IETF Logo Mail Archive

Re: [CFRG] Call for adoption: Hybrid KEM Combiners

Nick Sullivan <nicholas.sullivan@gmail.com> Fri, 08 March 2024 21:28 UTC

Return-Path: <nicholas.sullivan@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78CB2C14F604 for <cfrg@ietfa.amsl.com>; Fri, 8 Mar 2024 13:28:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZqSWw6nZa7W for <cfrg@ietfa.amsl.com>; Fri, 8 Mar 2024 13:28:29 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6906C14F5FC for <cfrg@irtf.org>; Fri, 8 Mar 2024 13:28:29 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-564fd9eea75so3511359a12.3 for <cfrg@irtf.org>; Fri, 08 Mar 2024 13:28:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709933308; x=1710538108; darn=irtf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=tvtbOabVrKGoPRssN4A3vTBBvFwB0Nj43cjtU5cALo8=; b=fs9SlvJhhYYQLQ6nInoOtoWpsw1Q7wPzyPV1yNKjQpoMsuGL1Z+KZBI124Crq5sp02 jDhLV1GXDbaVdRA8ZTO2qEgBUcDoAd/P3XsD2K85lK3u35QPmF28oUoXfECX42snT0Qf 90vO8kBplUTsTudPp5uHVqfqx9vRbrdMDzQUt1d/s66PCbrYPJCrSqeohsb0hH+YEIet K/4SrOcEHSPG5n2jlkRnUIQsydyW26t23cEAuD5mJ2lhIAxx+282fieENA62sSUNUAde eijmU/DBoh9mFEBQ6RPcYyJ8qDTSrXqmMfXKhqP4ACTfrjqchM/+cvtLEh9Xzrk2SqG5 BTlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709933308; x=1710538108; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tvtbOabVrKGoPRssN4A3vTBBvFwB0Nj43cjtU5cALo8=; b=Z8kABOpCYuSpZieMPIoZ+lt7uCTtx3Wep+d37uSvhIwiwBppskwVKMidAaVKLyn/07 utf3zwuMwP87+q1LArhw1kz/SmtpVmha53Ir0HvTozP5Kh2GoKJr84aGdLZMPnGBPYNx im0yUd4/e6SZG/AtuQh8oA+OrPAmQT3ujssFwKzlVdU3sVeOQQHRNg3rhfKx8ifisMRt Sx5Rh70RzI7cdT8ufzeeaal5CaDmn2PtTmRQPa7GxwpWswHiImmbF1z3wXnT4n8fMkCZ NdiE9NZJUXF+ff7a1YIUa98FV7yn4iHiGfLMwskhZyE4iZ4Q0mwCOGbc4racnoDNmc/V XRBA==
X-Gm-Message-State: AOJu0YzXMdXb1+B/v7uIZuxGdW/eDvYyLXSQtcjLmmWd6SGd5gpvGBsH 0d7iGg2DJL24U+tIS24CdlefBPDbHcvkLuY7v3Rua8c9A1jK2CxuzXFUp0lVgt/TP/qcvo4f3Kg ulj2lx54JTHy3S04l3DoWNamdKc17vK+eNi8=
X-Google-Smtp-Source: AGHT+IFivouton3TGcE5RZegmLJ7cmnn0UV9l8ep9kpSIJxOn4h65MN2cGPJ6TSZM1qiOEg9z2FyDPddT2lhA7bVoBk=
X-Received: by 2002:a50:d59b:0:b0:568:1eee:5e23 with SMTP id v27-20020a50d59b000000b005681eee5e23mr277897edi.21.1709933307508; Fri, 08 Mar 2024 13:28:27 -0800 (PST)
MIME-Version: 1.0
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com> <CAOjisRwO0SK4bzasfHPP=MLMbGB6MuQfOajnrXuz27GPHSM_rA@mail.gmail.com>
In-Reply-To: <CAOjisRwO0SK4bzasfHPP=MLMbGB6MuQfOajnrXuz27GPHSM_rA@mail.gmail.com>
From: Nick Sullivan <nicholas.sullivan@gmail.com>
Date: Fri, 08 Mar 2024 16:28:16 -0500
Message-ID: <CAOjisRwtoouQvsZSa4EBP3XYpT0AKv23BevBq-YMApbQMjM+iw@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000006241dd06132cdf3d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ZYd_q7QP17EtHtvSj60eSeJvkX0>
Subject: Re: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2024 21:28:30 -0000

Dear CFRG,

The adoption call has ended. There was more than enough support on the list
to adopt, but there was also a lot of discussion about what the community
wants and doesn't want from a document on this topic. Thank you to those
who expressed interest about being part of a design team - we'll be in
touch. We're also still open to hear from last-minute volunteers. We will
reserve some time at IETF 119 for further discussion on this topic.
Thank you to everyone for the input on this thread, it was very
enlightening.

Nick, Stanislav, Alexey

On Thu, Feb 22, 2024 at 1:15 PM Nick Sullivan <nicholas.sullivan@gmail.com>
wrote:

> Dear CFRG,
>
> The three-week adoption call has ended, but given the robust discussion on
> the list, we are extending the adoption call time for two weeks until March
> 6th.
>
> With this extension in mind, we wanted to share our tentative plan for if
> this research topic is adopted. Feedback on the list has been varied, but
> two of the themes that have come up in the discussion are: 1) urgency: some
> participants have expressed a perceived urgency around the timeline of this
> document's publication 2) clarity: the requirements for this document
> should be made clear to the group before writing begins. We are considering
> putting together a small design team, like in other groups, to put together
> requirements to share with the CFRG, potentially at IETF 119, where we
> expect to have an open discussion about the topic.
>
> With this context, we would like to invite participants to continue the
> ongoing discussion. If you are additionally interested in volunteering for
> the design team, or are interested in doing a 5-minute-or-less lightning
> talk at IETF 119 related to this topic, please contact the chairs (
> cfrg-chairs@irtf.org).
>
> Nick, Stanislav, Alexey
>
> On Wed, Jan 31, 2024 at 10:28 AM Nick Sullivan <
> nicholas.sullivan@gmail.com> wrote:
>
>> Dear CFRG,
>>
>> There has been a lot of discussion on the list over the last few weeks
>> around the topic of hybrid KEMs, including discussion around the topic of
>> where we should go as a group. There seems to be significant interest in
>> this topic from around the IETF and in broader industry. We (the chairs)
>> have decided to open up a research call for adoption for a topic in this
>> area, described below.
>>
>> The standard context for the group applies here as always: As part of the
>> IRTF, the CFRG is a research group, producing research documents relevant
>> to the IETF and broader community. The CFRG does *not* publish standards
>> and does *not* dictate cryptographic choices to IETF working groups.
>> CFRG documents often come with concrete specifications for
>> parameterizations relevant to groups within the IETF. Recent examples of
>> documents of this style resulting from topics adopted by the CFRG include
>> RFC 9497 (OPRF) and RFC 9381 (VRF), which provide a thorough overview of
>> the topic along with concrete parameterizations that can adopted by
>> protocol designers.
>>
>> The CFRG has a full docket of important ongoing work, so it’s important
>> to ensure that any work the CFRG adopts at this point aligns with the
>> charter by offering necessary guidance (for network security in general and
>> for the IETF in particular) on the use of emerging mechanisms.
>>
>> With that preamble done,* this email starts a three-week call for the
>> adoption* of a work item within the CFRG to produce an informational
>> document exploring how to safely combine KEMs. This document
>> * Will use draft-ounsworth-cfrg-kem-combiners as a starting point for
>> describing generic combiners
>> * Will include an analysis of the non-generic combiner mechanisms for
>> specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published
>> works in the area
>> * Will describe the security properties and trade-offs of various methods
>> of combining KEMs
>> * Will provide concrete instantiations of hybrid KEMs that are relevant
>> to IETF protocols (potentially similar to X-Wing and Chempat-X), including
>> pseudocode and test vectors
>>
>> Please give your views on whether this should be adopted as a CFRG draft
>> and whether you would be willing to work on this document and/or review it.
>>
>>
>> Nick, Alexey, Stanislav
>>
>

v2.23.0 | Report a Bug | By Email