Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 07 September 2016 12:48 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81C3E12B025 for <cfrg@ietfa.amsl.com>; Wed, 7 Sep 2016 05:48:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDnvFN3r39b9 for <cfrg@ietfa.amsl.com>; Wed, 7 Sep 2016 05:47:58 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0047.outbound.protection.outlook.com [104.47.2.47]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9AB912B4FE for <cfrg@irtf.org>; Wed, 7 Sep 2016 05:47:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EnDN/qhHjD7DUK8z32N6+nzZEpjoMm70WDnHJQ6FOmc=; b=jalzVKzkjvXMJxreWu4o+bMzOHNV+YJ/kSIX7hzeV9BBaIw6ndXXtAsTzQaVYr7ptFmADJ5lx+kIt32zUjHB3Aip5sjr/uVweKLgN3w2ARpLOggGNHvEtNom00rNW+p1/m4hQvRW2EDRuLC1MpsKb5tBxbSm5K6nDD6lZSz1HMc=
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) by VI1PR03MB1824.eurprd03.prod.outlook.com (10.166.42.150) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.599.9; Wed, 7 Sep 2016 12:47:54 +0000
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) by VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) with mapi id 15.01.0609.016; Wed, 7 Sep 2016 12:47:54 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt
Thread-Index: AQHR15UYqNPamwit8kua06Zbbm7UcKALfSwAgBrD+ICAADlwAIAAAzRGgAAcaYCAR9NGAA==
Date: Wed, 7 Sep 2016 12:47:54 +0000
Message-ID: <D3F5C831.73D50%kenny.paterson@rhul.ac.uk>
References: <20160706144508.25995.18605.idtracker@ietfa.amsl.com> <577D1B6E.1020506@huelsing.net> <D3B93AC9.7187E%kenny.paterson@rhul.ac.uk> <994C5976EA09B556.08963792-86E6-4CE4-95FB-23F0F6046EC0@mail.outlook.com> <C6F5FDF9-6A09-4ECB-AAF5-985BF06F0F83@rhul.ac.uk> <69e0bf26-c079-75fb-0a5c-751bf3581016@cs.tcd.ie>
In-Reply-To: <69e0bf26-c079-75fb-0a5c-751bf3581016@cs.tcd.ie>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.6.160626
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [134.219.215.236]
x-ms-office365-filtering-correlation-id: 90f29b1f-ce84-4987-d186-08d3d71d2f93
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1824; 6:eoSsx+6rSj0i9Nt3HCpnhTMhh+7RpxAO5nofNOH1W0u+HmfZKz26kzRhU8NOPQ5wNYh4ylEZD+VmFa3MH/XDUWTtz1LeLyT91LdTRb9S7V/YmJhPYktSERpceVnJu9H94e404Zn81WqMBgh3dtPqqhl62I+22WXD6UM5z6Y+yLCDQd0OXcRDhocBxDzLUSumiS2BSiP7jJc1ufObM6xvD2+c/qJUxx5vX841gOgecaE0FP4edSV6jFPgwzzpXPZqjsuK67Kg5UikFytXbwzWD9AyAbbT1utDJpwQCl1llQM=; 5:TGKi3U8XOAdazPYZezP6YuAIR1ucn0wv9xww/TY7hfiHCqdfj5h2Q883xYvivarGRs0I0bhet04GsoN2VJgHRFpg6U9BqefdY1sJsgfjjiDMw+wYe9D6nDecq5brtsSqo1Mr/pWCvHOBb0ulP4CoAA==; 24:PtAD8UB+46FV7f3AHetyhW02L8doOIihHlRhDSkFxdH8VKhqQDT2O5bY7rVj1d/6H/fjnVgLYpkMgvkpahHMBBzEtAQwm7A4mbMviNzCHHg=; 7:ScV9JMuO+hIA7rLMaNFAXK5QdzC2piv4eDoKQiswGElzdQ/ZidflgySve+fhLNh6REqx3cqsAHLEyrMNvyFrw54pTrlaPqoEHJUqW7dzTIoWWFdBtFAKm6ksaavGfbxnKZ0FXctWpMFQlXC8u0jV/AWVterze0V+oQvdgMRLo/tb1nCeziFTLIct1UUAujIzeT5wQ2ZT+rRgXbHCAXA91gVD73uEaWoHIlCbFJVmKnGlv8aKuuqeDCh5W+YZtnGW
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1824;
x-microsoft-antispam-prvs: <VI1PR03MB1824A606C345F41BA8F55158BCF80@VI1PR03MB1824.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(100405760836317)(266576461109395);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:VI1PR03MB1824; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1824;
x-forefront-prvs: 0058ABBBC7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(43544003)(53754006)(189002)(199003)(5002640100001)(2501003)(11100500001)(105586002)(19580395003)(2950100001)(2900100001)(561944003)(101416001)(6116002)(92566002)(74482002)(3846002)(102836003)(81156014)(7846002)(68736007)(8936002)(8676002)(81166006)(83506001)(76176999)(54356999)(5640700001)(50986999)(586003)(86362001)(305945005)(2906002)(93886004)(3660700001)(5660300001)(122556002)(189998001)(4001350100001)(7736002)(36756003)(3280700002)(230783001)(106356001)(110136002)(66066001)(97736004)(107886002)(10400500002)(87936001)(77096005)(450100001)(106116001)(2351001)(1730700003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1824; H:VI1PR03MB1822.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <A7A2775E39C25946979664EA9439DD00@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2016 12:47:54.1031 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1824
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ylj_oymRltjWauEfkqTvJO5sMwM>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2016 12:48:00 -0000

Hi everyone,

Now that the CFRG holiday season is over, the chairs are ready to come
back to the problem-ette of how to explain to readers of our post-quantum
IDs what confidence can be placed in them.

A few people (Stephen Farrell, Andreas Huelsing, Watson Ladd), have been
working offlist to wordsmith some text. The current proposal for inclusion
in draft-irtf-cfrg-xmss-hash-based-signatures-06.txt (but which also has
implications for other, future CFRG documents) can be found immediately
below:

General:

"All post-quantum algorithms documented by CFRG are today
considered ready for experimentation and further engineering
development (e.g. to establish the impact of performance and sizes
on IETF protocols). However, at the time of writing, we do not have
significant deployment experience with such algorithms.

Many of these algorithms come with specific restrictions, e.g.
change of classical interface or less cryptanalysis of proposed
parameters than established schemes. CFRG has consensus that all
documents describing post-quantum technologies include the above
paragraph and a clear additional warning about any specific restrictions,
especially as those might affect use or deployment of the specific scheme.
That guidance may be changed over time via document updates."


Addition for XMSS:

"CFRG consensus is that we are confident in the cryptographic security
of the signature schemes described in this document against
quantum computers, given the current state of the research
community's knowledge about quantum algorithms. Indeed, we are
confident that the security of a significant part of the Internet
could be made dependent on the signature schemes defined in this
document, if developers take care of the following.

In contrast to traditional signature schemes, the signature schemes
described in this document are stateful, meaning the secret key
changes over time. If a secret key state is used twice, no cryptographic
security guarantees remain. This is a new property that most
developers will not be familiar with and requires careful handling of
secret keys. Developers should not use the schemes described here
except in systems that prevent the reuse of secret key states."



Please send your comments about this text on-list.


Regards

Kenny
(for the chairs)