[Pqc] Guidance for runnning Stateful Hash-Based Signatures
Thom Wiggers <thom@thomwiggers.nl> Tue, 19 March 2024 08:08 UTC
Return-Path: <thom@thomwiggers.nl>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11C06C14F689 for <pqc@ietfa.amsl.com>; Tue, 19 Mar 2024 01:08:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFmIxl-cIa6I for <pqc@ietfa.amsl.com>; Tue, 19 Mar 2024 01:08:32 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34B06C14F6B1 for <pqc@ietf.org>; Tue, 19 Mar 2024 01:08:22 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-56845954ffeso6947925a12.2 for <pqc@ietf.org>; Tue, 19 Mar 2024 01:08:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1710835699; x=1711440499; darn=ietf.org; h=to:date:message-id:subject:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=elonuPgEaQ8MwckEMeFCZ6blNxXiiX54LvrfRPBuDwA=; b=SFPlO5xI4hIWsxzgtAtw/ng4hkDGWJtpOSr7gQOuv6H/hG9zibJwMd94pw20hvlt/j pU3elIyvNuoY+Qe092v1R/A5pzXzvFuuiuYcKDBKJBWr+qBoYXz8bLIDCAFn3pB5Onvj Cri5Sb+5V5qJg6nks5bRu8jbKtBcnnU5hxFno=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710835699; x=1711440499; h=to:date:message-id:subject:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=elonuPgEaQ8MwckEMeFCZ6blNxXiiX54LvrfRPBuDwA=; b=WyBD/aVEeKP7lyjYs8DxHtrKJado5eretDpjLG/8hpo5IRt3TIOpHY0vBE36lu4iAw +ORSYlFoTqzGU+LaFzvS7uawenCQw6I0NLIFukcrTHK7/c4cJhSPBByX6kewhQjM7uMt QiWZfNx7jH8Y2mM2bf9G221CgS9rHT+yl+Ba4DvT/AKqjDraJhxWGxH2hlidg4v6yNYN dIY1i7RsyEilRqu95lgy8NlNcqUuokYwu09oQCYspAXI9k7Gcu6vrpwvzs8Vqqt0P5qo zRffEHa30jVq9navUjg/ku9PD3l7sd2U8fBdvrN5oucTpfUcOXeJa3TXxzKGfh3tEupE oX+w==
X-Gm-Message-State: AOJu0Yyjpbc+JSkhMKKpNmAmF7XsvGcCvJhl17qV4Pn//P/Grjda/UGc K0QcQYijN9MpspEtIEokW3jif+50+FXgfeIcVVl/tKE2XiNDwd6O1QRe5ZcNwmsrc0NVf2V6hie 2
X-Google-Smtp-Source: AGHT+IERr4MqoRfR/IOf86wL2Fgk8gWKlitCer89SnQl1UuhRi+GWo36dLFx6aElQ2r1UwLjVQ1IfA==
X-Received: by 2002:a05:6402:1cc4:b0:566:348:fc4a with SMTP id ds4-20020a0564021cc400b005660348fc4amr1134499edb.32.1710835698542; Tue, 19 Mar 2024 01:08:18 -0700 (PDT)
Received: from smtpclient.apple (139-165-187-31.ftth.glasoperator.nl. [31.187.165.139]) by smtp.gmail.com with ESMTPSA id ef6-20020a05640228c600b00568c2ea2cefsm3236521edb.51.2024.03.19.01.08.17 for <pqc@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Mar 2024 01:08:17 -0700 (PDT)
From: Thom Wiggers <thom@thomwiggers.nl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FEFD3641-6C30-4825-AAD0-CC3F52BA5A84"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Message-Id: <E2ACC158-8EDE-4C14-8B62-27B13B999697@thomwiggers.nl>
Date: Tue, 19 Mar 2024 09:08:07 +0100
To: pqc <pqc@ietf.org>
X-Mailer: Apple Mail (2.3774.400.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/Ur73V4PpsqQHmcqpYMSl-O5icGg>
Subject: [Pqc] Guidance for runnning Stateful Hash-Based Signatures
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 08:08:37 -0000
Hi all, As I just presented at the IETF 119 PQUIP meeting, we got together with a bunch of people to write down as much as we could think of on how you can build reliably and safely on top of stateful hash-based signature schemes (if you can’t just avoid them, which you likely SHOULD). We set out to document stuff ranging from operational considerations like staff training, discuss things mentioned in SP800-208 such as how you can have split trees in multiple signers, discuss what one should consider in certain alternative approaches to state management for specific scenarios, and also include some approaches to backup management that go a little bit beyond what SP800-208 allows (as it currently bans all forms of key export). The initial version of our draft can be found at https://datatracker.ietf.org/doc/draft-wiggers-hbs-state/ and it lives on Github at https://github.com/hbs-guidance/draft-hbs-state. We are looking forward to having productive discussions with everyone to make this document as complete as possible. We already have a good discussion point for some new content in the issue tracker: should we include a paragraph on “when are S-HBS schemes appropriate in the first place?”. On behalf of my co-authors, Cheers, Thom
- [Pqc] Guidance for runnning Stateful Hash-Based S… Thom Wiggers
- Re: [Pqc] Guidance for runnning Stateful Hash-Bas… antonio.vaira@siemens.com
- Re: [Pqc] Guidance for runnning Stateful Hash-Bas… Hubert Kario