel2QE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Agreed with Britta

On Thu, Jan 30, 2025, 5:15 AM Hale, Britta (CIV) <britta.hale@nps.edu>
wrote:

> All,
>
>
>
> Speaking as a personal opinion:
>
>
>
> Like Quynh though, I think it would be wise to have some type of process
> in the IETF moving ahead with algorithm standards – this is not because
> there is a problem with having ‘extra’ standardized solutions that are
> applicable to niche cases, but rather that spreading focus across many
> algorithms diffuses efforts in analysis and focus, which in turn can lead
> to subtle gaps. There can be several standards, but we should be careful
> about how much oversight each is getting before moving any one algorithm
> forward. At the very least, I recommend a limitation on parallelized
> efforts, so that sufficient focus can be dedicated at a given time.
>
>
>
> Analysis should also be a heavy factor in consideration of algorithms. In
> some cases, such as NTRU, the NIST process stimulated multiple analyses
> from the cryptographic community that provide insights on its security. Not
> all algorithms being put forward have had such scrutiny, and all IETF
> efforts are not guaranteed to have a similar analysis attraction and
> priority for the cryptographic community as the NIST process had. It would
> be quite risky to start standardizing algorithms based on e.g., only one or
> two peer-reviewed papers, as it suggests fewer expert eyes on a problem.
> Consequently, I recommend that consideration for IETF standardization be
> based not simply on potential functionality usefulness and likelihood of
> adoption by the IETF, but also how much analysis it has undergone.
>
>
>
> Britta
>
>
>
>
>
>
>
> *From: *Quynh Dang <quynh97@gmail.com>
> *Date: *Wednesday, January 29, 2025 at 4:51 AM
> *To: *IRTF CFRG <cfrg@irtf.org>
> *Subject: *[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
>
>
>
> NPS WARNING: *external sender* verify before acting.
>
>
>
> Hi all,
>
>
>
> Below is my personal view which does not imply any view from NIST or
> anybody else.
>
>
>
> I think the CFRG needs to run a competition process to select a
> lattice-based KEM to provide a good option for the users who don’t want to
> use ML-KEM or NIST’s standardized cryptographic methods generally.
>
>
>
> At least there are 2 candidates we all know right now which are NTRU ( see
> here https://www.ntru.org/) and Streamlined NTRU Prime (see here
> https://ntruprime.cr.yp.to/) . There are important differences between
> them; they are not “about” the same. Something is true with NTRU does not
> mean it is automatically true with Streamlined NTRU Prime (security,
> performance or IPR etc.).
>
>
>
> Here are the reports of the second and third rounds of NIST's KEM
> selection process which had both candidates:
> https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf  and
> https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413-upd1.pdf .
>
>
>
> It would be very useful to have performance data of  (many) different
> implementations of the options of NTRU and Streamlined NTRU Prime on (many)
> different platforms including constrained ones beside the data we received
> during the first 3 rounds.
>
>
>
> Regards,
>
> Quynh.
>
> PS: I don’t plan to spend my time replying to potential messages asking me
> all sorts of things. My apologies in advance if I don't reply to your
> messages.
>
>
>
> On Wed, Jan 29, 2025 at 6:48 AM John Mattsson <john.mattsson=
> 40ericsson.com@dmarc.ietf.org> wrote:
>
> I agree that CFRG should prioritize things that are likely to be adopted
> by IETF, but I think it is important that CFRG is not limited to things
> that have a current customer in the IETF. This would be too limiting for an
> RG. CFRG must be able to work on things that are likely to be useful by the
> IETF long-term.
>
> John
>
>
>
> *From: *Kris Kwiatkowski <kris@amongbytes.com>
> *Date: *Wednesday, 29 January 2025 at 12:30
> *To: *cfrg@irtf.org <cfrg@irtf.org>
> *Subject: *[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
>
> i haven't seen anyone suggest that CFRG should not publish its own
>
> specifications regardless of what NIST does. That's certainly not
>
> my position. That would be an odd position to take as CFRG has
>
> already done this a number of times.
>
> For primitives like LMS, XMSS, and HKDF, it was IETF that originally
> developed the specifications, with NIST later incorporating them into its
> standards.
>
> +1 for CFRG focuses on defining primitives that are likely to be adopted
> by IETF, ensuring they are well-vetted before becoming part of widely used
> protocols.
>
>
>
> _______________________________________________
> CFRG mailing list -- cfrg@irtf.org
> To unsubscribe send an email to cfrg-leave@irtf.org
>
> _______________________________________________
> CFRG mailing list -- cfrg@irtf.org
> To unsubscribe send an email to cfrg-leave@irtf.org
>

v2.29.0 | Report a Bug | By Email | System Status