Re: [pkix] Applied Quantum Resistant Crypto

"Wirth, Klaus-Dieter" <> Wed, 08 August 2018 11:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B178A130DD8; Wed, 8 Aug 2018 04:39:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3ZqPACisu_An; Wed, 8 Aug 2018 04:39:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1F0BE129C6A; Wed, 8 Aug 2018 04:39:01 -0700 (PDT)
From: "Wirth, Klaus-Dieter" <>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1533728339; bh=unKHXO5OYS3slFzoamHuPAlHxy59N5E6/fqA20pdRpA=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Q/Fvi18BecVtuZKCBGKaluIi6hqeunJHuzfhMXLIGgukqCHe2wFb3JNYM2R2eoI6l zsT9eM1MloKeIpi3QW05FyMuBckr6/vkBR9ixTA7QD3FtElpdk4ShqSatMU48CGIbH MLHUatUl3kBLcLn0xHMjkwy1fCLTeOwC/uf9UsGg=
To: "Dr. Pala" <>, "" <>, PKIX <>, "" <>
CC: "Nguyen Dr., Kim" <>, "Byszio, Frank" <>
Thread-Topic: [pkix] Applied Quantum Resistant Crypto
Thread-Index: AQHUHgZbsh8nSK1JHUu6lOqIACMriaS11+dQ
Date: Wed, 8 Aug 2018 11:38:58 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/related; boundary="_004_2062ca213ff94c1a8a126dc74b019130bkmxp07bdrde_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [pkix] Applied Quantum Resistant Crypto
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: PKIX Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Aug 2018 11:39:06 -0000


we have been interested in your message and we appreciate your initiative. For some time we are dealing with this topic, too. As a provider of some PKIs we have to be prepared to migrate from RSA-/ECC-based algorithms to PQC-algorithms in a not too far future.
So, we are definitely interested in the mentioned topics.

Best regards,

Dr. Klaus-Dieter Wirth

Senior Product Architect
CRY - Kompetenzteam Cryptographic Systems, T DF SC - Secure Communications
Bundesdruckerei GmbH
Kommandantenstr. 18
10969 Berlin
Phone:  + 49 (0) 30 2598 3947
Fax:    + 49 (0) 30 2598 1717<><>

Von: pkix [] Im Auftrag von Dr. Pala
Gesendet: Dienstag, 17. Juli 2018 21:35
An:; PKIX;
Betreff: [pkix] Applied Quantum Resistant Crypto

Hi all,

I was wondering if there are people interested in setting up some sort of discussion forum where to discuss the deployment (from a practical point of view) for QRC in their systems. The intent here would be to share the experiences, provide feedback, and possibly even share implementations/references/etc.

Moreover, being this quite a new field when it comes to real-world applications, it would be interesting to understand the new requirements so that we can plan for algorithm agility correctly and not having to go through what we suffered in the past (and in some cases with current protocols) to upgrade/switch among different schemes/algorithms.

For example, some of the topics might include:

  *   How to deploy PKI services
  *   Mixed environments considerations (QRC and "Traditional" Crypto)
  *   Mixed environments (stateful vs. stateless)
  *   Encryption and Key-Exchange for QRC - what are the options there (it seems auth is well understood, but other problems are still open)?
  *   Are there implications for the deployment of PKIs we need to be aware of and are not currently mentioned/addressed?
  *   Any real-world deployment out there (or plans for it)?
  *   Algorithm Agility, what to plan for?
  *   Applicability to Revocation Services

Most of the activities to standardize QRC in CMS/SecFirmware/etc. that I can see are related to the use of Stateful HASHSIG and I have not seen any "standardization" activities around stateless schemes (e.g., SPHINCS), but if I am wrong, please let me know (and if you could provide some interesting links, that would be great). I think it would be useful to understand how to practically deploy these new schemes and how to refine / provide the building blocks required for their implementation and deployment.

Here's some references:

Merkle Tree Signatures (Stateful):

  * (XMSS)
  * (Viability of Post Quantum X.509 Certs Paper)
  *   Implementations:

SPHINCS Related (Stateless):

  *   Implementations:

Other Relevant Links:


I guess this is all for now - you can reply privately at the following addresses:<><>

Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
[OpenCA Logo]