IETF Logo Mail Archive

[Pqc] PQ/T Hybrid Terminology - Basic Definitions

Florence D <Florence.D@ncsc.gov.uk> Wed, 26 April 2023 14:13 UTC

Return-Path: <Florence.D@ncsc.gov.uk>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89E93C14CE39 for <pqc@ietfa.amsl.com>; Wed, 26 Apr 2023 07:13:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id doVzkx27TFZ5 for <pqc@ietfa.amsl.com>; Wed, 26 Apr 2023 07:13:53 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-cwlgbr01on070d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe14::70d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34C2FC151531 for <pqc@ietf.org>; Wed, 26 Apr 2023 07:13:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f4wJRyyXAhW33BIbO2cZDFJF7r0E/+nBifuVkIojwbl4nVW5wmz7b8rKxvKfkFaTARpFZbNj0YLiNtfMvvkzE6DoxATjOI+wMmLjf/kfJs3mf7inEEHG4S7P3Cy9RYvcJFwUsAH0o2ziYj7RPjHTonUVd/sq4nimbU4EKdNAGye3OYbcRptw81cw14+rwd9Q6eRpQCNoE/trP4LGxUYhlYKx2fg+2c7JemG1qhPz15rLUvmOPGv0mGiedX0K9WlnKZWJojGhN2kZttVc0VsHTYtCXI8AUzx7OxvUdP/kyn5c8MSYKlyo3SGeNiO0JGRRyzUY8XKIZh9UEINzdvdDCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6SXdyuCibFynT91mxbSRELDxugTuqBDL8/w77YwDhkw=; b=lezm9z8MBmNl2kUCVJUygB9Sh0fMCR/dq22n0w58bA5cRqsZUN6c5bFfBnSTGONswUPLIw3C0Nf5KMbXIBzUPOOpLQbwRAoDjNjDfTufN7USRBtSeX8fihuM1InV5TwarR2YFGYWGTLIFzm9cLQRHZrjUU7rYAfGDk2IqC9b1EWE4Lp+w45+yF6eNDwfEgfOXaTwobL7S/pyIODAtDRFLuW6pe6Ab56L5MVtMeKvT8zFW5Y82TnzRVaszVymjYjh/UB2KD3WFK7xbxJq6ew7bpYrFrKsByzhSEYFemKA+rtHO6aO0olH+UtvVbPrEJ0WpcgS/i2B+bFrJv/iBJ+8mA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6SXdyuCibFynT91mxbSRELDxugTuqBDL8/w77YwDhkw=; b=ejNdQfBzTlWbZjjOS2OmRdtYR67Xpy7cjPJ13LhWih90O6fvlFcuOZ2bVIgLYuGWEAPUYkjdj3hp9x/H4yOeRM/Vx64/g9N0Ig3ahdatgTSbebx07mjCD5nAh5EQy88nBTcsGVffypxdZleYvDOy+6+wPGEQKvtUnuUHWFKSGsXD/tXZsgXTR/R/6YVGdoPHLLVQHYfVFt0aataGytWBFJPM/HzWQbbDnNxi1X5ZwSZYogEm16ymsOtsm1FKqZtXfJp61xG+wdCGvtrnyIneoZyCeZeLCY6xxMhfXIr5kA9wkUTf9BqgQoI0CuSscT2Zvsxqh6JCuaCcRdbITRyC2g==
Received: from LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:181::5) by CWLP123MB6226.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:1a4::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.21; Wed, 26 Apr 2023 14:13:48 +0000
Received: from LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM ([fe80::a01d:2d3d:e1f9:422d]) by LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM ([fe80::a01d:2d3d:e1f9:422d%4]) with mapi id 15.20.6340.021; Wed, 26 Apr 2023 14:13:47 +0000
From: Florence D <Florence.D@ncsc.gov.uk>
To: "pqc@ietf.org" <pqc@ietf.org>
Thread-Topic: PQ/T Hybrid Terminology - Basic Definitions
Thread-Index: Adl4PwXolbEl8tk7T0mNbkMAAgMnTw==
Date: Wed, 26 Apr 2023 14:13:47 +0000
Message-ID: <LO0P123MB40417B033A85D751F708A9DED7659@LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO0P123MB4041:EE_|CWLP123MB6226:EE_
x-ms-office365-filtering-correlation-id: 09079bd6-ad9b-4919-9203-08db466073d4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: p/A/N4yCyyCNXeb644HQvqTLcQLh7IeYjIU7LGVucLrX/7qtLulIk2FY3H5W6SLpDo1SejMf1fiiMxYiVJIW2kCHvTGDzftR/brvPtJHyda3ZFYILPJuGKdyV1AiGwzmKgYJRIz6Prs4NwWqlxRWx1zvs4SmpDPf5vu22VSi95UpHuin5vNzpksbuA7Vvt5ABSjvhHkrAzrhE6o8/vvHYWLHfNruqmZ6MufmgG3aQxSi4oQ4K8yK//upDK+zfw1ZwnAh1LYtR1NdFZWLGx5gzUl1twXEc5Tn5jKvmfhlPK5u4dnZHH8otyovR5izaLjCFKgeXfYZxR2b5DtWh2BphXAEKa+krDEPA2UrASS0QB9eLO26ExdDf8b8rvDBmriOlMLn+QXIvBLJ/wUPuFBoxKI7HWXYtpFP1vIp5P4oePQ+r25nbHY4YwALBsM4ptO1pXWcXmmWlXdJN4wucL4R/TDG9b2BJOM0MQVG40Wm8jpRB2sw9l0qHQnNuEP7fPV3bdBawMRPVXJeq/a9Y7RgwYgqcuosfxX/gpTlEIeALEM1d90hsQ3OtQjB3eRmZqVRJBGMvwI9XKzz/jYLgD9Ccgsc9i50kjM7s2XwE/1J5ME=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(346002)(396003)(366004)(376002)(39860400002)(136003)(451199021)(186003)(316002)(38100700002)(64756008)(66446008)(66476007)(38070700005)(76116006)(71200400001)(8676002)(8936002)(66556008)(6916009)(41300700001)(66946007)(478600001)(82960400001)(122000001)(7696005)(86362001)(52536014)(5660300002)(83380400001)(2906002)(966005)(33656002)(55016003)(9686003)(6506007)(66899021)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JTPsrDBhyPOYcjXEvVGcs4VrjveIpBHk3X1Y7bjxURMWQLyQ3Evvp6uhj3prY9Oies5M4Hav2adfdH+tvCNTzHgp2Q3hEUR4U8yjvUpwiHIy6czd5AjQpMlVZRMVkCqR4Tdc2OT7Gv2y5/2sTcMii3xznhUNwuTXlL5/ZMhP2fq0xngolX2ZkT/SxDj73yz7nzg4/D2tDbtSGHi58wuP1lkROH+xejZruA55ZIUgkGA9lDr7M0Wmg3gGC1N9eHTatZubQ322qnYIptJJSG5D7PqYjfpKUMkw5U2pisAzS+z1IxgI7VO2fHePTWrivCLeCHVLmbewsbEOnJ5DJmq6Z/Ib9ZvxjV3Yii4MwmqrbHG1Lif+iD62ZgWjnxvZwAzOq7/sZIPJdcHNTT3//Uu7iteEIcBKfdtvjLWdVDVfw7Zn4gWVeNEx5Pz/mSKQU4csgKypHTpYmNdRheEwKUd8fjZgmcESA0tQ8UQlh61E2BHY/iqWqgq0EE2rwgizSAQyowT8QTOslqNMg1LfGo12xoYqh0DzGuUDVsmEOrDmGjgXvUXaAMlsbYXLRHNMqqvYYg9OTpYHvFTy8wxBeLtlz6TdiPxyCgIiGhKOqEpo0LOQhqbgaVHXG0NfsFooPNGOrK4EmsFX4wxOPF/K9v7ecl6h35MRnQQmEpKkzrlK+r9wyvh5iwR5zPwzcNl8NIYyO/21HKhTUHqhcWQuqmUFNcnbS17BZDMYgObMbiGVL5reLx4L2xm3qvby194Z2N6VXhWJasbucrqypALg2Zrtad96H5vzbHV9wYwJw9+hyoaTveXHeUmewOZ6roOCSxCqKGF6UxcVpccfJpC1s1W9ye+FBpsonBEFCpahYUdv7XvcMivIG5IAmVmmYSHWDfArTz04zEjUFNd5sp3jmZbE4L5q9qssaUpuZUj8btfZYkGwmBsjfavWoQxw+2AI6H8GIEGtu3rPtSZc3ydmYHjkfAmy9HEPLjeq4+E72f2qBB9wsIrGeLNXyQahdjWmQ1cf43CjNF7jh9kiWUhWIHZieIjGxutawd5Q3ab0qbeayhmRUyoXesYizdgRs731uLMBbg6Yp78fDgDaiNNoFld7CERGW8byC8rxEnlKsRWyNJhAHl4xvtjMlbw8swJQ/uNsxMRgQMfjMnv1SFrefywwc9aVGvOgjcr7yuFcJAz9IqEFVm3mwp5QqxM6WGPubYcsY5XD+k9kk0j8LtgtLqd3WHv2/fVFpxqQ+ksS9jwpZhMRzgCPVpAhRL3/LHJcdTSrJ7mNShtieLT5dKeX3a6muYk9K8V1GiO7DZ1ZBzNF6rVsx2/NVMok0LLQfj4Jp07ra6Emf+NmeY6RQQxhmdyx1M9UuiMl4fAG1Ab543eL345DOFTizc+7LPBmZbQVgLxMMxBVfkY22hyrdMVVKF95YCUjdLFEVAANewWGSx4W5KHQnu9V7+pwSrs5gDMvvF58ZWGt+akoJuDjQAr0jaDA4UJ5lD+taZUD0T009HiqtQzt8zs437UaFtAiFE2Qosv1Cjwz4MvmydWDiVVqPk6SIsNjovuZ7N+ntKSJKmor2XzQfDxM3MoA0gB1qAyl64Bk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO0P123MB4041.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 09079bd6-ad9b-4919-9203-08db466073d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2023 14:13:47.6935 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FnLoRSw3QRY5/i6ktfuc8xUfEYex4cEV7dI9s2rgiNDdzGdEMe7qc24RxavPB+/yVRuk0Fo4ekM+bxajqUXGnfrOp7fijUivJkNt75BSX4c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP123MB6226
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/quxPFnOYZ_ADOoZSU8HSTTMggLQ>
Subject: [Pqc] PQ/T Hybrid Terminology - Basic Definitions
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2023 14:13:57 -0000

Hi PQUIP and friends,

At the PQUIP meeting at IETF 116 I committed to summarising the discussion on algorithm type naming that happened on the mailing list back in March [1].  The email aims to do that, as well as to provide some justification for the choices made in the draft at the moment. The aim here is to come to some consensus on the base level definitions/names in this draft, allowing us to use this terminology to build from there.

I'll focus on the following definitions:
1. Traditional Algorithm: An asymmetric cryptographic algorithm based on integer factorisation, finite field discrete logarithms or elliptic curve discrete logarithms 
2. Post-Quantum Algorithm: An asymmetric cryptographic algorithm that is believed to be secure against quantum computers as well as classical computers. 
3. Post-Quantum/Traditional (PQ/T) Hybrid Scheme: A cryptographic scheme made up of two or more component algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm.

Taking these one at a time:
1. Traditional Algorithm
        - Alternative words that have been suggested are classical, conventional, pre-quantum, vintage, quantum-vulnerable.  Others have suggested alternatives that describe the mathematical problems that these algorithms are based on e.g., discrete-log or integer-factorisation based.
        - The current version uses "traditional", rather than another word, for these reasons:
                a. It doesn't begin with "C" or "PQ" so can form a helpful and non-confusing acronym.  Conventional/classical seem non-ideal because PQC is already taken as an acronym.
                b. Classical describes a type of computer, and PQ algorithms are run on classical computers.
                c. It is a single word and is not too long or technical. I think this is important if we want the terminology to be used.
                d. It doesn't suggest that these types of algorithms are already insecure before the existence of a CRQC (as e.g., vintage might).
        - Arguments against "traditional" include:
                a. In the long term we might expect PQ algorithms to become "traditional", so this may not age well.
                b. Traditional is one of the words highlighted as potentially biased in NIST's inclusive language guidance [2]. I believe that the usage in this document is sufficiently different to the example in the NIST guidance that it is reasonable to use the word here, but it is worth taking into consideration.

2. Post-Quantum Algorithm
        - Alternative words: quantum-safe, quantum-resistant.
        - The current version uses "post-quantum" for these reasons:
                a. It is currently the most widely used term for this algorithm type.
                b. Quantum-safe and quantum-resistant suggest properties of the security achieved by the algorithms, rather than the security goals of the algorithm.  For example, SIKE is a post-quantum algorithm, but calling it a quantum-safe algorithm is (at best) highly misleading.
                c. Quantum-safe has previously been used to include both PQC and QKD (e.g. by ETSI).

3. PQ/T Hybrid Scheme
        - Obviously this decision depends on 1. and 2. above.
        - I am currently using PQ/T hybrid scheme for this concept because I believe it does a good job of describing the components, giving a technical reader who hasn't read this document has a good chance of understanding the meaning.
        - There was previously discussion on this thread about including a forward slash in the name [3], which suggested that the group preferred some separation between the two algorithm types.  This does raise a question about if you pronounce the slash (I think no...).

If you have alternative suggestions for 1,2 and 3 which have fewer compromises than what we've got so far then I'd be very keen to hear them, please do post to the list or email me directly if you'd prefer.  Also, if you'd like to add any more pros/cons to this discussion please do reply.

Flo

[1] https://mailarchive.ietf.org/arch/msg/pqc/3hKDhB8r8wnbG5M_iTb8JIrIaGc/
[2] https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions#table1
[3] https://mailarchive.ietf.org/arch/msg/pqc/IntVA7nMUcBDqlg2wvV-5YGA-7g/

v2.23.0 | Report a Bug | By Email