IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

"Hale, Britta (CIV)" <britta.hale@nps.edu> Thu, 30 January 2025 05:14 UTC

Return-Path: <britta.hale@nps.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB5A9C169401 for <cfrg@ietfa.amsl.com>; Wed, 29 Jan 2025 21:14:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CA3hj_jwnugo for <cfrg@ietfa.amsl.com>; Wed, 29 Jan 2025 21:14:12 -0800 (PST)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on20628.outbound.protection.outlook.com [IPv6:2a01:111:f403:2409::628]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 630A6C14F60E for <cfrg@irtf.org>; Wed, 29 Jan 2025 21:14:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PnYgom25L78k/QSiaQ0gamw+FyQBPm9xuyS/uW8qPksp8TW45Ds5u6PuesAbRj3ForwKR4jRXs105Xt1m4BQG8AiYHlzool69KEF5MtStXN8VIIPEn4juVCJDVyvKprw9MBVRf90zhMrF4AFFRR8Qw2Qd5Rw8qyY+jdjOkZ/5doKKR8rjoYKjP1JqVbvljsbtUBC/2F+aPOvF+cG+r9gmCX+R7zCO46/NiV2GIuCZyFUFi7bXhDYP7lpO5FUpLqQjaRHdnnL/oBD/zjei1JRZBoOFvU5tGP/xGIT1hBhNbcCKsaLrRlqwZvicyLEcyFiQazSDw/eKUY3bEwvV2H4ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IgIMn/4/bOkfPSY+wO9iHFsyVJzOOCpZqg2nV9MT/3s=; b=sA9dsRb+CHvGA4j2o2t6a1UzGC0Web831aKNIcJhhUIteY79oDbZhumPapQrkNNPCu+rB+cGVPRV889AOhLkSmVStzL23Ym770AXD6qEEe81r5FcCcaZEW9/Xox3nF1FLOUFILs2xw7y91cC8TCTKtNCZdKlo1QcwdpiInoAAb85/bjubv9p56zC5iq+NmM82FdS4KP3I1xtqzTPqZGtybgFDXz8aH3wqwqtOUWFpX+xf8Zo0vYy4gZLZBjOjcTjhq+2AVZSBq77Sim8imjY+kZguktEQLHrHBH8iPReGfFPYROztK77pjDr3gXGyxpr5bMLXbL4TKb2fbvjmu7rQQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none
Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by SN4PR13MB6024.namprd13.prod.outlook.com (2603:10b6:806:20d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8398.18; Thu, 30 Jan 2025 05:14:08 +0000
Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::e4c7:c5b3:6a81:8232]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::e4c7:c5b3:6a81:8232%4]) with mapi id 15.20.8398.017; Thu, 30 Jan 2025 05:14:08 +0000
From: "Hale, Britta (CIV)" <britta.hale@nps.edu>
To: Quynh Dang <quynh97@gmail.com>, IRTF CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
Thread-Index: AQHbbuY0ivgm9fmhu0GNtQrAdKTJjLMqVq4AgAEvGgCAAG3hcYABGIgAgACYWwCAAATIgIAAEYWAgACM0YA=
Date: Thu, 30 Jan 2025 05:14:08 +0000
Message-ID: <7F0C9C22-EB00-4191-81F6-1D45EB728974@nps.edu>
References: <CACsn0cnJ7TgnCp1GsSnRfJCY1rt+t2BBSadm0YkDM8tuL-pE+A@mail.gmail.com> <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com> <CABzBS7kLoP7U=EpQmotCQntASFGcrLXpnSuTQ3i18W-W8Hf5QA@mail.gmail.com> <b7af8867-7386-4f03-b28a-cd5a32297ec4@betaapp.fastmail.com> <87y0yvs2ct.fsf@josefsson.org> <CABcZeBPhr4gENxWkoKKwqdu_dW3=7GRyKjpG0sf10CSHOXGwhg@mail.gmail.com> <4c7e3fae-b6d3-484b-91e0-52a948bffa3d@amongbytes.com> <AS5PR07MB9675B69CC59D88AECA2F9C3D89EE2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com>
In-Reply-To: <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Enabled=true;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Enabled=true;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Method=Standard;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_ActionId=ece82bf8-b3a6-4e01-920b-a44eb830e183;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Name=No Label;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_SiteId=6d936231-a517-40ea-9199-f7578963378e;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_ContentBits=0;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_SetDate=2025-01-30T04:49:54Z;
user-agent: Microsoft-MacOutlook/16.92.24120731
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nps.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR13MB3348:EE_|SN4PR13MB6024:EE_
x-ms-office365-filtering-correlation-id: acfebc03-0e41-48a1-8834-08dd40ecece2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|4022899009|8096899003|13003099007|38070700018|7053199007;
x-microsoft-antispam-message-info: MWiWmhIcGGlqCqwAfx51tHbvC++qoKjEgpNDLcls8YNMJkWXELBsoVrbU+v2UeFPTL1FyVnzAbuOtU9BER6W+KV61FBlBGNFe+UUa8oL927oa/ag8/ImzMHFf/BCF+gkGgDrekPT/VvhZjw0a7AGpytPUd+x76ux9OgpTmAB5hb8BUQQWfHcHq1rNQhfhlWlNv+ZSLUkJlircEFcxELEbovMgeJ8evryqAjE17/xYe2SS7e7Gy5RgD5SlVmmF5Iaj3f0jy5SKcInvkTpYyEhxWgUZTPXth/d1wAfTQEf7e4fkkbxpfe4uQZ1DyNrEVeMEyhohxSbGD9lheWHi4MP/gF1+IjOURXdcGq1EirfcrWn3u15AxOZQcrO4ZluvQ3t/p9WhcWABa2WqhLImqKJ8/oObo1WhuzzHFO1gymG/E9uvK2ZfkwWA05DtCosgwddy+cagrm/j2mZWINmQ+WOP8weXodVVJEIhw5O3vWjYR2ViIFPSOcNiVG2v9dP1oMKCsNjVqd4Dlvv9tmw7pb/vF9ZpsDMTCmVyYAb1jaVWf/8BNapIfZvzv50X7A2cy6CK2hgaW2PNQ66MLTjYVRfJgKcjXUa7QNfg8KVdIjF7Qsi9ejXqoRmIvM6Stkg8mYG59X4tJsm7MmS9HyGtjNDxzEDX3qht58pY3XSLROHSNjqnH8I/tKHhFUOoesSEVzgBzFSuDTKqW2DplMZnfMFcsEsj1uv7PpvbKJq7qVRVv8g80i9CLuMdbOCp5p20rE9nTuPxXggrYBXLY6hqPKjMp6zpynYAqJqj5wiQSM6H+Ad8w/by667xoQJwuHMWnVpwswy1PKJ/zTWAqlqeGLHcgFfPIiXfnjTyYbyga0mJSZ23KqjU1+KbCKNCCOMCbO7Js6yu+yQYAiRFg/+gydByUIWWMFKBuRzSw+cj8FWg5t71RO4enntornFo2LSDpOSzcgZSSbo1kbTHkEUNZSF+OcY22QVhHqD6WwkD1tYAAez2ZvQRGc8r9RwgTTPEdJtVRyv/A+axATJJgSPvsJhOsEu54ZlsefKFIvrwxATzAcnjuCMCt447tS4d+FNiNEMUbjVpY/rw/1AAovL3XnumZIGE3T5Bd468Nv3D6gKlEwVeuAfSckVP9TREDXk7XdHMwY77WzY3ZDCORJb/JopxeRND70B0TOWmNQalw6fNo6mt06SA1GJ+mxD5YwyLGZzhsObGGbCMWnFtLtTdfOYqBt1vyAaQrLQcBrG1tPBu50uJPjjy0EIE3M4ii10wOC5r07WTLxz6KOpUPEeP/7AhwLi5S6Ny7COH+Gap9/Fu5RY61ZU5fe6Gh5tnUTJ5tTgcazFqyX+c81UhrFYzZn0a7RylyGpgUi21E1DWh5EPeAGfs3AGb8auMOX8RRFI6DR
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR13MB3348.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(4022899009)(8096899003)(13003099007)(38070700018)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: he4+rQUw9+sUXNEqSEZ5EpG7Q8Zrgns2r1PRBo36SlwBykiCdWtnmEDYe6MR0qKF7pnHH8llIAE2tnbbGHXilsqIW6Jl9VpUFhraj/64MruhatBth1vXBaEueuHeHg91qhZhDTP9e8nrg0y95ExI5mROhlEuFryyNuXeU0FMBWiBmF9Vi79t0nEN/czzJ5N2T897Iku6i7qeIlFnUdttdOVnt0+A9Fx7aXPGl2zKUVOqakU50EjnBDwRS8w8BOOzUG9srGD0DYqc4/65vcKHUgkxiV55cn2tRowejP3qAKdjha7HOpgOmrWyK0GV5w1f2szR/PMi+8oVkMRy+F4mheosRXQN9fgw6CzJgf/5PUz64QpSkQ6WOZTgPdFpTnAHrij40lpTOdFUmWovSQsoR9EOTcKh0UkOTaXUzkay6vAtw9M2PWYFpWBoAhvDAxuRbrx8KSDZ0Zk3ThMIJWcrnponFww0o4/Khep9MTZFWMfuCfjY0h0WYbSTtfL9GNG4I4aYvi++5Ns6ZVttAbZRVTypvVYPxd2deaOfDSJXR56n6TF5fxz+sId3wLCShyPlHcNS/6aE+CKyNXkudUBBCUA/OexzLGp4i3x7sc20Dl9J95KgJ7eP864/Ld+Odc33b0cVzHZ5TfRDmwyW69EcDPUMY5/RJM8YYtfAhWUhUX8zpCXhTJ04ZJG8woiz7PyyDiE2aTCSvy3iGoswxWmBzhJABi/hiISiEMY7HbXTHRcghe/9F6qwtXEbuXZaTJBoARGzpdMO+M16kwEIuG6289Bjz2Jq5oB55bfQi9baVFlPXxN+wKsn9WVPOYZdmfg5/B94Clj2XYVFlDcwbf9JoMOZeekchzMCbWIoQguAOiw4vKKdM0ACKQztEWP55675HXtWdYJFEzMGBe3qzcGmD1TqMGmkeLctzJIQrOXoKdj/L7pjv8/LpNQir1aotDDxE0fqadazwvBVCMCj+QngqniJjFhb8peGzPFg5Tyo8xfaikXX6f0x7vyk4rRDvD2uRdnyQnkejN05iPT47HxcpvDAdTwsngfVMHkToLCWA1wPf4xqoZWGQ/owzdgCCdliI2uITJF29IwkF/mP1J9uRE0EeCwDNFQOnRdDIlEqob05BuVLOuNwgsu1S5a3HPCUCms7Gik8Ll+hErhou3SDQc70vs69Vby3BTv3xFk1BekE21wDMzp0/Wt04cqS4ukAYrjm1w+84NGa5NRtqiXczMVMpqnBxgX4I9M35ofln3nnurFlxooOJcIENR8lFXTPcVI6CMTYhm61HtN8lD/9w8lLqeV7G1S82JxH+IzWZOJGm8ix8LTqsyvrP01YYeA8zXmUfyezpO2UuRHY78GAu3MiAf6juDfxbP2uGvDon1fc6/JlmfFaLaR0LgUhmPj29J81F8+8oO/KHBdKIdMEkp3n/PLlSg42Cqa+i6O2+r/UyfshPoD748qucIqTRoazKo6LITJNSh0SI3YbL8Q84KMOT+7fCZ4AraV5HnGwD6hL5wBjyVuIIrpql4/zkprImu03QWTbP6xjCiRlzzhDYAbncvz4oIMuboOeTGIGYJ/9l1zK69fcEFywDj03UR7tqh4lDyVgd76DEgyxgwQKHw==
Content-Type: multipart/alternative; boundary="_000_7F0C9C22EB00419181F61D45EB728974npsedu_"
MIME-Version: 1.0
X-OriginatorOrg: nps.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: acfebc03-0e41-48a1-8834-08dd40ecece2
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jan 2025 05:14:08.6588 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Gv+m+c6WfFn9+/D0w5j8hcDDxexdE7QYy8pThPMcGigzKBWUG8YivrIhFM0Iz4wQiENCq73NgkDOoyeMiFRJEQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR13MB6024
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 12.219.35.140
X-MS-Exchange-CrossPremises-transporttraffictype: Email
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating;SFV:NSPM;SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: SN4PR13MB6024.namprd13.prod.outlook.com
Message-ID-Hash: 53ZZWMTVXENTXKZKZOPR5XJSLVY574QU
X-Message-ID-Hash: 53ZZWMTVXENTXKZKZOPR5XJSLVY574QU
X-MailFrom: britta.hale@nps.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fI9ol8ZvDI9nRBNOG14qNq1617I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

All,

Speaking as a personal opinion:

Like Quynh though, I think it would be wise to have some type of process in the IETF moving ahead with algorithm standards – this is not because there is a problem with having ‘extra’ standardized solutions that are applicable to niche cases, but rather that spreading focus across many algorithms diffuses efforts in analysis and focus, which in turn can lead to subtle gaps. There can be several standards, but we should be careful about how much oversight each is getting before moving any one algorithm forward. At the very least, I recommend a limitation on parallelized efforts, so that sufficient focus can be dedicated at a given time.

Analysis should also be a heavy factor in consideration of algorithms. In some cases, such as NTRU, the NIST process stimulated multiple analyses from the cryptographic community that provide insights on its security. Not all algorithms being put forward have had such scrutiny, and all IETF efforts are not guaranteed to have a similar analysis attraction and priority for the cryptographic community as the NIST process had. It would be quite risky to start standardizing algorithms based on e.g., only one or two peer-reviewed papers, as it suggests fewer expert eyes on a problem. Consequently, I recommend that consideration for IETF standardization be based not simply on potential functionality usefulness and likelihood of adoption by the IETF, but also how much analysis it has undergone.

Britta



From: Quynh Dang <quynh97@gmail.com>
Date: Wednesday, January 29, 2025 at 4:51 AM
To: IRTF CFRG <cfrg@irtf.org>
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

NPS WARNING: *external sender* verify before acting.

Hi all,

Below is my personal view which does not imply any view from NIST or anybody else.

I think the CFRG needs to run a competition process to select a lattice-based KEM to provide a good option for the users who don’t want to use ML-KEM or NIST’s standardized cryptographic methods generally.

At least there are 2 candidates we all know right now which are NTRU ( see here https://www.ntru.org/) and Streamlined NTRU Prime (see here https://ntruprime.cr.yp.to/) . There are important differences between them; they are not “about” the same. Something is true with NTRU does not mean it is automatically true with Streamlined NTRU Prime (security, performance or IPR etc.).

Here are the reports of the second and third rounds of NIST's KEM selection process which had both candidates: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf  and https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413-upd1.pdf .

It would be very useful to have performance data of  (many) different implementations of the options of NTRU and Streamlined NTRU Prime on (many) different platforms including constrained ones beside the data we received during the first 3 rounds.

Regards,
Quynh.
PS: I don’t plan to spend my time replying to potential messages asking me all sorts of things. My apologies in advance if I don't reply to your messages.

On Wed, Jan 29, 2025 at 6:48 AM John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:

I agree that CFRG should prioritize things that are likely to be adopted by IETF, but I think it is important that CFRG is not limited to things that have a current customer in the IETF. This would be too limiting for an RG. CFRG must be able to work on things that are likely to be useful by the IETF long-term.
John

From: Kris Kwiatkowski <kris@amongbytes.com<mailto:kris@amongbytes.com>>
Date: Wednesday, 29 January 2025 at 12:30
To: cfrg@irtf.org<mailto:cfrg@irtf.org> <cfrg@irtf.org<mailto:cfrg@irtf.org>>
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
i haven't seen anyone suggest that CFRG should not publish its own
specifications regardless of what NIST does. That's certainly not
my position. That would be an odd position to take as CFRG has
already done this a number of times.

For primitives like LMS, XMSS, and HKDF, it was IETF that originally developed the specifications, with NIST later incorporating them into its standards.

+1 for CFRG focuses on defining primitives that are likely to be adopted by IETF, ensuring they are well-vetted before becoming part of widely used protocols.


_______________________________________________
CFRG mailing list -- cfrg@irtf.org<mailto:cfrg@irtf.org>
To unsubscribe send an email to cfrg-leave@irtf.org<mailto:cfrg-leave@irtf.org>

v2.29.0 | Report a Bug | By Email | System Status