IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Simon Hoerder <simon@hoerder.net> Thu, 30 January 2025 14:51 UTC

Return-Path: <simon@hoerder.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08406C14F700 for <cfrg@ietfa.amsl.com>; Thu, 30 Jan 2025 06:51:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hoerder.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTaYo36avu9X for <cfrg@ietfa.amsl.com>; Thu, 30 Jan 2025 06:51:38 -0800 (PST)
Received: from wp699.webpack.hosteurope.de (wp699.webpack.hosteurope.de [80.237.130.221]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5FF2C14F6A7 for <cfrg@irtf.org>; Thu, 30 Jan 2025 06:51:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hoerder.net ; s=he124907; h=To:Message-Id:Subject:Date:Mime-Version:From: Content-Transfer-Encoding:Content-Type:From:Sender:Reply-To:Subject:Date: Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To:References; bh=Vd+ttec6GQWggDbkARkmDymWHBxzw9pVm24f87x3HXw=; t=1738248697; x=1738680697; b=E1hxp5qAUDkUhmEakw0gmA8gnj8UjtnujgboeSdVsFal/K0Cs2NmNeEQ9qit2S25a6hsAZjIVZJ G9AATqhusFHO4SuOXZdK6bSEhDhY9rSW4HDNGWQqaJgpdf7oWzdPJEmZx4XxD3IBd3Wy8IsGZFnwa z4SoCtZW+blU0QE8Jc5V88fAN7llUn4SVpTv5hTMuev1izx1ztn/EPIt1twIVpSzBGIorhE/PtKoM cxFZuJKPpHtCDRzYlCWbystiKPWSqOAWW8zjVc19eWNtbw4QO5RSej83H05twNS6NOUB0IXgsBIHN t0LxGZ5CQ6UU0Rnh9A0znMlUyZtVXDPm062Q==;
Received: from 2a02-a420-27c-b316-9454-7e95-8d70-bee2.mobile6.kpn.net ([2a02:a420:27c:b316:9454:7e95:8d70:bee2] helo=smtpclient.apple); authenticated by wp699.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128) id 1tdVtH-005vCh-10; Thu, 30 Jan 2025 15:51:35 +0100
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Simon Hoerder <simon@hoerder.net>
Mime-Version: 1.0 (1.0)
Date: Thu, 30 Jan 2025 15:51:24 +0100
Message-Id: <517A14BD-408A-4925-B6B0-815F881B1208@hoerder.net>
To: cfrg@irtf.org
X-Mailer: iPhone Mail (22B91)
X-bounce-key: webpack.hosteurope.de;simon@hoerder.net;1738248697;ab2df2b5;
X-HE-SMSGID: 1tdVtH-005vCh-10
Message-ID-Hash: O2EHDABIHXS6O25ANSBIGLZSAPUCB7QB
X-Message-ID-Hash: O2EHDABIHXS6O25ANSBIGLZSAPUCB7QB
X-MailFrom: simon@hoerder.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/j1icEy5L75shkW1_ZpTQZy5b5xQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi,

My private opinion as a mailing list lurker:
* I expect CFRG to standardize additional PQC algorithms if they’re sufficiently reviewed (based on rough consensus, as usual) and if there’s a clear benefit to have another standard or if it mirrors a paywalled standard.
* I currently struggle to see why the world needs another lattice KEM. If ISO/IEC standardizes NTRU and CFRG finds a way to mirror that outside of the ISO/IEC paywall that’ll be great. (I’m not having high hopes though.) But I don’t really see why ISO/IEC would standardize NTRU in the first place. Admittedly that may change in the future but having too many competing standards just leads to a bunch of crappy implementations.
* If NIST does not standardize Classic McEliece, I would expect CFRG to standardize that as an alternative. 
* Only because it has been mentioned as an option on this list before: If CFRG decides to run a competition for a new crypto algorithm, I would have a lot of questions about how that’s going to work. I don’t want to see this getting bogged down in process discussions but the processes to support such a competition (without interrupting all other CFRG work) need to be in the place. Also, I believe there’s things that can be learned from NISTs current PQC competition regarding the complexity of running such a thing for asymmetric algorithms. Most importantly: I’m not sure that there’s a need for a new competition. Sure I’d love to have cheaper & simpler PQC algorithms but I’m not convinced that a new competition now would produce trustworthy outcomes that are significantly cheaper / simpler.

Thanks for the good work all!
Simon

v2.29.0 | Report a Bug | By Email | System Status