IETF Logo Mail Archive

[MLS] MLS Compatibility with PQC

Alexander Sherkin <Alexander.Sherkin@darkmatter.ae> Fri, 22 February 2019 20:16 UTC

Return-Path: <prvs=949491b35=Alexander.Sherkin@darkmatter.ae>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84A731277D2 for <mls@ietfa.amsl.com>; Fri, 22 Feb 2019 12:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Zkldifew4vc for <mls@ietfa.amsl.com>; Fri, 22 Feb 2019 12:16:51 -0800 (PST)
Received: from smtpext4.darkmatter.ae (smtpext4.darkmatter.ae [185.180.84.5]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6FC6130E66 for <mls@ietf.org>; Fri, 22 Feb 2019 12:16:49 -0800 (PST)
IronPort-PHdr: 9a23:ZtsvfBfVVDU4s8P6ckZUTjsxlGMj4u6mDksu8pMizoh2WeGdxcS/ZR7h7PlgxGXEQZ/co6odzbaO4+a4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahYr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM38H/ZhNFsjKxVoxyhphNwzJLbboyOKPpxZaHdcc8GSWZdXMtcUTFKDIOmb4sICuoMJfpVr43jqFoBtxS+AxSjC/31yjRVm3H23bM10/4iEQHH2gwrAtUDvWjQrNrrO6YdS+a1w7TWwjXZdf9YxDf955bSchAioPGMW6l9ftfLxkk1FAPFi0+fqZD5PzyLzOQBqXKU4PR5WO+plmUpqBlxryCyysswkIXFmJwZx1/e+Slk2oo4IcG0RFZmbdK4CpdcqT+WOoRsTs4gTGxkoiI3xqEetZ61YicHy4gryhvaZvCZb4eI7AzsWeOeLDhkmn5ldreyihew/EWvzuDxU9W73VdUoiZblNTHq2oD2AbJ6sedT/tw5kKh2TGS2A/N8uxEOkU0lbbDK54m374wioIfsUTdES/yn0X7lKyWeVsk++iz8ujofLrnpoOCO4Nulw7xKL4ums+6AesiLggOQ3aU+f6m2LL540L1WLRKjvsonanFqJ3WONgXqrSnDwNL3Ysv8QuzAy2i3dgEhXUHKUhKeBODj4jnIVHOJ/X4AO+jjlSojjhqyOrJPrv8DZrTNHjPiqrvfbZj5E5GywozzNZf6olJBb4bOvLzWUrxu8bEDh8lLQO02fzrB89j2Y8GQ2KAHreZML/OsV+P/u8vJu2MZJQOtTb8Nfcl+/DugWU+mV8Hcqn6lacQPTq9Gu9OIkiFbzzrmNhLWTMPuhEWTeH2hhuFSzEFNFioWKdpzzU2GIugAYrZDrutjaaC3SHzSrRSa3BPDFyBCzHTd4ieWPYKQC6bOMxkmyAYWKLnQoJ3hkLmjxPz17cydrmcwSYfr5+2jNU=
X-IPAS-Result: A2lbAABgWHBc/1oB4AphAx0BAQUBBwUBgVIHAQsBgVSCQAqDfZlGDJRNgXsMAROBZIJwAwIZhAo1CA0BAwEBAQEBAQIBAQEBgQYLgjoigxkRHzgBFQ0CJgIEMBURAQQTCLBzgS8aAoUohGyBC4Fzgn1dhC4lgnQ/JokqG4JDglcCiW4lJZkhBwKCPYQ8i18hgXGFW4MvA4gRik6SDgICAgIJAhSBSAGCDTMag1+QXXKObIEfAQE
X-IronPort-AV: E=Sophos;i="5.58,401,1544472000"; d="scan'208";a="1501603"
Received: from unknown (HELO keys-ext2.darkmatter.ae) ([10.224.1.90]) by ADMSS-00-D-002-DATA2-KDC.darkmatter.uae with ESMTP/TLS/DES-CBC3-SHA; 23 Feb 2019 00:16:41 +0400
Received: from ForcepointDLP ([10.224.1.90]) by keys-ext2.darkmatter.ae (PGP Universal service); Sat, 23 Feb 2019 00:16:41 +0400
X-PGP-Universal: processed; by keys-ext2.darkmatter.ae on Sat, 23 Feb 2019 00:16:41 +0400
Received: from ActiveEmail (ActiveEmail [127.0.0.1]) by ActiveEmail.localdomain (Service) with ESMTP id 4927F1800094 for <mls@ietf.org>; Sat, 23 Feb 2019 00:13:38 +0400 (+04)
Received: from email.darkmatter.ae (adkdcsvmc001.darkmatter.uae [10.224.74.11]) by ActiveEmail.localdomain (Service) with ESMTP id 2FD0F1800093 for <mls@ietf.org>; Sat, 23 Feb 2019 00:13:38 +0400 (+04)
Received: from ADKDCSVMC002.darkmatter.uae (10.224.74.12) by ADKDCSVMC001.darkmatter.uae (10.224.74.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Sat, 23 Feb 2019 00:16:41 +0400
Received: from ADKDCSVMC002.darkmatter.uae ([fe80::2cfe:4c2f:6749:c622]) by ADKDCSVMC002.darkmatter.uae ([fe80::2cfe:4c2f:6749:c622%12]) with mapi id 15.01.1531.010; Sat, 23 Feb 2019 00:16:41 +0400
From: Alexander Sherkin <Alexander.Sherkin@darkmatter.ae>
To: "mls@ietf.org" <mls@ietf.org>
Thread-Topic: MLS Compatibility with PQC
Thread-Index: AdTK6u/TqKU4F6B6RHCF92dbQJyksQ==
Date: Fri, 22 Feb 2019 20:16:40 +0000
Message-ID: <40c09894a54d4d319539185d5372ce73@darkmatter.ae>
Accept-Language: en-CA, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.224.74.90]
x-exclaimer-md-config: 77ff947c-8af8-48f1-8d81-f67dcf75dbee
MIME-Version: 1.0
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/vXMdCGzXNoUvip1mPKQutW3UBck>
Subject: [MLS] MLS Compatibility with PQC
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 20:16:52 -0000

Hello,

The current protocol draft specifically relies on Diffie-Hellman crypto primitive. This makes perfect sense when classic crypto is used, but may be a limitation when post-quantum crypto (PQC) is required.

If we assume that powerful enough quantum computers will become a reality in the next 10-15 years, any data protected with classic crypto we exchange today will be decryptable by a third party in 10-15 years. Hence, using classic crypto for new systems may not be a good idea.

At the same time, it seems that the protocol is well positioned to rely on KEM crypto primitive. Relying on KEM instead of DH allows for a wider range of options including PQC primitives such as New Hope and Crystals Kyber making the protocol PQC-ready at least from the confidentiality perspective.

To make it more general, KEM primitive may be defined as (C, s) = KEM-Encapsulate(PublicKey) and s = KEM-Decapsulate(PrivateKey, C).

Thoughts?

Thank you.
Alex.



Alexander Sherkin | Software Architect
Tel:  | Mob: +1 416 414 7117
Alexander.Sherkin@darkmatter.ae

The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

v2.23.0 | Report a Bug | By Email