Re: [Pqc] Guidance for runnning Stateful Hash-Based Signatures

"antonio.vaira@siemens.com" <antonio.vaira@siemens.com> Tue, 19 March 2024 13:52 UTC

From: "antonio.vaira@siemens.com" <antonio.vaira@siemens.com>
To: Thom Wiggers <thom@thomwiggers.nl>
CC: pqc <pqc@ietf.org>
Thread-Topic: [Pqc] Guidance for runnning Stateful Hash-Based Signatures
Thread-Index: AQHaedSsdIeVhmZZ9U6sv+DD/Tvex7E/Fbgw
Date: Tue, 19 Mar 2024 13:52:44 +0000
Message-ID: <DU0PR10MB5244557704621C7D68600C40E02C2@DU0PR10MB5244.EURPRD10.PROD.OUTLOOK.COM>
References: <E2ACC158-8EDE-4C14-8B62-27B13B999697@thomwiggers.nl>
In-Reply-To: <E2ACC158-8EDE-4C14-8B62-27B13B999697@thomwiggers.nl>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=729c9d49-df6e-405c-8fa3-e801f0521ee1; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-03-19T13:52:32Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0PR10MB5244:EE_|DB8PR10MB3465:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sKfu5ddf8chxz/qLATDp3fKXaGe0iSH699LkNc18IY8gB5JiTO3dWYIK2/WxnGEPwZWcUhr4KxMQ7kqd0FmrCOMgd82KNJmSwVpbteoKALoikAzgv7PwPRRCnx/W/76gridNiPx2i/WlWyMClY6igplytudy4Kd5jqRuNvPMZlcwz3sOb2LfES0pK8ESlk6jvJHahmJJVjZXxCIntlsRDvQhG0VnYHxmNheg5Y4GDSERqP5SVt02us40pv0uqlTAE9VXykRMn3r4AWfxJf2JE1weecquKzjPtUwn7/MlQUlWa5ARu3qDEVjwS0nB35wejD2Af7UMvOOWEd9Ju8Sr265oKCUEFc4YOIC0OqoYZD6r0qh4E9pO4vW1OB8jGoIT+2+MvVGCvGgdGoHl1MlLlUViX43Cvm7YL+kgGG5uuI5Ex99nW0HIaq2OzYXbXsGFOrIRy0RoHz4fgcBNLtI/TR2IE51RM2dMYlqsvxjOQACUYwVmgLx9VY5uAfIdxKnU5PLzewd05RzG6MZMUUlNSuHVW3EzdNHoMYDnLNGZME3a+ftbkICzbfus2ufcrt3DSmLIFCxX9Tpy9UYsmVBrLnwlkvBJf1AvS9dbk5lD7kU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR10MB5244.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Q0ZoLs1ImuvpKxXClbjKFkqW1zZpuPxoK26Bt+05hcffgFfxEUF/SKFE078LG3lVf55Arlt5L9QAOYOLh17rR6vmYSehIW7ehElVwR9pfIqxFkb87L4ypfP4wCnkQDYLu5wxmNyj8tB5zV2EWBFz5ryXF+TMIuFDsua1icBnlv4kY6potzQs1fLhW+ekrvFzVISK/M94yxwediecuYgljQZfKBwf81391sJaNYw5zoe+Iqy+ILvFjMNhGVJnf2L/T1+ArJoSFGGdfI30NNIqqNolbnoFMmkk82uwpiJjgZ/VILpJlw4C2nu96DmUx9U1vcRbW/5hIPMQ3IIi2A8EnBx24Gee+N5L/UppGMXhbRIRbgRcoU354xSZwR++5IYY0x0kZox4jqA5VquVMcN0iaqWcarBrk3K/FaH8J3RoTZKua7IxxTpQZEHtxJX49k90xtWvA1s/Csh4BCW9dxiKcmQaL5vAK4cDWqkloO5wipdqbmNbe5NInLCzqALs5QWIkVx0T0T1gFDZz0OJq2yq+rE88HRtlTCKw7iWoMcvYZzjPhVOiffjEi/M3mbBUzpV/wWicfLO8F2i1Y28cT6IFrWYZ7ocwNeSL3b16cstdoP8ix5TuO8y7yRWUE4waS7KBXjfx+/nRI/0V3FhKsyZ4GgeDl33hrci2MxA5UDTJMo33hEp+4KQ3gY85ZlxUHugbYFubkfiJ+DA02B6ZSB8BYel2tpE6PdVACLEXAC1eMQx8t202OdMPn5nOxQLpl78bhw3DuEPa76VlI6qvwk0m1M/oua9CdCCEkrgypctC8JXYGB3LfmEso+bQ13Cz/RHQ5hsJFsHizBOdMJttobaMUZLNRBdenSHa/qG7GzpsJwkE36kBzl4of/025YGxT+txqM5NVCtq8wkvynNuzzonpkK8oeRuuxFUjug/hkd/pS6dolKg/zpshJNQgCmC5wLnPs4tVPQ+Fzy846hPSGWpszYnuErJmaa4XD+3zA7aB6uX2pA83k+96Bq6iJjbABhr/JDYPfZ9IGGCuSXFLissdEl+M5iJv0f4VkPuhjUuRg6eXfS5FBMowbxumwuH6h7DFvyB8dZOl3QeYftEiSaWbqymF/9UBHhUjtmu+yeNTDD2fKEeavgI/cqwuk+1M5ATKzwhaCXvMjeCVs/3ZYxr9t94HJFnoJwZVh07WhuvSefMtp7LZ1MLtw0XHP6JNYhxtMgQZSOBlLwSuFpxdOcgQdUdwpbSepsfrTm62BnLKKmaDYchvTrSpDQLbAdARvO9FDStPGACOI1tWHWIq94yZYpkgYiBbcIeoIdCNBiCz38HqVCkhy/OZlIng7isU/XIZU5O9OvMST9Oyl118Bgsc/I3Ji+msVSvmJB2FGhcWuddXookjZksSCBBvEotWqhFqg0WI/XhmEHG1HnypjaNv1akEmKmQ+KAJureyp/rflkPtKE+355k0wllGM4KkzhG3T6ojTeL6oMXzV8CHdo9HTnLtc5YXpHCp3v9ov7GwpVTTWPm5epLw74xFuYtJjXbl+OOKRjMIXcu7Fg7BAz9gDTvvb4TMZlUvTSWFvNDVJsLEuRhU58t4lAcOriAlx
Content-Type: multipart/alternative; boundary="_000_DU0PR10MB5244557704621C7D68600C40E02C2DU0PR10MB5244EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB5244.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c058f777-6665-408a-9b78-08dc481bdaab
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 13:52:44.9670 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: K4u3O8DZNAI+2RftH3l+R3raz8+UHpZAYms43r6o8VAldbKxop4k6V1c6+duIs79XiHIhW+OLe3ErCuErFe+5xfOd72fD1Ydnk2hJAc+UKE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB3465
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/UZ0VdJB5uR8g_TGHU6pqcU4L6HY>
Subject: Re: [Pqc] Guidance for runnning Stateful Hash-Based Signatures
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 13:52:52 -0000

Hi Thom,

Many thanks for writing this document. I have briefly read it and I think it is really helpful work!

I would only have a few minor questions.


  1.  In section 2.1.3, "key export", "key import" and "key transfer" are defined. Isn't "key transfer" = to "key export" + "key import"?
  2.  Among the potential solutions, in section 5, is "key/state transfer" in section 5.4, to be intended as a disaster recovery strategy that goes beyond, i.e., does not comply with, NIST SP 800 208? Or is there something more?

Many thanks
Antonio


From: Pqc <pqc-bounces@ietf.org> On Behalf Of Thom Wiggers
Sent: Tuesday, March 19, 2024 9:08 AM
To: pqc <pqc@ietf.org>
Subject: [Pqc] Guidance for runnning Stateful Hash-Based Signatures

Hi all,

As I just presented at the IETF 119 PQUIP meeting, we got together with a bunch of people to write down as much as we could think of on how you can build reliably and safely on top of stateful hash-based signature schemes (if you can't just avoid them, which you likely SHOULD).

We set out to document stuff ranging from operational considerations like staff training, discuss things mentioned in SP800-208 such as how you can have split trees in multiple signers, discuss what one should consider in certain alternative approaches to state management for specific scenarios, and also include some approaches to backup management that go a little bit beyond what SP800-208 allows (as it currently bans all forms of key export).

The initial version of our draft can be found at https://datatracker.ietf.org/doc/draft-wiggers-hbs-state/  and it lives on Github at https://github.com/hbs-guidance/draft-hbs-state.

We are looking forward to having productive discussions with everyone to make this document as complete as possible. We already have a good discussion point for some new content in the issue tracker: should we include a paragraph on "when are S-HBS schemes appropriate in the first place?".

On behalf of my co-authors,

Cheers,

Thom

[Pqc] Guidance for runnning Stateful Hash-Based S… Thom Wiggers
Re: [Pqc] Guidance for runnning Stateful Hash-Bas… antonio.vaira@siemens.com
Re: [Pqc] Guidance for runnning Stateful Hash-Bas… Hubert Kario