Re: [MLS] MLS Compatibility with PQC
Richard Barnes <rlb@ipv.sx> Fri, 22 February 2019 23:16 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 034D9128BCC for <mls@ietfa.amsl.com>; Fri, 22 Feb 2019 15:16:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IFa3hISQImlh for <mls@ietfa.amsl.com>; Fri, 22 Feb 2019 15:16:04 -0800 (PST)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EC3D126C15 for <mls@ietf.org>; Fri, 22 Feb 2019 15:16:04 -0800 (PST)
Received: by mail-ot1-x32b.google.com with SMTP id t7so3299796otk.8 for <mls@ietf.org>; Fri, 22 Feb 2019 15:16:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YC8cVuuM9ujQpbj8niDhdCZ8eUzRkfgOAq+hAOo/TGU=; b=FmwN/AfKwy12fQeKvWlgj+N3cji9S1HsEOyiAUnw+aggmzFyFroO33AA6XzSuqc3gq EVX7L3PNs1fCMz9fLhWdmbEo0QgyyU+76npQQV3TRF/zjT9tS5xduV/e8owGDhZ3YBZw ri1DFFmh98fVCl3KrpGpPBRZfP0C49ZRSOeuP7wqLF3qxLXpcx7y99fD0Bfp2KA57gr3 ow3iOvuiJYGddyJBZUMMuqKWuKFG9xBx9Lh+me5mOmcpDeN7AMi8Zho7uPZnSdhp8/TA I5x+1M14pep1IBRxCKPKgOJBrV8H+K1435TOX7ze2aThBnLr3XNDamlSK7h2RCoghpbo M4nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YC8cVuuM9ujQpbj8niDhdCZ8eUzRkfgOAq+hAOo/TGU=; b=fGx6GzPsgEwY/FxwV3U6VqLy3KrFNjFM9B1m/TPYFTahPE0C+ShTefCYY8NEDAGpDH Y+Z30Cs31L4SuWzCT3RKz+a8prXFlSlo/v+baEqQeGW8FUfMlDdffdTWt/8A+1rTI4+4 YI9WzM13JpDbUE/OypkiLL+NaJ5x3cihY/fHqo4bFxVit8I0wFSWe3Me95IAnXRu2TI0 WfMmwZYwEouywPe+ZMlYHv3IHQCbrdZ0skR7tjgLvrHntq/JiGaqkSpniXBPEDCrCM4W 1d+r+vhzpZI3tnO2iQ3OiU/r5fG6pZdoK18hbOWkDL1n1vubNjh9E7nUlqkGv469CKb1 cirA==
X-Gm-Message-State: AHQUAub024m8R4a1RD5epvLECV/MABCared2KqSO/ZFJphUkmB/4iRwu cBnBl6gkZjZceflHE21upPhr45G9SyM+K0y3MR8GoA==
X-Google-Smtp-Source: AHgI3IYh2oPclLDaDR8cQJkd4I4XAspLb+mRAo3ppxmWDwiBavx5faKWBKWgVNSaKGanmJ6x2TbY6xi18nT5GIN2PV8=
X-Received: by 2002:a9d:6a09:: with SMTP id g9mr4385423otn.162.1550877362698; Fri, 22 Feb 2019 15:16:02 -0800 (PST)
MIME-Version: 1.0
References: <40c09894a54d4d319539185d5372ce73@darkmatter.ae>
In-Reply-To: <40c09894a54d4d319539185d5372ce73@darkmatter.ae>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 22 Feb 2019 18:15:48 -0500
Message-ID: <CAL02cgRHePtGnMx8P5=X0fFowF6--oRY6-3ivRmyoLY7+9C50w@mail.gmail.com>
To: Alexander Sherkin <Alexander.Sherkin@darkmatter.ae>
Cc: "mls@ietf.org" <mls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004b503c058283c6a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/NDVrJhs1-t2ZKxBU47wBCxOHL7I>
Subject: Re: [MLS] MLS Compatibility with PQC
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 23:16:08 -0000
Hi Alex, Karthik and I have been working on a hybrid PKE primitive in CFRG, with the idea that it could be re-used in MLS: https://tools.ietf.org/html/draft-barnes-cfrg-hpke-00 In the CFRG discussion of that draft, several folks suggested that we adapt it to accommodate a general KEM. I have a draft-01 of that in the works that does that. So there is something of a plan here! Another thing that some folks have observed is that the length fields for public keys are two octets long. Would the keys for the schemes you're interested in overflow those fields? Thanks, --Richard On Fri, Feb 22, 2019 at 3:16 PM Alexander Sherkin < Alexander.Sherkin@darkmatter.ae> wrote: > Hello, > > The current protocol draft specifically relies on Diffie-Hellman crypto > primitive. This makes perfect sense when classic crypto is used, but may be > a limitation when post-quantum crypto (PQC) is required. > > If we assume that powerful enough quantum computers will become a reality > in the next 10-15 years, any data protected with classic crypto we exchange > today will be decryptable by a third party in 10-15 years. Hence, using > classic crypto for new systems may not be a good idea. > > At the same time, it seems that the protocol is well positioned to rely on > KEM crypto primitive. Relying on KEM instead of DH allows for a wider range > of options including PQC primitives such as New Hope and Crystals Kyber > making the protocol PQC-ready at least from the confidentiality perspective. > > To make it more general, KEM primitive may be defined as (C, s) = > KEM-Encapsulate(PublicKey) and s = KEM-Decapsulate(PrivateKey, C). > > Thoughts? > > Thank you. > Alex. > > > > Alexander Sherkin | Software Architect > Tel: | Mob: +1 416 414 7117 > Alexander.Sherkin@darkmatter.ae > > The information transmitted, including attachments, is intended only for > the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon > this information by persons or entities other than the intended recipient > is prohibited. If you received this in error, please contact the sender and > destroy any copies of this information. > > > > > > > > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls >
- [MLS] MLS Compatibility with PQC Alexander Sherkin
- Re: [MLS] MLS Compatibility with PQC Richard Barnes
- Re: [MLS] MLS Compatibility with PQC Alexander Sherkin