IETF Logo Mail Archive

Re: [Pqc] PQ/T Hybrid Terminology - Basic Definitions

Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 28 April 2023 13:01 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1E5C140675; Fri, 28 Apr 2023 06:01:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JSD0fai8waZe; Fri, 28 Apr 2023 06:01:19 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D79AC151986; Fri, 28 Apr 2023 06:01:18 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 33RNJuqN001974; Fri, 28 Apr 2023 08:01:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=QpGdXC2p60Sh4ugOVpu72XxlQA1eMb7CQCZF1lKMqW0=; b=gZ3gUGGfovV1KrXJ0Aa4SvxDQqUHZhyN935knd1Z/29lhWVVjJVMtXWo110PCVRGkxVE rBwcLwAMl9L1qKkeigj+LGEqv8OOSj8y2wYoMZpD2jkPoaLeyFKFeStZ+5dYZsOqggnH Lhbhl5aq6721QDlDB0PC+ZriPnAgwkZdjiW+exiaDOFUkXmeXqFr2W56akbYTbSyeVTd GYZcPRn7hQnXash59aQfbm+irKzhHeBObQtej4oBJIgikSD0qMH1PisonZEHfGl17sTP a/f3hG9cpV0ymPeJjldza47+/jXaJCYI5t48k4IsWPE4pMv/pw4TQDZhRn4OmtOmsmvp Ag==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2104.outbound.protection.outlook.com [104.47.58.104]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3q4ajqrha8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 Apr 2023 08:01:17 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R45+73B9OBko8lUMOCjLZLECK5CHs3uKanxgCRoPLzMP8BZJUrs3pMOfqIm8hoc1W+eLq0rvTSXOgnVihHHkiOU1k+Bp8WNhFp7K0TQoYrOorAsm42xsu4qU2TnNSVUB4ZIvAUnGGX2Dogka1WOIX3OzcwXN2hr5UGdBWLmRAOGxQyXLnFwYboeCCgV7mSNxQofNQ4jg9y8KoBKp1SSOz+iSswUsKfK7s+lwM/7Wi/gN8A1CdqMJ8pVYqbyQ0bK0bKQ5qs3halW4yJ+YUv9xGxRMyUYF0+56JMdeoegQKxK5H7SatB7A10imukjX2bVguemimmdJC4SGS3pn09txYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QpGdXC2p60Sh4ugOVpu72XxlQA1eMb7CQCZF1lKMqW0=; b=P2S9InuJ0DntuYxSBqMEUHEjmN7GoGamRUlj4d+itkIyxdflQs5F0BIcuvn/FEz60zayB0+hEZ5r39cXZxwhaZj59kTsJHHTJJ++TzzvEQWLoZhEDX7BVv0g5tqI/Jz9EVc33zzke/mYzvEloXkENHHDFxMqKrGcLMBIwoXm4HCLQsmvdtwLl9Jd7KHZW5tTlDtaSclw4ex35y2PXJnLKBmWC4kMS2nChepN8TeEOEKEZfaDrNxtJv9goR3kgYDpkQlXIsQQ29R1y560e5gtCpg4C9sLOjqEloY/wIZ5QEceB4XyrJ9nScQeMUfii8izLLwONZk2nVFXSsNPhSMIiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by SJ2PR11MB7713.namprd11.prod.outlook.com (2603:10b6:a03:4f6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.21; Fri, 28 Apr 2023 13:01:10 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f08:9ebc:8857:74f7]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f08:9ebc:8857:74f7%6]) with mapi id 15.20.6340.024; Fri, 28 Apr 2023 13:01:10 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Florence D <Florence.D=40ncsc.gov.uk@dmarc.ietf.org>, "pqc@ietf.org" <pqc@ietf.org>
Thread-Topic: PQ/T Hybrid Terminology - Basic Definitions
Thread-Index: Adl4PwXolbEl8tk7T0mNbkMAAgMnTwBkX5+g
Date: Fri, 28 Apr 2023 13:01:10 +0000
Message-ID: <CH0PR11MB573955F4F825A9EBE47715A29F6B9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <LO0P123MB40417B033A85D751F708A9DED7659@LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM>
In-Reply-To: <LO0P123MB40417B033A85D751F708A9DED7659@LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|SJ2PR11MB7713:EE_
x-ms-office365-filtering-correlation-id: dd43e07f-1f81-40fc-9302-08db47e8a3a5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZIByxnE9Eia2ruIQ9ipv2x2IFYBtHdV7Ob4nYNPoLSR7ufiMIfTphlcOhHCjAnZEjFHPA2SQR/Xmw47fPsEQw094Bwdba+wjZvK2I0lbPuvtg80tlYeXx5LKNeKeU/Jw2L5ClRrInBjjhnAzb+HaFQPyYk0oLYoHk05d4hr5BsquwpRWR2lvGx8xsBi9k5cOJs9KrY3JFsRQOCj73uHEs1xsLmXLmiZN9pRPE9zAd/wusQc5xivhcn2UV+W09Uyrh+pSnj3JlC3oQcGU56ENot85RSLt6BGDqQW0Qsc9blaDQwdxtQgsNNP+kFZnbJpekYDzpPTl77Zjyq7FnAHbiCYTjt7v6vCFqlml4XX/JTbEOeCbduUU2kaDpesz6dp+cTT3aBxNKE8xDOq0QQ+c4sRllaKLmeJOj8aSDENy0VfVhe0Vi27qvytPCWWfdDMNL8K9Ij+b02x4B3R/QYhfr89ybltCfSSET9znw/+CTI5MPOoDmGi4zXCC8tpKxp17E0kTvtK6GZ6XP+yHhHhvyK9QEERkqnGJgxBSBxywS/mi3TEKwXZMn5TOH6+1PKDlqAPTjZ19uqzLbOT1N0PCpPT6CVwheK968ZxhCdSW4u8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(366004)(136003)(346002)(39860400002)(376002)(451199021)(41300700001)(38070700005)(86362001)(33656002)(2906002)(66899021)(55016003)(71200400001)(186003)(53546011)(83380400001)(9686003)(7696005)(26005)(966005)(6506007)(66476007)(66946007)(76116006)(66556008)(64756008)(66446008)(478600001)(110136005)(5660300002)(38100700002)(316002)(52536014)(122000001)(8936002)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IBNKXY2SRbnpu0AhkWEgdMD8UBou3pTvZ4sXPOkvvZuXgJgQbt9UyOkZNFb9LdEc+CsWa5vF/Mt/OPBlVRUB4NW2STvfxYu3l3kNBBV6xhtGzqSlzcMQaXSKWUc5BErsm+3C9I0IKMvQ/ozvfEBqzphBDKRQgU3IkLuY8Uoo/4atSlgQG14b3psA6YGkUTyZM4hHBDw4UuEoq8RO56bOStqWRoLYlx7Gb7Eufgc/M08vt6tyOmkhIjz39XUDNHVOwHYDBtDLqmBjhBWyJHef42nGyfdnbZWOfjx9cPeB2PI8O2qvmOyS1Bpgfw4gZjlBff/GD2PjU+t91OBueSJWAAsd2nV8APFA5j1qRr/Wjw4SRZt5mHerERwTUMoJY7J5hISNVQpeV2+McFaUtW3eGNK3rAccb+bhLycyytXZ2WtseB7Vm9dnaEDpFTDdT2yjxNUwLJSvLTsJXkuJGd9/YuIqIoR6IMqP5LfOQ6TkHMeIUZhzgXoKBveO14rlVTREhwSzH7vhoQaWhHOhWDTjVPrVmWwrTk7ruAhHBlXymHmcaBAmQFrdjkHP33wS/HXcuNefjYP0zQq+3u4VU9mPlkBwwfnMuWP/efADA9GNgYCBbzZ/k0FsJXLrMSGaQJigDGDV3365Bmz9oM0HHejsIuc+T+c+THOa4Jy8UM0vSNnDpCu5ubSZLyNjcm7ng9+0qsq21wSOzvIL758N5c1R+HQONalVu6UmBNAarkhAg0z7aw3xcfapEdGmQh+qnCbEcOvQwQdx3cxQO9NK/EwTa6KsDUXLh1SPyBJs8Hyjic9V9CXz1zMwIgRc5X32Hxv7/8du17ChdCzXb+DRqbWqg1F6ix/v4hYGVpBvSubKHrAEfK3AMPBcGDlOP0CDzoU4Z1IaNwCO/sQfpI68jUXIWMLpiunLRNGO43YRA6twN0Txe5CmOeE01XtCfGYAlPYaNkClX7nzm1nDWF+VVr9kIzHjKvXK0MyshKv3/DpLbVzqk1TZo7zKo/ZSLHndNaXHjLS+lqfkTtDCgrAaDd2KUW4ukQ2woJx7if6Pa7JzlcpiE/S8IluK77c5JUHVMW0TnE8zQKrknx0h1QXqE57xTz3QkP+u4I0MLs66m3EsSQUDAzViKZznW5MO7HZYHK3KjtlQ5GltlXdA+VsUy+XoEPNGbIGOnJEVjQopDh2bL/eU0/Fd3BkDKbSRKfmLlpCTC40fpCJ8r8/JuX+4QVpfj3yuBb2XMLEjCV/UUCj9014t/vhNSxX20MdeOTWByRvn7/nSWTTsKMubN0y2n/1lNl4280WsOFMimgiSb2YmFkjh0gN5oIZreJRJcyRxEZGoo6PrOAclpglWQkse6ORbUqIKxgM5d+2AgkINBi4yXwtr7OUQWUk3tjouQqekCmT9JQ1Pz3mVvmmj+jxibZjJQ9QCf21zcxPHPUFC+hbEPFhGdc7gvbfLEqSxfco2W15561RCqMFkGoucbekvq8cGwX5k/ZmO4Zb5sJdVUfHl+PbQl5taaxhMGe01yvzcZsZxsXEerI33vg92Aas6YYHro3/Cw4qNZKcFqX00CyK/boItvZ+tJp0eHumbRPqwtM6c
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dd43e07f-1f81-40fc-9302-08db47e8a3a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2023 13:01:10.5961 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ntQD0JH/kj4CDVGtNRxenJWCd+2kDA0wR3bC8/syI9x4RcpOutpsG5P2d/h1nwv6Cr0LuAxeV3OfPpBY1gNKdno8G7b80cf2FWG1SsJ2gUc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR11MB7713
X-Proofpoint-GUID: g_xCfAFXOR2XQIPH6hDKkUtMecqeYj-o
X-Proofpoint-ORIG-GUID: g_xCfAFXOR2XQIPH6hDKkUtMecqeYj-o
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-28_04,2023-04-27_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 spamscore=0 suspectscore=0 mlxscore=0 clxscore=1011 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 priorityscore=1501 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304280106
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/-Snt8Vz6k-5cFANGklAUy5koFU8>
Subject: Re: [Pqc] PQ/T Hybrid Terminology - Basic Definitions
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 13:01:24 -0000

Thanks Flo!

I'll add a meta-point about 3: I like "thing1 / thing2 hybrid" because it extends nicely to other things: I can talk about a "PQ/PQ hybrid", or a "PSK/Traditional hybrid", or a "PQ/QKD hybrid" and the meaning is clear. It's a nice qualification and disambiguation of the word "hybrid" which by itself can mean many different things within cryptography.

---
Mike Ounsworth

-----Original Message-----
From: Pqc <pqc-bounces@ietf.org> On Behalf Of Florence D
Sent: Wednesday, April 26, 2023 9:14 AM
To: pqc@ietf.org
Subject: [EXTERNAL] [Pqc] PQ/T Hybrid Terminology - Basic Definitions

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Hi PQUIP and friends,

At the PQUIP meeting at IETF 116 I committed to summarising the discussion on algorithm type naming that happened on the mailing list back in March [1].  The email aims to do that, as well as to provide some justification for the choices made in the draft at the moment. The aim here is to come to some consensus on the base level definitions/names in this draft, allowing us to use this terminology to build from there.

I'll focus on the following definitions:
1. Traditional Algorithm: An asymmetric cryptographic algorithm based on integer factorisation, finite field discrete logarithms or elliptic curve discrete logarithms 2. Post-Quantum Algorithm: An asymmetric cryptographic algorithm that is believed to be secure against quantum computers as well as classical computers.
3. Post-Quantum/Traditional (PQ/T) Hybrid Scheme: A cryptographic scheme made up of two or more component algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm.

Taking these one at a time:
1. Traditional Algorithm
        - Alternative words that have been suggested are classical, conventional, pre-quantum, vintage, quantum-vulnerable.  Others have suggested alternatives that describe the mathematical problems that these algorithms are based on e.g., discrete-log or integer-factorisation based.
        - The current version uses "traditional", rather than another word, for these reasons:
                a. It doesn't begin with "C" or "PQ" so can form a helpful and non-confusing acronym.  Conventional/classical seem non-ideal because PQC is already taken as an acronym.
                b. Classical describes a type of computer, and PQ algorithms are run on classical computers.
                c. It is a single word and is not too long or technical. I think this is important if we want the terminology to be used.
                d. It doesn't suggest that these types of algorithms are already insecure before the existence of a CRQC (as e.g., vintage might).
        - Arguments against "traditional" include:
                a. In the long term we might expect PQ algorithms to become "traditional", so this may not age well.
                b. Traditional is one of the words highlighted as potentially biased in NIST's inclusive language guidance [2]. I believe that the usage in this document is sufficiently different to the example in the NIST guidance that it is reasonable to use the word here, but it is worth taking into consideration.

2. Post-Quantum Algorithm
        - Alternative words: quantum-safe, quantum-resistant.
        - The current version uses "post-quantum" for these reasons:
                a. It is currently the most widely used term for this algorithm type.
                b. Quantum-safe and quantum-resistant suggest properties of the security achieved by the algorithms, rather than the security goals of the algorithm.  For example, SIKE is a post-quantum algorithm, but calling it a quantum-safe algorithm is (at best) highly misleading.
                c. Quantum-safe has previously been used to include both PQC and QKD (e.g. by ETSI).

3. PQ/T Hybrid Scheme
        - Obviously this decision depends on 1. and 2. above.
        - I am currently using PQ/T hybrid scheme for this concept because I believe it does a good job of describing the components, giving a technical reader who hasn't read this document has a good chance of understanding the meaning.
        - There was previously discussion on this thread about including a forward slash in the name [3], which suggested that the group preferred some separation between the two algorithm types.  This does raise a question about if you pronounce the slash (I think no...).

If you have alternative suggestions for 1,2 and 3 which have fewer compromises than what we've got so far then I'd be very keen to hear them, please do post to the list or email me directly if you'd prefer.  Also, if you'd like to add any more pros/cons to this discussion please do reply.

Flo

[1] https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/pqc/3hKDhB8r8wnbG5M_iTb8JIrIaGc/__;!!FJ-Y8qCqXTj2!baNqQZnmNBjxnnW3uDtQCda9RKDmFgsd8b62BMF8-61eA1Rc3kyJClXvl1d1SbBpoMeTaEGDuqON3dHufyU6r8APdGcmnV6Ho8kb$
[2] https://urldefense.com/v3/__https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions*table1__;Iw!!FJ-Y8qCqXTj2!baNqQZnmNBjxnnW3uDtQCda9RKDmFgsd8b62BMF8-61eA1Rc3kyJClXvl1d1SbBpoMeTaEGDuqON3dHufyU6r8APdGcmndUoEiHs$
[3] https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/pqc/IntVA7nMUcBDqlg2wvV-5YGA-7g/__;!!FJ-Y8qCqXTj2!baNqQZnmNBjxnnW3uDtQCda9RKDmFgsd8b62BMF8-61eA1Rc3kyJClXvl1d1SbBpoMeTaEGDuqON3dHufyU6r8APdGcmnaC7Y89m$
--
Pqc mailing list
Pqc@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc__;!!FJ-Y8qCqXTj2!baNqQZnmNBjxnnW3uDtQCda9RKDmFgsd8b62BMF8-61eA1Rc3kyJClXvl1d1SbBpoMeTaEGDuqON3dHufyU6r8APdGcmnXCw0JUA$
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email