[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
"D. J. Bernstein" <djb@cr.yp.to> Tue, 28 January 2025 12:55 UTC
Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAD8C14F61B for <cfrg@ietfa.amsl.com>; Tue, 28 Jan 2025 04:55:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J00cneMPOFvf for <cfrg@ietfa.amsl.com>; Tue, 28 Jan 2025 04:54:58 -0800 (PST)
Received: from salsa.cs.uic.edu (salsa.cs.uic.edu [131.193.32.108]) by ietfa.amsl.com (Postfix) with SMTP id A7C97C180B40 for <cfrg@irtf.org>; Tue, 28 Jan 2025 04:54:58 -0800 (PST)
Received: (qmail 32476 invoked by uid 1010); 28 Jan 2025 12:54:57 -0000
Received: from unknown (unknown) by unknown with QMTP; 28 Jan 2025 12:54:57 -0000
Received: (qmail 1369372 invoked by uid 1000); 28 Jan 2025 12:54:48 -0000
Date: Tue, 28 Jan 2025 12:54:48 -0000
Message-ID: <20250128125448.1369370.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: cfrg@irtf.org
Mail-Followup-To: cfrg@irtf.org
In-Reply-To: <b7af8867-7386-4f03-b28a-cd5a32297ec4@betaapp.fastmail.com>
Message-ID-Hash: WPC37FA7CTXPGNC6WUVMYBPV3NHJJ3HE
X-Message-ID-Hash: WPC37FA7CTXPGNC6WUVMYBPV3NHJJ3HE
X-MailFrom: djb-dsn2-1406711340.7506@cr.yp.to
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/n_2ihnLLCo44mBa7j_Wpr3UQGGc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Martin Thomson writes: > With a 240 byte ciphertext (I had trouble finding a specific value, so > this might be incorrect), that's quite a lot smaller than ML-KEM-768. https://classic.mceliece.org/impl.html includes a table of sizes. In particular, the ciphertext sizes are * 96 bytes for mceliece348864 (2^150.59), * 156 bytes for mceliece460896 (2^190.50), * 194 bytes for mceliece6960119 (2^257.14), * 208 bytes for mceliece6688128 (2^257.36), and * 208 bytes for mceliece8192128 (2^287.21), plus 32 bytes if you use the "pc" variants (for pros and cons of those see https://classic.mceliece.org/nist/mceliece-mods3-20221023.pdf) The numbers I've put in parentheses here come from the CAT software from Crypto 2024 predicting bit-operation counts for attacks. The sizes recommended for long-term security are mceliece6*, so if you were hearing about 240 bytes then that was probably mceliece6688128pc, but it could also have been mceliece8192128pc. > But the likelihood that messages fit in a single packet is a huge gain > that has value far beyond what a simple tally might suggest. https://rosenpass.eu and the new end-to-end https://www.pqconnect.net are examples of squeezing Classic McEliece ciphertexts into corners of packets. Of course, the keys are split across multiple packets. ---D. J. Bernstein (speaking for myself)
- [CFRG] Progressing NTRUPrime/Classic McEliece dra… Watson Ladd
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Loganaden Velvindron
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Thom Wiggers
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Loganaden Velvindron
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… D. J. Bernstein
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Harry Halpin
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… John Mattsson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Martin Thomson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Simon Josefsson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… John Mattsson
- [CFRG] Re: [EXT] Re: Progressing NTRUPrime/Classi… Blumenthal, Uri - 0553 - MITLL
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Eric Rescorla
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… D. J. Bernstein
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Thom Wiggers
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Kris Kwiatkowski
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… John Mattsson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Quynh Dang
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Thom Wiggers
- [CFRG] Re: [EXT] Re: Progressing NTRUPrime/Classi… Blumenthal, Uri - 0553 - MITLL
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… John Mattsson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Hale, Britta (CIV)
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Sofia Celi
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Sofia Celi
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Eric Rescorla
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… D. J. Bernstein
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Deirdre Connolly
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Deirdre Connolly
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Simon Hoerder
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… John Mattsson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Deirdre Connolly
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Watson Ladd
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… John Mattsson
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Scott Fluhrer (sfluhrer)
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Quynh Dang
- [CFRG] Re: Progressing NTRUPrime/Classic McEliece… Eric Rescorla