IETF Logo Mail Archive

Re: [CFRG] Kyber 'interactive key agreement'?

John Mattsson <john.mattsson@ericsson.com> Wed, 03 August 2022 09:12 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFBDAC157902 for <cfrg@ietfa.amsl.com>; Wed, 3 Aug 2022 02:12:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNiSxh1LDOOQ for <cfrg@ietfa.amsl.com>; Wed, 3 Aug 2022 02:12:19 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130047.outbound.protection.outlook.com [40.107.13.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88C6AC14CF1F for <cfrg@irtf.org>; Wed, 3 Aug 2022 02:12:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IWVLvx+q8wburPRoc7UIHnyWY+xyLVPSlTBAYtTnuEJT351ntQUVIjLhIFR9hw0NeWPkazHlXiwd9Rb/cQ2etaj5wW8jlof8Ydmpz51UrtvFKfL4B4317IXg1MszSmaFM+g/AymF+ZHV62zMQuj4DtohW6oTz2ZXQTyTzjY8/zVQgSIvyWqGadyYBMRLjO8F36HOS3KvAJPB+MRprzy908teKjeBAXuOOvajAHU+Ov8ZUipWEVYFXh/TzjfmGxbeKC9T23QoFY5jx84fnSmuz3g47Ne4PnYkMx4AX9aPskRjgQLjB2xvzJuLAU/KY4FZqiBBprDItzaEQmn8tcH98w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R3dEFzgijHyzdqBDeJ0kG7+DMeXbhFsVGAI32WFv+wM=; b=cY/kwv1qgOczURGZgjRqUfZ959TIQEQsaUylxVJiWY6XPYqx/qATEmg9wi64mXspc4i4BJy2XGMrW9gB//oqT2F8nT3z2/yGsR1PEeW3722es7GdnozE/1aQh4xk64IgqkZ/nuNbGDM4tLnFmDv/+mtTXdQBdNVJyXlCKaw7sZ7/wMYbWNbtyo8hGdAcCGWkpVGR6YY+VokQTHy1T/lYcPNssd+WKxgABSc65xfJOj39ODkQOdHCqo6lLDxMfpsSBXQILV9C3ubR/LdF+Kr9Bpi+NIf0x3RQOhJFhPBGWjkLIZBy4Trdi7YSXN1TIFhhHbXmKDggTxqT5ZG/eA5TMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R3dEFzgijHyzdqBDeJ0kG7+DMeXbhFsVGAI32WFv+wM=; b=W63s0JJndjru/wbaoeL6bhLiyoCjZnYwy0x6MHz8dngFmW3C+CMpSneOgEOL17KieGY5Wh6Qtteek74NgmazipKlL8Q9mvKAfqIlo9j5sF+Oh2OzvmS55qpfSvjBCjS1OVOL21an7giIEBKR31WNSS8OWqaL9+t3txjciuYdF8Y=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AM8PR07MB7380.eurprd07.prod.outlook.com (2603:10a6:20b:248::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.10; Wed, 3 Aug 2022 09:12:14 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::7849:d9fd:1771:aa49]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::7849:d9fd:1771:aa49%3]) with mapi id 15.20.5504.014; Wed, 3 Aug 2022 09:12:14 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Andreas Hülsing <ietf@huelsing.net>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] Kyber 'interactive key agreement'?
Thread-Index: AQHYppjJzU+LpNruzkyfquhXp07dLa2b5YuAgAAftQCAALnt94AAE3UAgAAR9Js=
Date: Wed, 03 Aug 2022 09:12:14 +0000
Message-ID: <HE1PR0701MB3050D9238E0CE0FCE875D458899C9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <CAMm+LwiW0=xcFMz=PihjWydK9HWjg34pJskszZPF8L3nvJTc+A@mail.gmail.com> <CAMjbhoUYi4gg=asrgW5D6jxQC4RATK0piZP-bi-+kwFhPUEMmA@mail.gmail.com> <CABzBS7mK92M2ome+taYVjDcsi_crsjHttm8d63NN0gcO0xF3Hw@mail.gmail.com> <HE1PR0701MB30507BB9B85483B84941CF00899C9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <c3681448-f64d-55d3-6309-5b5540c49a78@huelsing.net>
In-Reply-To: <c3681448-f64d-55d3-6309-5b5540c49a78@huelsing.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 277d82b8-54a9-4b35-9134-08da7530415c
x-ms-traffictypediagnostic: AM8PR07MB7380:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QiOz6DZPXaBSzJ9YNeUyP4JanYFNhSmfrQzi8KyQzYc/nxqGz9FPa1ClKNxStxZs/i31h5BfYLHM30eT0WjQFDE2Mh688yMz7xg+DlOMr4eVGV0KwMmZ7T50N8Dl79m3zBK/TZgHhdbjCUCTBzLPbvu+S1xUL6x3FUYFqzTHykfzffOt9ab+DOMgL0USvDQuq/tL+TnYhVkgn5jHi6flNZpNlr6yxFgnGHK+mGOBi+8JRQVfK6xwleCCd3tYHn5umDIqzAcBKjsO4sNzZcr30Y4nGwXYjOgOufjEesfh23nQqd8oyX0WdhjXoXfP1vC9OMjkxJz7DQmGibzsupYj7oo4AZ3uCx0jPkqwumm2AEMYI/x8HyQfFnS+UVg+OdTWcilMtP7Ef9nYQPQrr9cTh+eM28kWhiNg667QEf42GrBYI2Sp2+s7KXxjpgobgnti7VvoWHFpd0O8XCip/wH7atVm5ZGLsGhjH5jxaOe3BJY+FCRu3V2SIkS9XLLPRKWRIiS3tSYBLMOQPgPjkVMy7zkLlVGwOQthA0qN9UNnkyFfq9Y6PGYKBwS/MTFN9vdXz1uG016vKEpzdgXLLLfSzUjfs+yade0JQTEwhEaex+LR74l5AgDoiSQylWMf1ifKogEfoiFV/bh4qTu6Tj0BMyLPrypw3bpMx8XDpAxWEU8PgcSFHFwclcgTicLj4d8sLbNz8LuYNeaU4asGp9TTJFFhQN6IZD4L4oN1y7hygAbL/7hKpFBvlcHTXr8KIe6EJu5UcLDbxrIgGXcgkNTSv6B42qLgIAR8czmTOiD2ZKLPMWAOt7ABSfVaL+ELkEsJ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(39860400002)(376002)(136003)(396003)(366004)(316002)(9686003)(53546011)(7696005)(86362001)(6506007)(26005)(41300700001)(110136005)(55016003)(478600001)(71200400001)(38070700005)(38100700002)(82960400001)(122000001)(186003)(66446008)(66476007)(8676002)(4744005)(91956017)(66556008)(66946007)(64756008)(33656002)(2906002)(44832011)(5660300002)(76116006)(8936002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: cuOQH6S4dQaK8pSUgTTUwWw9TClJOfPBu9kvwIBM27IMQ7/2vTpnPbgC7s/jpzock86Ikd3dhTqXfJHvuNP2+TMqlfqqo1G/hbuFDpiVAKhs51v7NpN0n8SKstDiyN2ZDEJLUQj8YF6QDWu937u7Zexe2RDl7VWNkiYIAT0H2xo6NvAwNsQYLwJVCjctN3O9AiMlAOICDMzyN0xMGX1vkK2LE9AwT0qA+neE3wR8e0Tc4p/kdPAbyPJl9nzWuIJo1LgM6vVUWYq+MKW4fAoYEb7vJwmJzyYTftBO/RquXTH1VUWoA66MhgTHtO8jKmSNUnMh7yh3X9HsYzrQ/X4nTcWM9dwmMfedjPf9gI6WKY3DY4SvwJTFFCcTr8ZfyNNcqNroMfup6WFsnJYKmvmrSxESXRipIYHzOmM4YEUKGdvjfPGV6g+iqGIlUtD0O+KcQhHw8VwDxF/M90rOMYALppZuaFic1NFhq55cB1Y4yvBwJlYZR9BJJaHLsg7m1AmTxN1s/yU3th7tzbmsZO2+z9EnWZyDP18oIkSKA8mZSZRo0IPl6vTvzGwKBQykv/NqkzhFdHDMX9Ps+/5h6/DJDHXjZC9lNJOICht4isNe51eBaU/5Gcz9mFhjyLTan5ianwYG2cczlB7H/sxmh3Tf5w1st8F1hF3FTb4UvpnpVDEeo6YI665A8BcAK47+0PZ/eJd3NxXShA2796CtJTWobYARfyT9CVMrVovGs1b0x37gcybWMX8mVHNWIKzaPoNlvA7EK9LdOIjlvWuUlOcq39+XsKj9oXbZQ+F84JOMpIcnClc9ufAYlUtrYwWE5DDYy6LK441AgppFi99e513XoB0z87I/w0uAwcwbL0lyGGs4e8xZGMa78InN52deUYtyb572OhU6ALVawU9NElLe/PBpoYEbmqwmrukM2TXOx6oy+IOs/hFsfZaAZuUmSprCT9gUyHf+c731+SIIKz88Fz1R7wlquIhTh5LwlHeHk6SQSr8PG0hvPpD8dpZ9pbAeQVeoQl520H3WCHGDULhJpEtbE0e+EjB7URlWTgjA/vQfCg8CoG+4LrNupfIihMRgcHneXTo6z4nus2fhOsrYVEK1JDc538pYPrAjtuzs17TBrWZZXmD9rxbcOiDhhHwqfJz/Ugymq0ApgZVHqrOQOsDGgHUt7nBjY0v/8bZcjjqonosqpjUZOEvIbpTEp/eiptm6sWI37rsppapvlb6H1j+zIRETzlM0Hyz07ev6bOmC+WJNQQGQ7qS3fmQY/DXneEKeUZXLn6M8tmUYAflyX5rQi9l2YYXXkgDQkG4QcEhh0L9XS9EHCY2Pqa8izR2UbNpDx+C67MBxyU4I4nvte8WY5/4kZNtBCBFoBHeuvHn86X1Inj+4OlDqLcuzlHizic4FT/mKjudD2Nr7I7ABBxR+Zq7ZeQXvX20rIhdCzlXh+mvgtvfZUV2qn7+pzu/9c4FqjJ8UVWoul8eCGAfLgX9DZ+Mt/2CTTtByHbr6bsFFa/6PumftwN2qe7kDEnkXx/pII68kMeMUC8/sVdn2kBs/P5M9lfJRL7gbuH0Wpx3mBVNJUX+qkZubRoqFVfc3X+V4v8BPmjg689HaARhuY69FnSUGBrnkGwpBqjuaR6s=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050D9238E0CE0FCE875D458899C9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 277d82b8-54a9-4b35-9134-08da7530415c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2022 09:12:14.1499 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4ZW65ymMns+GyYusenqT6etp7W15uxWW7YAuBcIPhK3ptb+AP7e+81ftB1dr2l27W6Ed4NJZqnEhXk3Gn/7gtjQSPOxVtSztwWAB4A7l9BE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB7380
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/n1o_aL5VrOY90_jnXkNX1AZ1l74>
Subject: Re: [CFRG] Kyber 'interactive key agreement'?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2022 09:12:23 -0000

Andreas Hülsing wrote:
> So far, using CSIDH in a production setting is a huge gamble.
Yes, I definitely agree that CSIDH is not ready to use in production.

From: CFRG <cfrg-bounces@irtf.org> on behalf of Andreas Hülsing <ietf@huelsing.net>
Date: Wednesday, 3 August 2022 at 10:08
To: cfrg@irtf.org <cfrg@irtf.org>
Subject: Re: [CFRG] Kyber 'interactive key agreement'?


On 03-08-2022 08:59, John Mattsson wrote:
>In some discussions with Trevor Perrin about Noise protocols it >seemed that there are two obvious ways out of this mess

A third way obvious way is to use a PQC schemes like CSIDH that can replace EE-, ES-, SE-, and SS-ECDH. CSIDH is not affected by the recent attack on SIKE.

CSIDH would be the perfect solution. However, secure parameter choices for CSIDH is an active topic of research. So far, using CSIDH in a production setting is a huge gamble.

Cheers,

Andreas

v2.23.0 | Report a Bug | By Email