IETF Logo Mail Archive

Re: [Pqc] Listing pointers to not-yet-standardized PQC algorithms

"Kampanakis, Panos" <kpanos@amazon.com> Thu, 04 May 2023 01:58 UTC

Return-Path: <prvs=481ff0a1f=kpanos@amazon.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3A54C15171E for <pqc@ietfa.amsl.com>; Wed, 3 May 2023 18:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rgrTehpEUkVW for <pqc@ietfa.amsl.com>; Wed, 3 May 2023 18:58:18 -0700 (PDT)
Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E872EC151548 for <pqc@ietf.org>; Wed, 3 May 2023 18:58:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1683165498; x=1714701498; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=6gtwT50wXvXrCzSzyRaWbK2xEG842Ogufijt5RxpHNo=; b=n3gaeEyRYcVr9alXVpzxntgFhxulOWetIy8EPw/Sm2rOHysL8BQvFHaU dP2YNB9/pJDKRwk6MZViIm2vacEoUHTVA86c6W8A7hWBBtls52UMdBvHN XHr6av4t99ZGW09zw9esth4pLlCwds8qdofQh3pfTHbtkjP3Jl4AQubFj c=;
X-IronPort-AV: E=Sophos;i="5.99,248,1677542400"; d="scan'208";a="335837376"
Thread-Topic: [Pqc] Listing pointers to not-yet-standardized PQC algorithms
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-pdx-2a-m6i4x-44b6fc51.us-west-2.amazon.com) ([10.25.36.210]) by smtp-border-fw-9102.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 May 2023 01:58:12 +0000
Received: from EX19MTAUWC002.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2a-m6i4x-44b6fc51.us-west-2.amazon.com (Postfix) with ESMTPS id 04F19A0D52; Thu, 4 May 2023 01:58:11 +0000 (UTC)
Received: from EX19D001ANA003.ant.amazon.com (10.37.240.188) by EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Thu, 4 May 2023 01:58:11 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA003.ant.amazon.com (10.37.240.188) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.26; Thu, 4 May 2023 01:58:10 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.026; Thu, 4 May 2023 01:58:10 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Paul Hoffman <paul.hoffman@icann.org>, "pqc@ietf.org" <pqc@ietf.org>
Thread-Index: AQHZfhKPxSjIgBgV/EqK7LaUAq4eS69JWElA
Date: Thu, 04 May 2023 01:58:10 +0000
Message-ID: <84757b5a49094a08839ef8106b29d36b@amazon.com>
References: <075469F4-5DC7-4EFC-ADD2-0BC22BA35BE9@icann.org>
In-Reply-To: <075469F4-5DC7-4EFC-ADD2-0BC22BA35BE9@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.95.178.34]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/w_R4Hy1E-iMU6qD9Rgi5K8B57bg>
Subject: Re: [Pqc] Listing pointers to not-yet-standardized PQC algorithms
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2023 01:58:21 -0000

I would vote no to both. 

1. Crypto developers are following NIST's work and there are plenty of resources that explain what these algorithms are. I don't see a benefit in encyclopedically documenting something that have been documented many times before. 

2. Frodo is in the LWE family. It is not RLWE or MLWE, so as a primitive it has less structure and could be assumed to be more conservatively secure, but it is in the lattice family like Kyber. The Frodo public key and ciphertext are pretty big. NIST's schemes offer better size-performance balance and math primitive family diversity. IETF should only go with primitives that make sense for use in its WGs. I am not sure I would pick Frodo over Kyber or BIKE in any use-cases. Personally, I expect and hope that European regulatory bodies will endorse NIST's primitives in the long run as well. 



-----Original Message-----
From: Pqc <pqc-bounces@ietf.org> On Behalf Of Paul Hoffman
Sent: Wednesday, May 3, 2023 6:57 PM
To: pqc@ietf.org
Subject: [EXTERNAL] [Pqc] Listing pointers to not-yet-standardized PQC algorithms

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Greetings again. The grand list of pointers at <https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc> primarily lists Internet Drafts and RFCs.

We know that the protocols themselves are being developed elsewhere, primarily (but not exclusively) at NIST. NIST has said that it will publish standards for CRYSTALS-Kyber, CRYSTALs-Dilithium, Falcon, and SPHINX+ next year, and has more informally said that it will publish standards for other KEM finalists (Classic McEliece, BIKE, and HQC). Should this WG help let IETF developers know about these algorithms and their status at NIST; if so, how?

Those of us following the European PQC world know that there is still a lot of interest in some non-NIST algorithms, particularly FrodoKEM. FrodoKEM is being standardized in ISO. Should this WG let IETF developers know about these algorithms? If so, how do we bound this list to prevent us from promoting MyMostlyUnreviewedKEM without enough context?

--Paul Hoffman

--
Pqc mailing list
Pqc@ietf.org
https://www.ietf.org/mailman/listinfo/pqc

v2.23.0 | Report a Bug | By Email