IETF Logo Mail Archive

[MLS] AES key sizes in MLS PQ cipher suites

Ben S3 <ben.s3@ncsc.gov.uk> Mon, 03 November 2025 20:17 UTC

Return-Path: <ben.s3@ncsc.gov.uk>
X-Original-To: mls@mail2.ietf.org
Delivered-To: mls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9B6FC81D914F for <mls@mail2.ietf.org>; Mon, 3 Nov 2025 12:17:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.79
X-Spam-Level:
X-Spam-Status: No, score=-2.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.692, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bz5t6TMtctxZ for <mls@mail2.ietf.org>; Mon, 3 Nov 2025 12:17:18 -0800 (PST)
Received: from CWXP265CU009.outbound.protection.outlook.com (mail-ukwestazon11011003.outbound.protection.outlook.com [52.101.100.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D3E5881D9148 for <mls@ietf.org>; Mon, 3 Nov 2025 12:17:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xPQ8X1rU8PbwId2oDrk8CnHfd5QXHMgzXK/QzmJiKWdJtzxOkfbvInOeVVTSKAaGxOTXHPIS8/wFYrLJ79hCWXJyuj1YgL9cu/mUArbkPqOUyemKrSD5jn3zk0NDVHP9chxmoyzDhv3bxckC6qcuVKNckrgM21VY+ABb0yRTibrN+3oTaDS76liozgkuT2LeCK9TT85PKzW+UDqCfWDd0JDuHpqrJP1IV/R3K1ukUlJdqwic/x/o7Um/ved/c4cNmp30DRxiToz+FpPwih2qamt7kBVlb2I4K6+h2L6pBcqA+u/OJCT3rCdOQhJ97IVGld0yN+KTBrXKbY8Km6ekLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JfjFDkfxsGVBHzG09fDT6totdu5RfvmY0VQpxiIbQIk=; b=UFbIv6Sv4kthlkHX8oLsQCC4z66vWgIUOiWJ6jaJVm31UAVgJ2NLGI8raZUNU0dSH1B2g5m02RIl8QrhBNa6/Ruv1tudmS/wb9+bNpclb2/9oW37GWiiVbLfLHi+lMO5qvHI4oncNnHVXrSt9R6HPsLtR9H9ocle/uXow20oghFClE2SEjhcGizrULdk2RgayCAFS5FyoogTUab//1TcwEVtKsxvw1onN+MSTVrZPrzZm275HZsCZsENftC8X+PK6YiXsdfFpOdt5WsWwIMAsvJRLunhc+RGLmw/vMs0o05ayRkQD+T7/YMmZpKANleDioQn05whkzcZoQi6jH/wCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JfjFDkfxsGVBHzG09fDT6totdu5RfvmY0VQpxiIbQIk=; b=vE3lw+XVepWWSCsRQGOoSCkTjC9mYyTxjUQe+ZVRxyNyF7KIj8LFgu1aAmfWCWQRTzmHreWa0wnssOVblHnup1MWiU9+9bkJZEYSq6hzPdU+N6TRiFUcintXrhkgoOOhGCo/rLXobepEBDGoFliY1bDJrxU+/DZcykUrnyEXJoVf4ZGpQvBJT8I/ixS8vJ7ik1QKMU6W1g8RMzmQAN7VJ3y5c5rPiP8JkQBKBqoZrqW19TbhMVu7zu9mHXCn9MbpY+qrPXYHAz3ZTFr3VawMyB/Dtp8pz9+ZbNevWkTFWNlL7CYTTkbEF3kY1Z4i5fDqDb5acA34GZsGBXJNrHrmlw==
Received: from CWLP123MB3410.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:73::10) by LO2P123MB3599.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:12c::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Mon, 3 Nov 2025 20:17:09 +0000
Received: from CWLP123MB3410.GBRP123.PROD.OUTLOOK.COM ([fe80::5907:cbdc:766b:c1b0]) by CWLP123MB3410.GBRP123.PROD.OUTLOOK.COM ([fe80::5907:cbdc:766b:c1b0%5]) with mapi id 15.20.9275.015; Mon, 3 Nov 2025 20:17:08 +0000
From: Ben S3 <ben.s3@ncsc.gov.uk>
To: "mls@ietf.org" <mls@ietf.org>
Thread-Topic: AES key sizes in MLS PQ cipher suites
Thread-Index: AdxM/qjagE2M+PvkSFSgHPW3uC79kA==
Date: Mon, 03 Nov 2025 20:17:08 +0000
Message-ID: <CWLP123MB34109D5119A6B693D12466B880C7A@CWLP123MB3410.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_d51697e2-b69a-493f-9635-378990918eab_Enabled=True;MSIP_Label_d51697e2-b69a-493f-9635-378990918eab_SiteId=14aa5744-ece1-474e-a2d7-34f46dda64a1;MSIP_Label_d51697e2-b69a-493f-9635-378990918eab_SetDate=2025-11-03T19:49:01.0000000Z;MSIP_Label_d51697e2-b69a-493f-9635-378990918eab_Name=OFFICIAL (No Handling Instructions);MSIP_Label_d51697e2-b69a-493f-9635-378990918eab_ContentBits=3;MSIP_Label_d51697e2-b69a-493f-9635-378990918eab_Method=Standard
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CWLP123MB3410:EE_|LO2P123MB3599:EE_
x-ms-office365-filtering-correlation-id: 2a1ac045-f602-4185-b543-08de1b15f722
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|19092799006|42112799006|376014|1800799024|366016|38070700021|13003099007|8096899003;
x-microsoft-antispam-message-info: e/AZgKgmRynWVJLJihCYeAgLA56CbJP/j9jUFh8Ot/7f7Tdde+pdsu5q+p2FQgVKkfp3kfG9HJmupOV6JN2vWkOVxW2cwF7qS63VIMUfGer/wsemubw+4DTsHcnwUNXjbBE+WpxlBDIwxmCfS4C2pfumEu3KsVx8IzD3bZ+UwzcPFvVXc9RB7vYRAqmz41zbDWknoiucIOnwyXPGahsKrJ2+tm3BosTqL7N+GtUt0mxP1lHP/cJ7ZjVhQPl9rNYlkUIAQJUis+hbsTN5xmEhT208RxXR3pc6g32nP6tcPi7hhq2RBjP1KRiO0B5ccngKTt4lob3VumnR6L2Otw7aUkAm8x0RdB8LmG21Z/ml7/LrdKTwYtI/gcDEoLCZYniOegUw+vem6Q26qyWclrdDpoj8/9kFgP5V03tzan7lnWPxMaZLgGuNDaUF1DGYH0YRCN7VsZrQRyY6AUHGv4ST+iYVv2wAsUHcIckeuUbt5Rk6bYONg81/I/KwAnOY/Z/yuMJhAcoCPkJjhzTChDtQDIUttHWVBYdzF8V4JnjwXWu9vbmEmkcLbzWNCgSPo/mhlgS4nDD868L147iFVrX0BA2gmWCzEUVvPVUaARnxhdNfNuVv5ptVI6RrJE4cqb9aCO3dN3kMSgfYuEdMgsmFhuG3QR/djVgAZuOS/biqxjKOLlo6XjFFeZOy5lIt8MaPXp8Qlj9Em4mjlb1fgBD8c3g5GeEESiynVX06ntHSINhDpLop237xF+xiC5zM3Vio19bBxSdoL4h6KFOWdUNeV4ww60lQezClF5ExE2yfmtpj4M6lSW9hiVT8eIpWbsbwJe3W5gyHXkZMFbuBZ1i2ePft681aadVw2AuJUw0fHcHXaPJkb0tSp5aKTLpHDzCDKG6w2e7sdX3TbGvKal2fnR/ZXM6dJsHw07DMcTPCae5F2htxS90OTGo1pwOCAd13ZtnQE8tqfWWyrQ+pA39oKJzqqhoJKuS+ZsNEmiOcF9klVM8q20eIamoDyTnlRs0lDRPuHHDq4KltHl6GA1S3V8EwkiVc23lV/DZmBKC56dDUporqF1oErVHfXnrjgVZao/p20tIvcwv9VNG3+KV2cD3cbjFEa6BypHgmDGiNx7kRREI20YalyGGBg2erv3wtFoVVKWjXvtWAYpu8iCwR0IiPvGyIY68kFSHJv7C3E/8y3oN47zGSYU7Fox2i+oj3T4qYInVpFUsRF8/VA3h72NqCXr/ScnvyNJxOLJQyNlCRxXFuiUetQ/RfhgewmsKqA8/kXnNjwRhiiblFtK2G3uIlEmSHM0u1XjxPCYk7VHUN7mu63I6/lvqmQDJHzoqRn/llhjVmEbi+2RnfHYyi165irB4u4+Hy/yJOxzJDvKJ6MEzjK6CSSdvNKvkStXh4JyOCmJaeL0/jUHY+RL88v3yw/6LITDi1WgAq+C/1yyWylLVAbDFuasOqraN/3iqhVdrdf1ik4ji7StsrvQaKXw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CWLP123MB3410.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(19092799006)(42112799006)(376014)(1800799024)(366016)(38070700021)(13003099007)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: c0DoCL9y2quLZfUje3NkRaZVsEtrcmRSBAL7Mp2fjJznjJXEdR0xRMtmlOVykkEyGcxOeAJunjd6YsgWJCSdZhkQYL+bryeRGFMXvl/bgfjvw7eXZizCAsqWxlPAViz5C4TmyzrkCVfnumnDXCfdsGgAktSYi427TCC5HzjMJyCsTDFYALLUmmaClvYj35Cb9NGlqEekD2rUdq57EEbL/7E2BUrgGRl3lMaNHcXIg6y4jZ07C1MWTDH/GT3sDMO+qY+TtWFstXzz8svPzDBApdoHZmLZjTkPD9NUuAlSVTJETx6mfZ2rveoPupH/4Yp1St/PyPhQPhn807l0hJXnxT+q39q+VzDon6fcltr8Cvo1lPz0zIKjmtZvWsfz55h1asx7BZ0YBB7r4yQCqOUylkgwWIL6f9/vz6ueywhLwzRaO0Ji+s7f5zS4VLFNLdfHGA4khS1C7AOiTUJrhbeM3LjJQXK2XBLbIx+t9HmOFQwISXH6+Bt9xLsHTEXiZbPTn0EoIdMAER4zH2EUVYfB1zJZTKvbTDBytY10bNu4sNJ3mbIiX5gYURMDM8sDkRaaUVUvM3j0J1usFcYFuS4vzyLsk56aKtc97rcNOJ8awO1fb3eB9CLAMNpl6lHGQD7OjpDoFOo/XdEyzBCoKa3C+oFyjr+TRngt5foiPUEIkZejaw+CPutNpkQQqFWMcPXWb9GL3wKNn9yG79IVH+d1vZ34qPjj/oLP2LZMMLrwYWxigLbkkmKodrZqz7m9Ksiq5SBzdfG1SOIWREBQioVRG2dNmO/NVlJhh+Wt6BmojWYf0o/SPVCYXA3/1glbqqqelVRgOTDqPUV+Asw4TT6iX9Zcn1zmFjXJNslbyEU40XRbPJZwe3eWizolCEeI9xFWfrlOkLppLYkMsdwHiSLYP4gmZh19X5wdroyeGP8wdGzXKwfz1xjd5LZrpZFHtK4oVfIODezBCQjmYK+VtqnMtCikMICVdHdkcUeyPsKHm9OfVtz/5LqC7+IHMQoDn1OIaMMv7Tk/8EuUVb3EancEJlE+FPuxYEkjHxhhJkUqjFkFUJc025ihMQbRzcfVGhWaAZo/rjC15Hv6BzsYT8ZQBlqKQU2OhvOqeZECXuFmDmnBtgypLlbbg4bz+a0h2dLP59kTg9CvNRDRZl8B4sTiw16nfJLhzXt+KY2caYSqWOx4Lj/RRCTnYXvrjxkoXwFG2caWrpKuNLQZ1KbL8MnPU+2lDeas0rnrFCFkLlo52cwII+8Lqgs0dBOQ49FrxfcTwfISGj6+jE680Yud5FbFqHA57sWrFRGDyQaMBgCdY1SEa0JeJtEgM36Z0mdMXaO4RfRLwDoS/ex2LNMqaQSxoGG95wchDq5WpxPu1ILGv5iymMEmOM0VMVjrmsR54O8qIoZGbJJOPUot2rqfiGUM8UG2kya3rMDBJo2/yUXdmsv0bxXY4bOaeIq7JfonIDX0wSg/CBIUABiBOOtcPsBleO8wK8gV01xV2TD3YOB0CuIXjkeOyOugGKGkv+2qCP9dP926VDKDuw3aouFxL2u72IWFrcj8Idpl7lIbrrZB96Y=
Content-Type: multipart/alternative; boundary="_000_CWLP123MB34109D5119A6B693D12466B880C7ACWLP123MB3410GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CWLP123MB3410.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2a1ac045-f602-4185-b543-08de1b15f722
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2025 20:17:08.7536 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hsjRG4oCkvpvHfBPn00e1QvDIR/k+mzb9e3EL9p1kpvxWpGrwJhtxdgbfHwu3BMUNfsNjPbu0a0ocyxjYgakAA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P123MB3599
Message-ID-Hash: 3ES2N33OIB3MF6WHLM4BPX56IOEU2PRZ
X-Message-ID-Hash: 3ES2N33OIB3MF6WHLM4BPX56IOEU2PRZ
X-MailFrom: ben.s3@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [MLS] AES key sizes in MLS PQ cipher suites
List-Id: Messaging Layer Security <mls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/m4boK42mT_TZOY9_pqdU07cEhiA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Owner: <mailto:mls-owner@ietf.org>
List-Post: <mailto:mls@ietf.org>
List-Subscribe: <mailto:mls-join@ietf.org>
List-Unsubscribe: <mailto:mls-leave@ietf.org>

OFFICIAL

Hi MLS,

As mentioned in the Zulip chat in the IETF 124 MLS meeting, I'd just like to check in with the logic behind using AES-256 in all PQ cipher suites.

If it's to hedge against Grover's algorithm, I'll note that a quantitative analysis shows very limited cryptanalytic benefit from using Grover's on AES - it certainly doesn't halve the security as is popularly claimed. ETSI TR 103 967 [1] provides a more thorough analysis of the actual costs and demonstrates AES-128 remains secure in the face of a CRQC. Sam Jacques has also recently presented on this topic at CHES 2024 [2, slide 30].

Best,
Ben

[1]: https://www.etsi.org/deliver/etsi_tr/103900_103999/103967/01.01.01_60/tr_103967v010101p.pdf
[2]: https://ches.iacr.org/2024/Jaques_CHES_2024.pdf


OFFICIAL

v2.34.0 | Report a Bug | By Email | System Status