IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Quynh Dang <quynh97@gmail.com> Sun, 02 February 2025 12:04 UTC

Return-Path: <quynh97@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97878C1CAF2D for <cfrg@ietfa.amsl.com>; Sun, 2 Feb 2025 04:04:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uPwqiCOxzEgJ for <cfrg@ietfa.amsl.com>; Sun, 2 Feb 2025 04:04:32 -0800 (PST)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FB45C1CAE9F for <cfrg@irtf.org>; Sun, 2 Feb 2025 04:04:32 -0800 (PST)
Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-540218726d5so3235194e87.2 for <cfrg@irtf.org>; Sun, 02 Feb 2025 04:04:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738497869; x=1739102669; darn=irtf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=1CVCwHMkz/YfyLcGyJjPYtcVjl7XL4zjKG9bPRNXRuo=; b=DLjI3z44hczW1jkMte0ypdJ7+7wb+5d2g15Jk/c/lFGx1CPOYc6ykTfNX0uvGem1iX OC4xGlA5R8bzARdrgXzdPP+r9o4GPMhRjyHrrWRzT8A7/l2Y+xNtIEnowBmUiZl/ra0w +cy45SRI6LwSOoPRZJzyabCD+cHgb1UO+SbeKZNyg5LfsaUtpozEzm9iO39+Lyj/GoJw IkDSq+AQE4SUI2U5/YC8Wm4aBfebudvETqC38OoQaOfVcGKFQ9ompI7iUUbO8t1QsFY4 FZfe/tfX3yTSFDwcLF7Q2AJ4kMP2eLzU65atJatexuTOVGxoIJpjEf1FT324sMS0lMYE 5/fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738497869; x=1739102669; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1CVCwHMkz/YfyLcGyJjPYtcVjl7XL4zjKG9bPRNXRuo=; b=ehA0kGHcrH5DpOxToQZf6TZ5GMaNu9+lFydZzawckqrJCTAnpUzyaG4t3tPHH1bz12 jzffSyKMazBPqgcnxD2qiL++G5IoCV9lhGUlOWb4BX1QhQkyisXdLInklu3+JavZeTBs peTQsJRcf5FC4TtsBEJbEDxxE28QMKeMGgTNW1LXmvdRB4jkhD4GHFrEMZM9gu1/1aTY /aTxkQozIXVb2DIVdkB2BZDknC6n41eAhHI7Wj6DgfCNdkc5LnV8Q8X4EHYoBhPRXsJD jhhocLy+fpvjg+T6ZZh214xiGuokHpFsKfHbRUIm0LKpxZGoUrys87UmqYjwseKNSUNK +/WQ==
X-Gm-Message-State: AOJu0Ywcbnlxx6LUB3CC1lLwUo+KkcSIzCqXjEJGxN1MNv0pyoh07aJM EC2ncYKUXL6CFxp5FhgDnRXctcLh6B1RiiiLNskJDB81LjTTmE6EY6lluHFkfPU640TZFNl3kCT TgGSEOSadLK7DNL0QM+Y3lAzLc1Xs4vOH
X-Gm-Gg: ASbGncuYAa3lFoSBC+sE96fpQj5nQ+4z50o/TsLUf6OSD/N6JOALNRFaP3o7ByKrEu6 r8hlmBo5Cag1mxAjFQfIEdUkZH5IENGqFySQi4RhqsBH85ZbNJ3qtN5WOm9LNIq8pbctMEcpeVw ==
X-Google-Smtp-Source: AGHT+IF70h4OxjkHZ8klw3hM1bQ2IwMRk3+zsaszD+I/mAIfvC7epliNhQ9ZWGTe2f9SmCkUoX7P0eJOfY1UjXlUJJM=
X-Received: by 2002:ac2:430a:0:b0:540:1b2d:8ef3 with SMTP id 2adb3069b0e04-543e4c3ca2cmr4572178e87.52.1738497869147; Sun, 02 Feb 2025 04:04:29 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnJ7TgnCp1GsSnRfJCY1rt+t2BBSadm0YkDM8tuL-pE+A@mail.gmail.com> <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com> <CABzBS7kLoP7U=EpQmotCQntASFGcrLXpnSuTQ3i18W-W8Hf5QA@mail.gmail.com> <b7af8867-7386-4f03-b28a-cd5a32297ec4@betaapp.fastmail.com> <87y0yvs2ct.fsf@josefsson.org> <CABcZeBPhr4gENxWkoKKwqdu_dW3=7GRyKjpG0sf10CSHOXGwhg@mail.gmail.com> <4c7e3fae-b6d3-484b-91e0-52a948bffa3d@amongbytes.com> <AS5PR07MB9675B69CC59D88AECA2F9C3D89EE2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com>
In-Reply-To: <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com>
From: Quynh Dang <quynh97@gmail.com>
Date: Sun, 02 Feb 2025 07:04:12 -0500
X-Gm-Features: AWEUYZnverDIelRNoRhmyEv9IAZ5EXPRReoQVjX9RphZzZKlxuVTTRI3AD508wY
Message-ID: <CAE3-qLT1AhE3BRhm_0qE+2McGGzsHxb7aLWqQfkbaHuHqdQsBA@mail.gmail.com>
To: IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000eef449062d2793d9"
Message-ID-Hash: A7KPOGL3ADLZPNNA2JD2UFULNQPLRGRL
X-Message-ID-Hash: A7KPOGL3ADLZPNNA2JD2UFULNQPLRGRL
X-MailFrom: quynh97@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/hSQeo6mV-E_UiFrrAxynntH00GE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi Deirdre, Uri and all,

The reason for running a selection/competition process is explained in my
first message below.

Help those users to pick "the best" one to use! This is a core objective of
being cryptographers: to help the consumers of cryptography.

The CFRG did the curve competition process. No important and complex
process will ever be perfect. There will be people who will  criticize this
or that.

Don't let perfection be the enemy of the goods!

The CFRG curve process produced 2 fine curves and importantly it produced
solid trust in their security from all of the technical details
presented/discussed during the process.  And that was a very good result
the CFRG produced.

My guess is that the number of the people who analyzed and worked in the
field of cryptography at that time was a small fraction of the number of
the people today in the CFRG.  So, if the CFRG runs the
competition process, it will produce a lot of new cryptanalysis works and
performance data and it will be an excellent education course for the
consumers of cryptography.

The consensus process does not present obstacles for such a
selection process. The chairs will understand the technical details
presented during the process and make good consensus calls.  If something
the chairs want to be clarified, they will ask.

Regards,
Quynh.


On Wed, Jan 29, 2025 at 7:50 AM Quynh Dang <quynh97@gmail.com> wrote:

> Hi all,
>
>
>
> Below is my personal view which does not imply any view from NIST or
> anybody else.
>
>
>
> I think the CFRG needs to run a competition process to select a
> lattice-based KEM to provide a good option for the users who don’t want to
> use ML-KEM or NIST’s standardized cryptographic methods generally.
>
>
>
> At least there are 2 candidates we all know right now which are NTRU ( see
> here https://www.ntru.org/) and Streamlined NTRU Prime (see here
> https://ntruprime.cr.yp.to/) . There are important differences between
> them; they are not “about” the same. Something is true with NTRU does not
> mean it is automatically true with Streamlined NTRU Prime (security,
> performance or IPR etc.).
>
>
>
> Here are the reports of the second and third rounds of NIST's KEM
> selection process which had both candidates:
> https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf  and
> https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413-upd1.pdf .
>
>
>
> It would be very useful to have performance data of  (many) different
> implementations of the options of NTRU and Streamlined NTRU Prime on (many)
> different platforms including constrained ones beside the data we received
> during the first 3 rounds.
>
>
>
> Regards,
>
> Quynh.
>
> PS: I don’t plan to spend my time replying to potential messages asking me
> all sorts of things. My apologies in advance if I don't reply to your
> messages.
>
>>
>>

v2.29.0 | Report a Bug | By Email | System Status