IETF Logo Mail Archive

Re: [COSE] [jose] Fwd: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt

tirumal reddy <kondtir@gmail.com> Wed, 06 March 2024 07:42 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BCCAC14CEED; Tue, 5 Mar 2024 23:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BCV3hNPtY0xv; Tue, 5 Mar 2024 23:42:10 -0800 (PST)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F327C14F736; Tue, 5 Mar 2024 23:42:05 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5668db0720fso1549578a12.0; Tue, 05 Mar 2024 23:42:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709710923; x=1710315723; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nhKv1fz6QL2lmXSL6myjPnjM2v2qurlZnYN/hQxg/as=; b=XyrUeoQbILzutJ4T16eF6bScw2M4IIBwwemMfSreRPvx9cZ4RGmO4G0J3/J2cM8eaY fpqQohNNmsP4Qx/4ZwhutGJlWMPkp+XxG9sOKYnaNfev9+UCosF0Yr7g/HsOGq7wdOsF 2vuQi6PkNJ0tzeago3eG5VrACbM74hnr+nSmcQJRj1u5n7AR9ltZ2I91Mh18b3noswoo C9IrXm/6t0+eibN897mRyGMpHTY7LufHle+42PErdhaMZNWb7KcabGdjq0VeEStYvCoC VIUhJ5YLP9TiT5AgkKtuleXh1bnt8pa3R8phRbA6sfgmBUvhqoPQRMWnpKkPvStissU1 29Ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709710923; x=1710315723; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nhKv1fz6QL2lmXSL6myjPnjM2v2qurlZnYN/hQxg/as=; b=Y1jtmvwfnJUhya/+uFc0mWHPdSgFEGqL9P7Jar64AUIPOOLqjpTF+xGJuxNSBAKLKV H8mdxHbf0c32C1B8vZBeTA9GE5R0QvO5+8bGaDGrFZs0WoRVGjOUgjAWPb9Z2fFRWslK cL4M3VNpGgKHPCU0EgisMWB7R6qNCUVgUrZCcY0UXFhsbn09sidXTKbHx61JRHLLO3x8 AdEDYg7Kg8AMgxXsEStGojiW8I4JQZGBDVA4QuLRmNe19pQDQZQuSUwWyVgY7wNTGbfU W30sglqs9ykPfrzK8Gk63GV7b0Uot6x8qOzYLuojPTCAWnLR1RKkyLQJeF5EyrNzPznu ZYzg==
X-Forwarded-Encrypted: i=1; AJvYcCUESw6QChd6q2Tf3WZ+zee99TZ0vK8+zPdlCGeLfVS7pR4i3zmmtT2J8m6KbKzJ80WNRCimuoO7KIrmJW5z
X-Gm-Message-State: AOJu0YyYT+RKvUmQ5wYNEF0SRhhKmMDbaEtpAKQfRX72biEcO8psCUcG x5lswHabPXoH182EuEZj+clc7100ZvPT9RlPIEhDrNWZtla2tHR1YGhtbatgQ7gJWILov0xw8W8 WaQhYAKMy3Yz96XxxSd/hI0ZyMOwbmj18ZkI=
X-Google-Smtp-Source: AGHT+IFRDye4mqe22RLfZyRMk6n11Lv0uDPmLX9UM/4sec1Rj414djV5zZ2ClLwgoTb9T2rA5+oytJBRAfZyZamrvrQ=
X-Received: by 2002:a50:d6c7:0:b0:567:db8c:4fe9 with SMTP id l7-20020a50d6c7000000b00567db8c4fe9mr1198537edj.0.1709710923220; Tue, 05 Mar 2024 23:42:03 -0800 (PST)
MIME-Version: 1.0
References: <170944215832.65165.15558599263256086018@ietfa.amsl.com> <CAFpG3gdGiw2wap8C1H+AOWvEn1ewSjmtBmghKKAvNBmXnDmoYg@mail.gmail.com> <Zec4yMywy_v5bnUj@LK-Perkele-VII2.locald>
In-Reply-To: <Zec4yMywy_v5bnUj@LK-Perkele-VII2.locald>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 06 Mar 2024 13:11:26 +0530
Message-ID: <CAFpG3gfJDgO-yuk9B1-zic4ajAfO0w9aTwyUi72TdX8qC5xzoA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: cose@ietf.org, jose@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003f4dab0612f91848"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/rAlRJ1VqOYY6_URpkNnRnVbTeLA>
Subject: Re: [COSE] [jose] Fwd: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 07:42:14 -0000

Hi Illari,

Thanks for the review. Please see inline

On Tue, 5 Mar 2024 at 20:53, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Tue, Mar 05, 2024 at 05:03:23PM +0530, tirumal reddy wrote:
> > We have published a new draft
> > https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.html,
> that
> > describes the conventions for using Post-Quantum Key Encapsulation
> > Mechanisms (PQ-KEMs) within JOSE and COSE.  Although this mechanism could
> > be used with any PQ-KEM, this document focuses on Module-Lattice-based
> Key
> > Encapsulation Mechanisms (ML-KEMs).
> >
> > Comments and Suggestions are welcome.
>
> I can't make heads or tails of how this is supposed to work. Whatever it
> is, it would certainly fail to be fully-specified. Moreover, I don't
> think it complies with JWE either.
>
> The way KEMs operate is extremely similar to how ECDH-ES works. So the
> way to add KEMs is to copy ECDH-ES (fully specified if needed) and make
> small modifications required for it to work.
>

I think you are proposing the following changes:

1) Direct key Agreement: The alg parameter will carry the full specified PQ
KEM with KDF and AEAD (e.g., PQ-MLKEM768-SHA3-384-AES256). No need to
define "PQ-Direct" in this mode.
2) Key Agreement with Key Wrapping: alg parameter will carry the full
specified PQ KEM with KDF and AEAD key wrap (e.g.,
PQ-MLKEM768-SHA3-384-AES256KW). The "enc" parameter will be used as usual
to carry AEAD to encrypt the content.


>
> The two main modifications compared to ECDH-ES are:
>
> 1) The shared secret is generated by encapsulation/decapsulation instead
>    of ECDH operation.
> 2) New header parameter for KEM ciphertext, as it is octet string and
>    not a key.
>

Yes, it is possible to introduce a new header parameter to carry the KEM
ciphertext.

Cheers,
-Tiru


>
> The usual KDF structuctures of COSE/JOSE could be reused as-is. However,
> for COSE, if HPKE ends up binding alg from one layer higher, then it
> would make sense to do that here too (and if doing fully-specified
> ECDH-ES, there too).
>
>
> > ---------- Forwarded message ---------
> > From: <internet-drafts@ietf.org>
> > Date: Sun, 3 Mar 2024 at 10:32
> > Subject: New Version Notification for
> draft-reddy-cose-jose-pqc-kem-00.txt
> > To: Tirumaleswar Reddy.K <kondtir@gmail.com>, Aritra Banerjee <
> > aritra.banerjee@nokia.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net
> >,
> > Hannes Tschofenig <hannes.tschofenig@gmx.net>
> >
> >
> > A new version of Internet-Draft draft-reddy-cose-jose-pqc-kem-00.txt has
> > been
> > successfully submitted by Tirumaleswar Reddy and posted to the
> > IETF repository.
> >
> > Name:     draft-reddy-cose-jose-pqc-kem
> > Revision: 00
> > Title:    Post-Quantum Key Encapsulation Mechanisms (PQ KEMs) for JOSE
> and
> > COSE
>
>
>
>
> -Ilari
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
>

v2.23.0 | Report a Bug | By Email