IETF Logo Mail Archive

[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts

Quynh Dang <quynh97@gmail.com> Wed, 29 January 2025 12:50 UTC

Return-Path: <quynh97@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F68DC14F6FF for <cfrg@ietfa.amsl.com>; Wed, 29 Jan 2025 04:50:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.853
X-Spam-Level:
X-Spam-Status: No, score=-1.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2-G9dD_8DAo for <cfrg@ietfa.amsl.com>; Wed, 29 Jan 2025 04:50:29 -0800 (PST)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C61A3C14F60A for <cfrg@irtf.org>; Wed, 29 Jan 2025 04:50:29 -0800 (PST)
Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-30761be8fa8so71244961fa.2 for <cfrg@irtf.org>; Wed, 29 Jan 2025 04:50:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738155027; x=1738759827; darn=irtf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=p+47Qtp2Kww426LrXn5+h9n349nRUCzkaAzw2c+FQM8=; b=Tf3pCYDj1dlTxJSS4gFig5CS7ZDkp6rsI548GNC3oCypjJX8YY+K6VvM0zepnct2G+ vD2t3/3vQ2hK/ZazEBpw7UnPHxtgWahuxE5X9fpIVH3CfwWUtarUikUNqK4k3SKU+6zt GoHPkK5iDbzo3pyBT/hRyJa5WHDFl4R2bYfTeHzfSHm8SLJqwKrU5EprDIpTjH8g1Hbd TA3TXy55LlF9vMtPmZ2FF7PM+hEo11HbcZbL6JHFo/tLROoMxSAMITZ1kC+jfKOUPjOS W582GGd1Um0xrSLCqWOCxaNBlCBgVHVXmUrGqvxXl88jQs4aORv28J4xM50fieotMt6Z Gi5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738155027; x=1738759827; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=p+47Qtp2Kww426LrXn5+h9n349nRUCzkaAzw2c+FQM8=; b=s+29evKLkBjbB6FH3NfyhXZavZWj899CjRmJ97JlpznNlZoL7DnP9u1seyosAycvL1 fbESC9OPvuV5VXlGBWERgxvYFHZkfWXSof/SPBcggyi4ua/43vfgX4+KcVvjBW6fKxiA EhWvdC9GoqUeS8OgIs4WM6ZGdekx/bl9iv1QYe34st1WYRdnDy+qYdsjQ0ZNu1PHjKA5 TN2qY9oL6KQh+rXNK9Tux/ha0CJqIHTIksQqHpcVdITCQOeFNhF1YhK5JqU2RfBHqznC N8KSTJ5DqHNjTIbul9WmqVHX8VSaL9cUGEWeZ3hZsCzHGA3PUB2jAsE1m+ytPh0RxQd1 pqxQ==
X-Gm-Message-State: AOJu0YxJt4BH+FGSIa+6NtU2JTcIgCOSTenOw0vdPUB664k83b98Xlz/ CbowUSQMA/qVYLyhrr1CVlMxGLRVKe2zStdfHth/Uxiam04BGQRWCdjk1/M4yTlCvjLTHBOMsGb MIPZ9c6SWdApKx5zscEESM36F3E/f+Z2i
X-Gm-Gg: ASbGncsxkoussNK1k1ECmSX768ZIeqCeN5ViPV53jXZs6p0gdEtC4Ve5aQAupuCumTg INrsBbiUJ8crj6we3iwamOYoby62fpEdAnT6ddb1mykkvyYYy4QrUpjWnClkBpUXTI6ot8+h6s1 bGLsSUhhAK
X-Google-Smtp-Source: AGHT+IHWhO05+J2GU+wODWBmY9dTfR5MTRh6tIRzZ4mMXw2uE0uHoL75P+fBPf06lvXkUPh/PiktSFwylP6xNwt9GVA=
X-Received: by 2002:a05:651c:b0a:b0:306:f7b:20b with SMTP id 38308e7fff4ca-307968ec715mr12375211fa.24.1738155026141; Wed, 29 Jan 2025 04:50:26 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnJ7TgnCp1GsSnRfJCY1rt+t2BBSadm0YkDM8tuL-pE+A@mail.gmail.com> <CAOp4FwR_E4hky7RehU4c1rsy1tFxDgUTfKRRuj3NxWBThC3sow@mail.gmail.com> <CABzBS7kLoP7U=EpQmotCQntASFGcrLXpnSuTQ3i18W-W8Hf5QA@mail.gmail.com> <b7af8867-7386-4f03-b28a-cd5a32297ec4@betaapp.fastmail.com> <87y0yvs2ct.fsf@josefsson.org> <CABcZeBPhr4gENxWkoKKwqdu_dW3=7GRyKjpG0sf10CSHOXGwhg@mail.gmail.com> <4c7e3fae-b6d3-484b-91e0-52a948bffa3d@amongbytes.com> <AS5PR07MB9675B69CC59D88AECA2F9C3D89EE2@AS5PR07MB9675.eurprd07.prod.outlook.com>
In-Reply-To: <AS5PR07MB9675B69CC59D88AECA2F9C3D89EE2@AS5PR07MB9675.eurprd07.prod.outlook.com>
From: Quynh Dang <quynh97@gmail.com>
Date: Wed, 29 Jan 2025 07:50:07 -0500
X-Gm-Features: AWEUYZmYaMzbOBrBvqsx1CmQ_b8BADiMcaubW0NaSGflDQdPUOgIwi5iPQ9Rq1c
Message-ID: <CAE3-qLSoXJYHaxepMhnr7to0QBhSCcB9=jXVVNWyNgOLFxxEew@mail.gmail.com>
To: IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000e5d749062cd7c095"
Message-ID-Hash: EJR74PFHYKM2JPIHI3BC7FP6HZJVTONY
X-Message-ID-Hash: EJR74PFHYKM2JPIHI3BC7FP6HZJVTONY
X-MailFrom: quynh97@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/xzL70hlLMtsHwORyGrmXoJp9C2o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi all,



Below is my personal view which does not imply any view from NIST or
anybody else.



I think the CFRG needs to run a competition process to select a
lattice-based KEM to provide a good option for the users who don’t want to
use ML-KEM or NIST’s standardized cryptographic methods generally.



At least there are 2 candidates we all know right now which are NTRU ( see
here https://www.ntru.org/) and Streamlined NTRU Prime (see here
https://ntruprime.cr.yp.to/) . There are important differences between
them; they are not “about” the same. Something is true with NTRU does not
mean it is automatically true with Streamlined NTRU Prime (security,
performance or IPR etc.).



Here are the reports of the second and third rounds of NIST's KEM selection
process which had both candidates:
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf  and
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413-upd1.pdf .



It would be very useful to have performance data of  (many) different
implementations of the options of NTRU and Streamlined NTRU Prime on (many)
different platforms including constrained ones beside the data we received
during the first 3 rounds.



Regards,

Quynh.

PS: I don’t plan to spend my time replying to potential messages asking me
all sorts of things. My apologies in advance if I don't reply to your
messages.

On Wed, Jan 29, 2025 at 6:48 AM John Mattsson <john.mattsson=
40ericsson.com@dmarc.ietf.org> wrote:

> I agree that CFRG should prioritize things that are likely to be adopted
> by IETF, but I think it is important that CFRG is not limited to things
> that have a current customer in the IETF. This would be too limiting for an
> RG. CFRG must be able to work on things that are likely to be useful by the
> IETF long-term.
>
> John
>
>
>
> *From: *Kris Kwiatkowski <kris@amongbytes.com>
> *Date: *Wednesday, 29 January 2025 at 12:30
> *To: *cfrg@irtf.org <cfrg@irtf.org>
> *Subject: *[CFRG] Re: Progressing NTRUPrime/Classic McEliece drafts
>
> i haven't seen anyone suggest that CFRG should not publish its own
>
> specifications regardless of what NIST does. That's certainly not
>
> my position. That would be an odd position to take as CFRG has
>
> already done this a number of times.
>
> For primitives like LMS, XMSS, and HKDF, it was IETF that originally
> developed the specifications, with NIST later incorporating them into its
> standards.
>
> +1 for CFRG focuses on defining primitives that are likely to be adopted
> by IETF, ensuring they are well-vetted before becoming part of widely used
> protocols.
>
>
> _______________________________________________
> CFRG mailing list -- cfrg@irtf.org
> To unsubscribe send an email to cfrg-leave@irtf.org
>

v2.29.0 | Report a Bug | By Email | System Status