IETF Logo Mail Archive

Re: [CFRG] Call for adoption: Hybrid KEM Combiners

Russ Housley <housley@vigilsec.com> Wed, 31 January 2024 22:22 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80018C14F682 for <cfrg@ietfa.amsl.com>; Wed, 31 Jan 2024 14:22:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KA3iwHGgGXTu for <cfrg@ietfa.amsl.com>; Wed, 31 Jan 2024 14:22:48 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66D5DC14F5F6 for <cfrg@irtf.org>; Wed, 31 Jan 2024 14:22:48 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id B59BC9E56F for <cfrg@irtf.org>; Wed, 31 Jan 2024 17:22:47 -0500 (EST)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id A8D7D9EDAC for <cfrg@irtf.org>; Wed, 31 Jan 2024 17:22:47 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_42D34BEF-B99D-4A5C-8590-426349A52099"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Wed, 31 Jan 2024 17:22:37 -0500
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
To: IRTF CFRG <cfrg@irtf.org>
In-Reply-To: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com>
Message-Id: <90926731-0D93-408B-8479-92553ED75E09@vigilsec.com>
X-Mailer: Apple Mail (2.3731.700.6)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/uXDM_tJ-jz0lWSeyfjw0GMugTiQ>
Subject: Re: [CFRG] Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 22:22:53 -0000

Yes, the CFRG should work on this topic.  I am willing to review.

Russ


> On Jan 31, 2024, at 10:28 AM, Nick Sullivan <nicholas.sullivan@gmail.com> wrote:
> 
> Dear CFRG,
> 
> There has been a lot of discussion on the list over the last few weeks around the topic of hybrid KEMs, including discussion around the topic of where we should go as a group. There seems to be significant interest in this topic from around the IETF and in broader industry. We (the chairs) have decided to open up a research call for adoption for a topic in this area, described below.
> 
> The standard context for the group applies here as always: As part of the IRTF, the CFRG is a research group, producing research documents relevant to the IETF and broader community. The CFRG does not publish standards and does not dictate cryptographic choices to IETF working groups. CFRG documents often come with concrete specifications for parameterizations relevant to groups within the IETF. Recent examples of documents of this style resulting from topics adopted by the CFRG include RFC 9497 (OPRF) and RFC 9381 (VRF), which provide a thorough overview of the topic along with concrete parameterizations that can adopted by protocol designers.
> 
> The CFRG has a full docket of important ongoing work, so it’s important to ensure that any work the CFRG adopts at this point aligns with the charter by offering necessary guidance (for network security in general and for the IETF in particular) on the use of emerging mechanisms.
> 
> With that preamble done, this email starts a three-week call for the adoption of a work item within the CFRG to produce an informational document exploring how to safely combine KEMs. This document
> * Will use draft-ounsworth-cfrg-kem-combiners as a starting point for describing generic combiners
> * Will include an analysis of the non-generic combiner mechanisms for specific KEMs outlined in draft-connolly-cfrg-xwing-kem and other published works in the area
> * Will describe the security properties and trade-offs of various methods of combining KEMs
> * Will provide concrete instantiations of hybrid KEMs that are relevant to IETF protocols (potentially similar to X-Wing and Chempat-X), including pseudocode and test vectors
> 
> Please give your views on whether this should be adopted as a CFRG draft and whether you would be willing to work on this document and/or review it.
> 
> 
> Nick, Alexey, Stanislav
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email