IETF Logo Mail Archive

Re: [CFRG] Call for adoption: Hybrid KEM Combiners

Dan Brown <danibrown@blackberry.com> Wed, 31 January 2024 16:02 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93AC9C14F6F7 for <cfrg@ietfa.amsl.com>; Wed, 31 Jan 2024 08:02:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=blackberry.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FToIyz6g1ap for <cfrg@ietfa.amsl.com>; Wed, 31 Jan 2024 08:02:15 -0800 (PST)
Received: from smtp-a02.blackberry.com (smtp-a02.blackberry.com [208.65.78.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA1BC14F6F3 for <cfrg@irtf.org>; Wed, 31 Jan 2024 08:02:15 -0800 (PST)
Received: from pps.filterd (mhs403cnc.rim.net [127.0.0.1]) by mhs403cnc.rim.net (8.17.1.19/8.17.1.19) with ESMTP id 40VBekPg015241; Wed, 31 Jan 2024 11:02:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackberry.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp19; bh=/DIKCMFnkGdpUoqNYBAnMdwjcyarjL9NIsJhW4pJOX0=; b=qpJO40ZqO7KkHQUDzeR18okA5xmoNuL7EcO/tGeQ5PVLJmW+wRmU58AGoNyKbWzfNJEi iJUj21g8FB1Pk8LlylgqGFjMDkhuMhYL/9qmoPcPMyrNKbm+66e7IOKlN11VrXdkkvoi jjRzBev/WAg48vyNFfDmKmyNvtv0Fe7LjPKOo9cTi/fIslUXAvFKivej/PFWc36r30Y5 fuUU32SJ0lajaMBsJf7i06W8lXLsRY5qfTYrBluPwELR2oIwkU2S2VplZawRdxWhwrkn KWeN0IHgfGfJvsITjOfEfP8GR/hgZ3mZnsqko1HS9yaFmbU9QybkPKsjcliEa2iM0Q5w +A==
Received: from xch211cnc.rim.net (xch211cnc.rim.net [10.3.27.116]) by mhs403cnc.rim.net (PPS) with ESMTPS id 3vvvwya2vc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 31 Jan 2024 11:02:13 -0500
Received: from XCH210YKF.rim.net (10.12.114.210) by XCH211CNC.rim.net (10.3.27.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Wed, 31 Jan 2024 11:02:12 -0500
Received: from XCH210YKF.rim.net ([fe80::ac8d:3541:704c:478a]) by XCH210YKF.rim.net ([fe80::ac8d:3541:704c:478a%6]) with mapi id 15.01.2507.034; Wed, 31 Jan 2024 11:02:12 -0500
From: Dan Brown <danibrown@blackberry.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] Call for adoption: Hybrid KEM Combiners
Thread-Index: AQHaVFo+EZPWCVryV0iGPqyfI0chcLD0FK1g
Date: Wed, 31 Jan 2024 16:02:12 +0000
Message-ID: <d705a885c3384454865ab8ad358c9e01@blackberry.com>
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
In-Reply-To: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [100.64.197.53]
Content-Type: multipart/alternative; boundary="_000_d705a885c3384454865ab8ad358c9e01blackberrycom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-31_09,2024-01-31_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/XeNHnu-3j9_krAnp6Q2mET4GEGY>
Subject: Re: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 16:02:19 -0000

I support adoption and am willing to review.

From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Nick Sullivan
Sent: Wednesday, January 31, 2024 10:29 AM
To: cfrg@irtf.org
Subject: [CFRG] Call for adoption: Hybrid KEM Combiners

CAUTION - This email is from an external source. Please be cautious with links and attachments. (go/taginfo)


Dear CFRG,

There has been a lot of discussion on the list over the last few weeks around the topic of hybrid KEMs, including discussion around the topic of where we should go as a group. There seems to be significant interest in this topic from around the IETF and in broader industry. We (the chairs) have decided to open up a research call for adoption for a topic in this area, described below.

The standard context for the group applies here as always: As part of the IRTF, the CFRG is a research group, producing research documents relevant to the IETF and broader community. The CFRG does not publish standards and does not dictate cryptographic choices to IETF working groups. CFRG documents often come with concrete specifications for parameterizations relevant to groups within the IETF. Recent examples of documents of this style resulting from topics adopted by the CFRG include RFC 9497 (OPRF) and RFC 9381 (VRF), which provide a thorough overview of the topic along with concrete parameterizations that can adopted by protocol designers.

The CFRG has a full docket of important ongoing work, so it’s important to ensure that any work the CFRG adopts at this point aligns with the charter by offering necessary guidance (for network security in general and for the IETF in particular) on the use of emerging mechanisms.

With that preamble done, this email starts a three-week call for the adoption of a work item within the CFRG to produce an informational document exploring how to safely combine KEMs. This document
* Will use draft-ounsworth-cfrg-kem-combiners as a starting point for describing generic combiners
* Will include an analysis of the non-generic combiner mechanisms for specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published works in the area
* Will describe the security properties and trade-offs of various methods of combining KEMs
* Will provide concrete instantiations of hybrid KEMs that are relevant to IETF protocols (potentially similar to X-Wing and Chempat-X), including pseudocode and test vectors

Please give your views on whether this should be adopted as a CFRG draft and whether you would be willing to work on this document and/or review it.


Nick, Alexey, Stanislav

----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

v2.23.0 | Report a Bug | By Email