IETF Logo Mail Archive

Re: [Pqc] Listing pointers to not-yet-standardized PQC algorithms

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 04 May 2023 15:02 UTC

Return-Path: <prvs=5488c64cba=uri@ll.mit.edu>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 508F3C14CF18 for <pqc@ietfa.amsl.com>; Thu, 4 May 2023 08:02:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OW5TZtDlFTou for <pqc@ietfa.amsl.com>; Thu, 4 May 2023 08:02:52 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67325C151531 for <pqc@ietf.org>; Thu, 4 May 2023 08:02:46 -0700 (PDT)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX3.LL.MIT.EDU (8.17.1.19/8.17.1.19) with ESMTPS id 344F2iV6043877 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <pqc@ietf.org>; Thu, 4 May 2023 11:02:44 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=SNI7x5eq5s0a09Q8L6QEB2TubaDMftKeMfORJC5f6vSZGezvBQKj9Naa3/NoO+xtnVALgX6LLL7U56SHDsDpazP2jPKVLlxzWMMd6KtMuEPZtERJi9ZlDJSctnc4d+SO8GbVsDi7b2tLrQ0B5g8l9ntiFmnbQq+NqGUkZW8k/Nd/tx51/wMroO/ANHVK1Fx+TmUgfbe0d4L82/CbP41lCtQjNQxGqPtk1dwoRUJeRLDHtyRIRRX2smVOe3nxybNd68owf9HGkmFn7CC4XTVPK382GrD7d8ph2nmX6/tcm+HHxHWOJNwoFMmMptVF07nQzjQONYnGhC0734r+k1mPWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i6F/82HGEKT7T8qm34BGshfCBtW7Eux8cG+/uQLQOq4=; b=mnWIYEoyqZlzHE+4zG/znXgO6Y1nmj8PZPZr4pej/ouF6B5fq/k6lae8xRkeMlDzPD22Q5FYVuplWsaTfLOyJ9tMemdjxw/mnPeDH9u8ksvk0G2/y8Tb+ThoNjNmwYq54fncMT1NJuuUwmqFXdvxxU1X9Gitnb8YvN/bkxiNGIsYytWTmTiDTdWfr0qCIxGLzhhRawB/iMhCaVj/yOONGLXoVg0PvAOxJfC/7FCP/Xsos/BclbNk3HzVytaCL4GGcyNdkCSQMZ2Mz0xVYm6yn+/V+S71sZwL0FnZtr7U7HKGuXf7cT3rhREAFnuq/dUG+IqrNbkYBZCIQxnU/kiRcw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "pqc@ietf.org" <pqc@ietf.org>
Thread-Topic: [Pqc] Listing pointers to not-yet-standardized PQC algorithms
Thread-Index: AQHZfhKPxSjIgBgV/EqK7LaUAq4eS69JWElAgACbdwA=
Date: Thu, 04 May 2023 15:02:43 +0000
Message-ID: <1B133E40-6EE0-43CD-BC35-9A09B38ACDB1@ll.mit.edu>
References: <075469F4-5DC7-4EFC-ADD2-0BC22BA35BE9@icann.org> <84757b5a49094a08839ef8106b29d36b@amazon.com>
In-Reply-To: <84757b5a49094a08839ef8106b29d36b@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.72.23043001
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1356:EE_
x-ms-office365-filtering-correlation-id: a71ec0a6-349d-4b56-1958-08db4cb09ce8
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lyvAF0s1Pbx4/GIDJbtVqQvwpJDm6qSpP9qk8P4xjCAKRLLcqVwMkU/h7yBf+0R+xLbQah5XMsKwa5mRdpGA3F9cVWRKIgJwtriPDxYm0HZD4HJRVzsOSuKPOsDT3XSUydrjNDDWvstIHV24CZBQZ0dZU+mS7X29KsZeizej4NujKG6uB4P23smHfdc8kccENrFqa/aRnVzhp7ko9iLX+NpPSLX0dPlEJbtMQsTWrfGSsQolNfKB4sip5oVKxzeqmeVKKcRJ17yCtiZy6Ynbu9l2O1URyjT/H9yVsHi+QN4B2pBY0HUpAZzTX2u/ibZbZffU6gX2mVZndrY66H+uEnCNiq+xRl5h3hx+0XK9YO5E/RIQ5mZuG8d7+pth3mb2EpoUJ2Kta7HFX2W1AfaLVourUdXCVeiDt5uiwzasHMVIgyTro7PvQC4fWW9XnKniL7eBcYGGxLnEbLJJYjuJT1OZPqXyxSeGx6PzFjnfo0flBh4tSLYDgQxqmXwQCSfzG0YZ7rIypTdsYmgxySMbMPGhR5U7PaYwq0dO67tKw9tzXQnNzqfa3uSM5J5fuDrrOa4XHI771JArudNaynIQ6QRn6eWQNTo9yRqWcGpZmV07TWfQ4/zFa5V5TArBZwAqGJGPUrX/tc9UNNTJKGTnqw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(39830400003)(366004)(396003)(136003)(451199021)(41320700001)(66899021)(75432002)(508600001)(53546011)(99936003)(6916009)(38100700002)(64756008)(66446008)(122000001)(76116006)(66946007)(66556008)(71200400001)(66476007)(41300700001)(2616005)(66574015)(83380400001)(6506007)(26005)(6486002)(6512007)(186003)(33656002)(86362001)(2906002)(38070700005)(8676002)(8936002)(5660300002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JW4dca28rTGzb3Lm1lBgV2Q5WEGtQ+6QffqPspa7nRsNTTyhrQFGNPi3Ev1LCPvZ89XNrM0fKSfMW2zG29jwkE3HBn/xSoAk400w0k+1zNvf5Yg/a/qk7MLyxfZkS0d2+UkaxLfy9tHA9MkBzeySUGWGck3dOLW8X5PYp1NBYFOcNb5UQPibxsy0ysNizxIc3D83vjx+ILaY45urt9laX2uq6ml0DqqAoN8E9Mqy6wL6JS8nJyqLwM08/Ev8OZ5Hm1pEvPBJVdsQrkR+MY/wM8oIrgByw+NVh9Xk3EOV07D/fD4M9XISw357OBH8GfoNn7DbHSXY4liclhzvBqqeyH7pB8KvE8JT4GDyWVtwenbu4uDr8qlG3uSuc1DCd9NYUtgyalclOpCcLttQKspmltvvu/hEUVuLzaAdsjvpa3I=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3766042962_2185653578"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a71ec0a6-349d-4b56-1958-08db4cb09ce8
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2023 15:02:43.3436 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1356
X-Proofpoint-GUID: vHc7GCDXIxTMZRukTyRC6-x-BoBVP_an
X-Proofpoint-ORIG-GUID: vHc7GCDXIxTMZRukTyRC6-x-BoBVP_an
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-04_10,2023-05-04_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 mlxlogscore=999 bulkscore=0 spamscore=0 adultscore=0 malwarescore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2305040122
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/NoQf5CSf03fUP9kJIJKx0zCjaHk>
Subject: Re: [Pqc] Listing pointers to not-yet-standardized PQC algorithms
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2023 15:02:54 -0000

I vote with Panos here. No to both.

--
V/R,
Uri
 
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare
 

On 5/3/23, 21:59, "Pqc on behalf of Kampanakis, Panos" <pqc-bounces@ietf.org on behalf of kpanos=40amazon.com@dmarc.ietf.org> wrote:

    I would vote no to both. 

    1. Crypto developers are following NIST's work and there are plenty of resources that explain what these algorithms are. I don't see a benefit in encyclopedically documenting something that have been documented many times before. 

    2. Frodo is in the LWE family. It is not RLWE or MLWE, so as a primitive it has less structure and could be assumed to be more conservatively secure, but it is in the lattice family like Kyber. The Frodo public key and ciphertext are pretty big. NIST's schemes offer better size-performance balance and math primitive family diversity. IETF should only go with primitives that make sense for use in its WGs. I am not sure I would pick Frodo over Kyber or BIKE in any use-cases. Personally, I expect and hope that European regulatory bodies will endorse NIST's primitives in the long run as well. 



    -----Original Message-----
    From: Pqc <pqc-bounces@ietf.org> On Behalf Of Paul Hoffman
    Sent: Wednesday, May 3, 2023 6:57 PM
    To: pqc@ietf.org
    Subject: [EXTERNAL] [Pqc] Listing pointers to not-yet-standardized PQC algorithms

    CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



    Greetings again. The grand list of pointers at <https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc> primarily lists Internet Drafts and RFCs.

    We know that the protocols themselves are being developed elsewhere, primarily (but not exclusively) at NIST. NIST has said that it will publish standards for CRYSTALS-Kyber, CRYSTALs-Dilithium, Falcon, and SPHINX+ next year, and has more informally said that it will publish standards for other KEM finalists (Classic McEliece, BIKE, and HQC). Should this WG help let IETF developers know about these algorithms and their status at NIST; if so, how?

    Those of us following the European PQC world know that there is still a lot of interest in some non-NIST algorithms, particularly FrodoKEM. FrodoKEM is being standardized in ISO. Should this WG let IETF developers know about these algorithms? If so, how do we bound this list to prevent us from promoting MyMostlyUnreviewedKEM without enough context?

    --Paul Hoffman

v2.23.0 | Report a Bug | By Email