IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Thom Wiggers <thom@thomwiggers.nl> Mon, 27 January 2025 09:03 UTC

Return-Path: <thom@thomwiggers.nl>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0657C1519A7 for <cfrg@ietfa.amsl.com>; Mon, 27 Jan 2025 01:03:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ew_iX9gU3dDm for <cfrg@ietfa.amsl.com>; Mon, 27 Jan 2025 01:03:06 -0800 (PST)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E80B7C14CEE4 for <cfrg@irtf.org>; Mon, 27 Jan 2025 01:03:06 -0800 (PST)
Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-e54bd61e793so6801030276.2 for <cfrg@irtf.org>; Mon, 27 Jan 2025 01:03:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1737968586; x=1738573386; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fi54LS1wizOo1qFLH1mkxfyJVGa1j10iOxc9RhYO6Yc=; b=BIbmRpgdjId0+Jt/zKLnnmLYHicKzEf7LN8/QYMFLLVa9mM8BzlCg7qHXltd66q8EN vyC0w7iHeKG7DMfftsclrNILPYpqOgv3fzcEX6LNt4c+gEJ2sGndSHKAhLoCqCTDxaxt InJAWupupyW7Q8EVZKl7aJ5j2znF2H/rO87Bk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737968586; x=1738573386; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fi54LS1wizOo1qFLH1mkxfyJVGa1j10iOxc9RhYO6Yc=; b=dJ04BJ0VMJQ35JeDaOow+ypBLegnSYKJNjaEhC4AcbXnX5QYr0SP5jnIdQb/wUcC79 ZavkSej/71UTPOjsd64tNG/Xp5hSaRibsmu7um6OQOJtEY+4KkvpQ0Exy2wgkHdap3F9 udQ7pYvAO4qLSFIWl1I5+vJc0FLogamHHaDkQQOCr1cT7BCbZSsYkP+uJ0WgAA2AQEoP FG5WDeLwSv6abcqxyDwXYICmnbWc5JR6wBRxgYvN8LaIEr6fuWkA0YighYnFYAJF1Xnd 5UXrgso9YNehmEC2/ev45b4f+acPOIxoGUdkN3lPThfWEREkNSJGmEc7NdkdK1NEVp1X /tKQ==
X-Gm-Message-State: AOJu0Yx3RHe1j2xIvazHBVJT1atbOfCphX81MDTWnurQR2Ck8nue/NUQ nVQDkgUAltZOgQO+/+t4L3WJvvO0tdd1a6DomkImyfPJOEc9SsQUUKn4LuALAZOe4oswYEDh6uH dq8AwsogydfXNjV58sOXkDEUIg8VyuLHrhq6NvgxiWlm9Lxt6sWs=
X-Gm-Gg: ASbGnctR/vOZjf3nWmZP7RrGyV1VAvmdhRm/pAIRGL9QoCRsSUDDZDCB3T4D/KUrm2q apGxwxsCY1NYgZIdBOCU6ONezz+5sYmpHgAuOS5RAjSRlQNH2kqJ1m/x4scQLRb4=
X-Google-Smtp-Source: AGHT+IHyxOmZAsrXRPeeUPlAWnEyL2XiSuaTjJJvvgYIAlIlrz9nQz8OKPNTY1yKDEygEEDTaHh/yLIinucfIokmVVk=
X-Received: by 2002:a05:690c:6a04:b0:6ef:8451:dd99 with SMTP id 00721157ae682-6f6eb90b57dmr296086897b3.24.1737968586043; Mon, 27 Jan 2025 01:03:06 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnJ7TgnCp1GsSnRfJCY1rt+t2BBSadm0YkDM8tuL-pE+A@mail.gmail.com> <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com>
In-Reply-To: <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com>
From: Thom Wiggers <thom@thomwiggers.nl>
Date: Mon, 27 Jan 2025 10:02:50 +0100
X-Gm-Features: AWEUYZlB9bXxC3mxqOK4WJiyWG2Vi7D5hv6Mc2IT4EL6YOL65ca8-nExxi9tKKw
Message-ID: <CABzBS7kLoP7U=EpQmotCQntASFGcrLXpnSuTQ3i18W-W8Hf5QA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000033d75b062cac581e"
Message-ID-Hash: 2EDB55DRFUXB3UMM3MOPTJVU4QX4557N
X-Message-ID-Hash: 2EDB55DRFUXB3UMM3MOPTJVU4QX4557N
X-MailFrom: thom@thomwiggers.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ewnjkP30TwL_ZJuU_chY7Jj7iBE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi all,

For Classic McEliece, I think it would be helpful if people come forward
with concrete applications in which they're actually wanting/trying to
deploy Classic McEliece. I recall that NIST has also repeatedly asked
people to come forward about (not-theoretical) use cases, so this
discussion may also help them decide if they want to make Classic McEliece
a NIST standard or not. The tradeoffs that McEliece presents with its very
tiny ciphertext size but massive public keys may make it very difficult to
actually deploy (I see that in theory, there may be use cases in which it's
the *only* thing that can be deployed, but I've never really seen that
materialize).

Cheers,

Thom


Op za 25 jan 2025 om 06:01 schreef Loganaden Velvindron <loganaden@gmail.com
>:

> On Fri, 24 Jan 2025 at 22:54, Watson Ladd <watsonbladd@gmail.com> wrote:
> >
> > Dear CFRG,
> >
> > Sadly I don't quite have the bandwidth, but I think it would make
> > sense to progress an NTRUPrime draft and a Classic McEliece draft
> > here. These algorithms avoid some IPR claims that may apply to Kyber,
> > and there's plenty of interest in deployment. They also have a fairly
> > long cryptoanalytic history, being largely unchanged from the original
> > proposals of many decades ago. Obviously people may want entry ramp
> > proposals instead, but I think the IPR picture will be less clear.
> >
>
> I would tend to support this. Adopters need alternatives.
>
> > Sincerely,
> > Watson
> >
> > --
> > Astra mortemque praestare gradatim
> >
> > _______________________________________________
> > CFRG mailing list -- cfrg@irtf.org
> > To unsubscribe send an email to cfrg-leave@irtf.org
>
> _______________________________________________
> CFRG mailing list -- cfrg@irtf.org
> To unsubscribe send an email to cfrg-leave@irtf.org
>

v2.29.0 | Report a Bug | By Email | System Status