IETF Logo Mail Archive

[CFRG] How will Kyber be added to HPKE (9180)?

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 24 November 2022 14:49 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA223C14F734 for <cfrg@ietfa.amsl.com>; Thu, 24 Nov 2022 06:49:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5Z7hCi-0KUF for <cfrg@ietfa.amsl.com>; Thu, 24 Nov 2022 06:49:40 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA287C14F5E1 for <cfrg@irtf.org>; Thu, 24 Nov 2022 06:49:39 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2AOCIQa1026162; Thu, 24 Nov 2022 08:49:37 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=mail1; bh=2xKQXno1EBdXEK8y9S0woEmGsZjjBLmxoznWWIkYAcc=; b=gRtWnSOIuH/CIbww4neKSXw8InRjiW4Piv3yLQdP9Tn+Ig7yG7MIgsG8Mq3NmdiqNcHu IXaeI0AlauTUtNUmPooEUCmy/1TZjRLrBxsVVIivWDYZaD+wvFf9bbS4F2bfQPL6/VAb MdmfeCEDwGWbnwTf+P7ktizKGj7eNUcmz7EW5xuzGKwBGsMxxwMKCutiIOVYVGD6n47w wIVzXwUmOVT8S+v+lzjOnGQ07oMbYHkG3EFekbM1QdDTXXp65lK8BS6BqxGBqt2feFJs G8pMFR5V4sjmcui736ENznyPXMvDQVcyyPwmdtsMutn1kYycQQtDkte2897YNxA8ZPTz Fg==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3kxu0tu6bt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 24 Nov 2022 08:49:37 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kCdRvIarAtljP5HFhvKGnpYYgo+y5cbeXl3p3uZ9mtDXoxS0ZtmjozJA1gQmKep5iSmdCkiiiymTG5HHtVJnEb18pJy5ZrrNl+b78RO9U7lWD22D3Ny5EPM+WBEPg4YHLqCNGUMWs/0noDNuT86lI6PBszcVdtVCbQoMhwcR7cNI2cEak+84ewIxNvR0GC7+h3kzOc7ylu1vCiNee/het1KjOAlz/WGtYXT3zLtzYVgEY7PsP+Ho6Fuwo3khohhV12t4kL5CGt8pC5nqxtEVtvuarp/nr2L990oFDwb+f+r3CaY7p+GbK2Ft2opoND2P3LVVWpz+Q67Qv3rhFmSeOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2xKQXno1EBdXEK8y9S0woEmGsZjjBLmxoznWWIkYAcc=; b=j2EEtFva54H6itT/+IVjaS8cpIbUBu++TzrZfNj3Q1G1szSkmevrL39IxAwYdiemNpi7TkJNhJRPlavvbB+xSoi/mO3WSEbX6gsAn4njNPSSZrkwB1EIKUm8z/k9bivlbKTUW6OFIhMiIEbEmkHwKOaz8pbFQPzm2JSmLdm6eXkMmALIGfCbV7VFWQZ8IJaSXiq4mo9DdPlkkm2DIqxcLOK84wg586uxYeGUKnEgyBWx64Fcr9tO9kjrBBCZrfkrDuKe4bEGRQUdtixs4HGXVyOtufuI1bppctVZzzHmO+jv8d05UdU+7pOZWt8hV1JubveZ/Da6AzKUPXo2yE/0ew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by MW4PR11MB6909.namprd11.prod.outlook.com (2603:10b6:303:224::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.15; Thu, 24 Nov 2022 14:49:33 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::a95:6d:ab71:f8e1]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::a95:6d:ab71:f8e1%9]) with mapi id 15.20.5857.019; Thu, 24 Nov 2022 14:49:33 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
CC: John Gray <John.Gray@entrust.com>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>, "hans.aschauer@siemens.com" <hans.aschauer@siemens.com>, David von Oheimb <david.von.oheimb@siemens.com>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>
Thread-Topic: How will Kyber be added to HPKE (9180)?
Thread-Index: AdkAEPxtXXF6fq1ySd2H7QCIyE8HRA==
Date: Thu, 24 Nov 2022 14:49:33 +0000
Message-ID: <CH0PR11MB57392DCA742E5F9D3D30EF6F9F0F9@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|MW4PR11MB6909:EE_
x-ms-office365-filtering-correlation-id: b24f8704-098f-40c3-d1b5-08dace2b19ce
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jGpEdNWG++EUi+ZKoCcVgNtbL680BPhxIuojZAaT5NsGM2jLNAnUiC7zhbj/YFJfZYQVdcKf+dbVT0DCOlI37MIMUSGwt8q8s7/QO6MUPTfpSH9EKPYb/1LxmcNlDW+Vfur9TqjBXOZ/8dsQp5CxJIDtLXbgrqSCKajB3qOWMgRF7yac1zIxlZM6hJTobKVLQTVzTM5tpKc7LicJgw/XttXo+LgrLjHsFlduWe6Z/kWBmWUoxck70Wfrg/3lcrIsO0YP3Lg8HNVdCmElEAoaraDqXvyVAqpqNeBol3NXJfaqVAfiGcSkeK3+IBjDE3xBkt64jd9W3BlsMoqXg7YApX77rJTNxoFuwMHyQYCd5rZWGu+cdYeUsp3oNlu7sP/ws7FFSx5pgTW0wDdsh4IspciSooTmm5Kjc+bu3rA9ItpR7yvqgXRNmsiNjQwhx2AbqRf+0kMXaAUmJNgXEAPa0HRAZaXZuAhWQk7iLTYPG6LyRsSq/Xvp/SR/ZKymJNQCOr40erMnyuEEFPjxgoNLxdXnJii+kLQOXDRgySqVVbpeGcLOzvFVewmFRxa+GZoXpTFeT0GLD5QswTkcSp7FO+khOW8jTYe2G26gpH5jHZcODfVuJpSiFMKYLm8gAH0PE4EI8pq4Klut54gfB3zmDSiXvVS8nDmHrrIRT87Ulc2ihrJNYkQr2F7oJ1Z0k7dIQK6PQbPWHO8XOLDOITcmnXFBoxVH0MIj+hxMmZQ5Vcw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(396003)(376002)(39860400002)(346002)(136003)(366004)(451199015)(71200400001)(66446008)(66556008)(6916009)(478600001)(966005)(38070700005)(316002)(64756008)(4326008)(41300700001)(8676002)(66946007)(122000001)(186003)(8936002)(9686003)(26005)(52536014)(7696005)(5660300002)(6506007)(38100700002)(54906003)(76116006)(66476007)(2906002)(86362001)(166002)(33656002)(83380400001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hgtospjqWmaF/IfSfBJNZBdt7tx1pahjOqiIH3Z7FJirMINcQqBcpL8977dfbsH+Q//ePJPF1ssUC5fwfkZYdINn+air2YlwMmuYYKi2SUYIBKh7PTq1D1QP6PQC+hG3N7tpgE/ITgPZqzESN1MDr4VBKcWQqkWmhhlpMM59YJpYmx3w+t2x4yBYJvdHX/k3V3EUdqHqxUveJq5pzL9pu+OiovSf6OUh8N8Quxgnlh+jogVg57EKd2PFjz3WlvQ6YZSVtdqDBXDHb6OuykrIJB8YWipdaGKtV7oKixzC+TDB/2BshhElj4xd/SBIfMO47OMQiQZgCUHYaUATi3qfIZVeie+qh2rPjn+UFPk9A9uHLaRXZdQPx30+zUTKwgnbg6xBatPLbBRgZaH+K6bFbaqZYf/v5sdcXqlRQCEWa79tqMTvFtFNwa0IK1I2mgfZpLor8MMYOocv+GOnXpcivp7DwsXMa92+45ns+fAhuUXixDyB+GbbmVxbcb/+UmIEevQcdE1Oizz1CInHiRvLeY3eYogoO1xO86B+aToaav9bi/cCMWto7V6+Z+i702N7X+k/dWjZGXxBPlrJM20Mzl8eioRIyfqTyvWTGg06WsYf1vrGV6yfHoE246+DrvYHUHdaRPQADJnOT4Ctg5Zfzf/hsPcnNU2ztxFYI7NvVUHZKUkN8es3o8tqaitXuM1RRFXQlnlspxCrfx6hJsHdD8v4nkwy3v3KtjDdnVnwhTiVquLDJUDmCCh/NLwq+R6fi7B6rieel5f+ezyu34ZVW1AADjsXQPxkeTYWKWD/w0nUdoft94ZAMM88TFCXU+JcT7g/i78O+asRlOWEq5WDin4GCwCl482p7SUxCiMOBheOdfG8Q+8Uj1jM3xfDenSjpVpdMODu7WLTvz+i0wXeJTXk2OkmdiE8G1nBN55Tjo6zzsLhFYpZv41PoI6TuSyfcE+gam4QCkpwqKC9qK/TtOJOFstyRmgah3jr9MLwxClRYdaBVu8pzedqHjljQ4zqM8cG7FG50R26R38rqGEW8Vdy0HYnaIYUai8QwxSY4JL3q+vvHBocHECn1wLOWa35AGsB1OpEtTaXAgZgpp4pb1aVTmNckjrzGc3jm7YQAadW/ZPjNDKEWQn5WEh2AUhYFnAKCYFzTNyMnKZQFtEuuTHmfMFjMmhMgCwItk19P/YpwkICWtItiXuE9UA7OW0XLqBz7pSYJbWMkaN1h/7gvpz5pI75JTksfIYt2kGtGy0BkOT9ryexlKcrRUgyYlVjfnRzA1P1v+636fbCxnjw2/EFBlWmMsD3ggtFVa58B2Qj8vCsxXiuPGz52XiL81hbb0YHq3Ptcm/kf+Du4fzvt3gfkUarByuJ5VlwVh3A7DSCvgdW/9XJHl0ipxZBtA4VfY9u33Fam4+eXULDGiLffNWVo+QitLBeRwI+x3mnSwmVflQSk6yJ3NUKVTJLZbR+oSU2zck4/4fOHapaBnxqC0/GGlqzcFPss8LHCJp332PQgyDpT2PQ1v/WeURhNSJeT+6gegrO2Y1gyVsvlnFBGE7CIBHHz/cTtTYkpW9slzl5BYQ5ug2ECiy9Bl0j5PTl
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB57392DCA742E5F9D3D30EF6F9F0F9CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b24f8704-098f-40c3-d1b5-08dace2b19ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2022 14:49:33.7934 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YTY+uggyaM1xOYnHg6uzC1Y3R2ICp/hTj3SKAho8ANIP1TagdJYahd7WTtLO6Bk6btVBBTNHzCuUiYgTcCVyfFmYZCgwYZCHaXcg6dAisWk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB6909
X-Proofpoint-GUID: 1o3B-F2x6uy5tEq34UIMsh7oDBXpUKOt
X-Proofpoint-ORIG-GUID: 1o3B-F2x6uy5tEq34UIMsh7oDBXpUKOt
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-24_11,2022-11-24_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_spam policy=outbound score=57 bulkscore=0 mlxscore=57 adultscore=0 spamscore=57 impostorscore=0 malwarescore=0 mlxlogscore=-12 phishscore=0 suspectscore=0 clxscore=1011 priorityscore=1501 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211240112
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zTnaLhO5N7ipvPyJ8lmV7Iic9RU>
Subject: [CFRG] How will Kyber be added to HPKE (9180)?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 14:49:45 -0000

Hi CFRG!

Background: we are working to add KEM support to Certificate Management Protocol v3 (CMPv3) (draft-ietf-lamps-cmp-updates, which will eventually be 4210bis). We are planning to accomplish this by supporting HPKE (RFC 9180) as a new message protection mechanism in CMPv3 and hoping that we can inherit Kyber more-or-less for free once HPKE supports it.

Question "how": How will Kyber be added to HPKE? I assume there will be an equivalent to section 4.1 that defines KyberKEM with its own Encap(pkR), Decap(enc, skR), AuthEncap(pkR, skS), and AuthDecap(enc, skR, pkS) - ie the same interfaces as for DHKEM (4.1), but making use of Kyber internally? The Kyber2018 paper [1] figure 3 defines an authenticated Kyber exchange that looks like it should easily fit into the existing HPKE APIs. In other words, will supporting 9180 now with abstractions around those 4 functions allow for easy drop-in of Kyber later?

Question "when": is there already a draft in the pipeline for adoption? When do you expect RFC publication? Presumably not before NIST final Kyber spec?



[1]: https://ieeexplore.ieee.org/abstract/document/8406610

---
Mike Ounsworth
Software Security Architect, Entrust

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email