IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: Adoption call for draft-housley-lamps-cms-sha3-hash

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 01 November 2023 23:25 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B4BFC16F409 for <spasm@ietfa.amsl.com>; Wed, 1 Nov 2023 16:25:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FCd6gSIyj_ZO for <spasm@ietfa.amsl.com>; Wed, 1 Nov 2023 16:25:12 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15896C169539 for <spasm@ietf.org>; Wed, 1 Nov 2023 16:25:11 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 3A1EJxlF002953; Wed, 1 Nov 2023 18:13:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=+CxBtsyyJt0JxNPMWIehVu8/ P8nBXDwDUOIR5tOse9I=; b=BrONTfqkK9IEF1ACSM4oQrYa760Qwr08THkyYDxg crWhr9yCqqTiGlF/FMwT2BlIj9ACP3cWMWOKtX6r3eCh7ORR9271um3uHdm+NU4V 21fo7KzRCXC7oM8sqT2iA4c6n+oj3+mDwgEDtMMb2WE32c1ECPga0wOirZsxaUoO NGNWgfXTx74ucgYHF8ZWc/vLaCqLd3RJxw3Qa6+ZHMF8a2a6Ru7LaRBVy8nLtP9/ +adACPZLouZg4yUpOjlA9NfdLQOrf4LfpEH9x7kdl+UjWeo7iJ6rt24bLFDwnD9p t2TNDkLwtf192axnNieuGpiwvTnwCkjYX5RCVAaAEvqm3A==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2101.outbound.protection.outlook.com [104.47.55.101]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3u0w9m3dx2-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Nov 2023 18:13:08 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IOJRJLjTTXNVwLV12qakRYMCTAKTexogV3mrC2u5vHIA3Qba+MxThhZ2zxQ1VF8wtSnSYzhZo2oj7iHagOkpKUitjkytnNmAz7Qo1qOlzr8KMihOPdyhesnqhT/V45TyzNy5xG+hlmpXQm8VeEyS8Y2oz6e3J99PUFidej/Xl2PsDWJP4iVoP8zKH1Au7jclXHopJ1i3sxfvrHeOimfLjVB0E7u5Nc36dVW8GeP0b6zcPujRwPj9Ig8rW3rJ/Om6r9fHT8ziXBvbHyvp+t0Y9b/Itn9kh9LtNeShsdzWbLhddNy15heS4zDZlm03y5sHmS01lq5kSU0X+ka+jxb/Cg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mboRuW6QD42k7UQXCLy1q2nv6UMhJSNIu2FylVhk3t4=; b=Pid1RDB23b5ULWKGvT3G2MDZ7roa9qyQzUNcuabSG2UbFkNSB3zs76hGIDXL4GIy7MqOKO7mnUuCL6SKrknJOk1DFCXlvEv7ZKfU9gYBadGJyUxhdjjXK39H+qNJS70URagmmnFRGclbKdU2pFE1++u5FD+3JMY4mRf7nsa7v03TjQ2znFEApSWnEvZ8g8SCV2CUs50RJ8tJhqsH0jucPkDxNfPCX599pMl+lpQL/CwgVbLIFTkUe1vYEKQG+jvMH+Ivfgiwq+90Fkj2lQeHoqIsN6DfJZY7RFwo3WNIG7lpFurdwQo6kAtwUaXpybpDo1P89ZeptSC2pf6uHrywrg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by PH0PR11MB7544.namprd11.prod.outlook.com (2603:10b6:510:28d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28; Wed, 1 Nov 2023 23:13:04 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9154:8630:8db3:6f4d]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9154:8630:8db3:6f4d%6]) with mapi id 15.20.6954.019; Wed, 1 Nov 2023 23:13:04 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash
Thread-Index: AQHaCtVAEmYM6Zd5EUuKITvqlEtzv7BijnIAgAAqWoCAA0QJUA==
Date: Wed, 01 Nov 2023 23:13:04 +0000
Message-ID: <CH0PR11MB57396C3CD420BC0DED8F57549FA7A@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <SN7PR14MB64924398A13D7C521AEDF4B283DCA@SN7PR14MB6492.namprd14.prod.outlook.com> <bfa2812c899541cc84f7c5abb38ee435@amazon.com> <597E6452-69BF-41EE-A3EB-19AF0A01304C@vigilsec.com> <CH0PR11MB573915B912FA76F9D2A8B3239FA3A@CH0PR11MB5739.namprd11.prod.outlook.com> <fb2e4bbe95964d8e9015e3787385fa53@amazon.com> <2d75918b-4815-4ec9-9e6f-74472af97a73@nthpermutation.com> <ee119d906d02451495e4b13a3c8bbc67@amazon.com> <98f0b71a-dd2a-4d73-9d46-05c9878d1ee9@nthpermutation.com> <ZUAD0eRjvapmgk2Y@LK-Perkele-VII2.locald>
In-Reply-To: <ZUAD0eRjvapmgk2Y@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|PH0PR11MB7544:EE_
x-ms-office365-filtering-correlation-id: bafb5bb4-93a9-4b59-9e4b-08dbdb301a3f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BMxzj3gSZoqxLlOEQDliyhbNbAEGlDHu3wk3ldp0mBP5gqTra8xRMeZZd0fukYsXB7KHsFwe5cnlv1XRh6Xt4ik86wVkVHP3IU+Dj9DNCLDrnErs/CZ2L0FBeDR30F0Aump/1E5N4gckPb9g3MObvre0b8FvVqn3oD1qZ32dFMDjVV5DwCoUS/QHchRsVRXbMDUJOm4HnwfLsFTZXGa2QiPhXHosfeNgQjK7vOcEa9NURpcxg0918hQ6akqIeqmde4z5aw2lbL41HW+PFa46Vhqy3nZ0UBCcY2dhkIbjrkrc2yMP1pd1w4+Tg0kXH+om+Zx0e5bpFdjhz9hiGSmQOUFFBEuM2MnavOfJKnC5HmjELp1ptHIh8VLJ7PgyoTVpbvggYMPiEL56F8n9aBT8/L/KgHolzxIg7oylU0C+qABipF1AD5iEofldlmFxjNYEiVcGXSssvj5RLoPSiwp3sHj+Bl9ET+FaFaVE9puOBoHibCtmqUXgZsTSKe+yDiT9P8xmbam46tkvjpVDo5d/sclkUy7aN6tYJAE86HNusZW+FYsC5OGQxSrP2U+VGeqTg8GkAHiDfxdl18UEopSlNSJJ/F2b9cIlV9Ce47UPEea8vvDeqk+py6k7YXvP4MLs4Iw+VJifALkqE3tj3EPj9Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(346002)(396003)(136003)(376002)(39850400004)(230922051799003)(230173577357003)(230273577357003)(64100799003)(186009)(451199024)(1800799009)(55016003)(2906002)(26005)(38100700002)(9686003)(41300700001)(83380400001)(6506007)(8676002)(66556008)(7696005)(8936002)(478600001)(5660300002)(71200400001)(110136005)(966005)(66946007)(9326002)(52536014)(66476007)(66446008)(64756008)(53546011)(76116006)(316002)(38070700009)(166002)(86362001)(33656002)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: h7HUV3vE5XKjJXmPlgDCkej7tvMDzJj9kNEO0eOWp5wrY42CtlI6TA+ZPOXJUZIqbwPdaa/ttZ3l/V4B2bckZwb/0S7LrCoUcrW5PHGz6jWCxsZtrvCr8TLeQhpreNmCmhg+Vlp37LK2/f3XX1PbGsjPel4FD1T/MQLTqwzyRdxYdTQUaQKaHqkuk1TZuPT4BQx6fLkQjMlpPUD5EE6JQeSCqr3hPwB3f4BLFoIJQe1WM2Xz6VL4mDbVkXtfIfqYE3+L3SWQOUmFArawi3hRIXNqBEs74jNjOmxQdpVN/gBnCc6YnvLhRRk5CMlF3fMVf2ofS/nHmCS+XTxhEHLdQh3GquQGcFq31rJ1seaX0ZzxCoeXCALN3oDpElG+NLWgRQj0jwXClV1RPLl6x5deRHqxKpDQN/wIiPbTgafjuAO6j4q0Ivgr++lWkPt+3JbfQFXCZ8TAmNePmG/DdpeL0yTPed+4nXE75lCS8SqhuYn2QskpRqm0edKFhY+iqcPmwxHBiuOBmcLRFQP9psAL4eD296BjcAO4Z14mtp5Eyg85FX+ChEFy2aabfvd8U+Vx0lkyE72vv16T+RmFWvLoF+7KvouEi/SWUwyfpJ/zq1hsXomQG1tjOFth5MVKJRQVbA4E9Y0YIwyPTxP/pKLAKYU5tac4nOw9P/ubTJs8VSuZ5VAswrYtd9ozawRNgqmMPUvpxcxAx1D99c9YUm6Ejbx9M/R3zs8LOL7gDLLNXjLo3smbtIJE2cghnQDz0HEgpN9a4U5NVOldAt9WNiTdgk8j+0LwjVs/FRkAxj3Yult7KgsZUp83t3fPDlwP3zVFas6M5FSSKw43WcvlguSkZFdymeGBsMNBr6w67seYfOw7oxWpHyHznb4SBffEW2Yw9XtzytslU3ZVF27ooclc5saof0H2sDS1dbuGqi/YXYQPcObrdl/SN28DRKBC2E/2n8SzxFSegVpm6R9iSBA+MWmNhgxdquxdZoreeTl4AvymaCipaYhAc9S+WrX2onvXr+SKtMMCGIRqAQ7Jr6e3XmLyVrfXbgCyfhCX9rcHpKOxPhLj/STO5Zkq1PdGsJ8GTD3itPE98+rYooFOHqZHjNXP7Ro5O8VvJQee/ldBSMwoosV3SDr/QujZCBp5LXaJwGs9fYGfyxuVea3V5WOv9Jo+fQxvHLpAXv56HjUTo3KL4vuzTJHB0/Gb7MrNIUtIeM1hzIqK4FdtFxr+FmxpDkf2Yd9JtaQYiOf3QGAGhdEw2RfZ505Tl35QJgXA/X7/heTtPZ0DJNRXJTIcraIC3S1kw+c/Rc6GLdf50lTBu0tbPn1sWmZ2x85C+RP6ngC8lHjl4NsVRRG+tjTWdevWvC0yypHTePHTF1KbRczpV81Y0pW6gG+5iucJ9giE1RDW9cznT4xTyMRTR5n4+BObbMc81nQ7ARL1EskMfBHAu2Lbg7XGNX9gJGwS9R81DUibuWU6PZ+n13fcmfcwtg/ESTMazYNT+cUjb7ycOLxUCSBwuMnscSxiYCv44z3z8Nt0M7YEbK14W928nmwzX8lKJ7mXMyqqdiveFe9deafYp5wRvO7YSqcOkOYJvq0Glge9d+QIKoXrmFZJgCl+mfqeDg==
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB57396C3CD420BC0DED8F57549FA7ACH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bafb5bb4-93a9-4b59-9e4b-08dbdb301a3f
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2023 23:13:04.7022 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: phFPDIshSFWSXd2e2lGVz1nctOyveKqSC+2BecJKtwNQnW+Igbe7G41raSk02r9mNbK3Tr6Ws/FsHdXo8DzgHcW0xjb3lmfkl99fuBbmJPU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB7544
X-Proofpoint-ORIG-GUID: -daala0GcBAaXggK-zPjZAs5Zu5WiX6-
X-Proofpoint-GUID: -daala0GcBAaXggK-zPjZAs5Zu5WiX6-
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-01_21,2023-11-01_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 priorityscore=1501 mlxscore=0 clxscore=1015 suspectscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2310240000 definitions=main-2311010173
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/0SDhP_N6NO9hliJk17fNUML2uxM>
Subject: Re: [lamps] [EXTERNAL] Re: Adoption call for draft-housley-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2023 23:25:17 -0000

Hi Ilari,

Good points.

I would love your review of sections 5, 5.1 and 5.2 of draft-ietf-lamps-pq-composite-kem since that is the bit we are debating.

The point is that for id-MLKEM512-RSA2048-KMAC128, we need a message digest for the internal RSA-KEM; currently we have listed sha3-256 since it aligns with the KMAC128/256 used in the outer KEM combiner. Ditto id-MLKEM768-RSA3072-KMAC256 choosing sha3-384 to align with the KMAC256/384. (currently on a plane and can’t check Panos’ CMS SHAKE draft, but I suspect that we would have to choose the next size up which would have some small amount of waste).

---
Mike Ounsworth

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Ilari Liusvaara
Sent: Monday, October 30, 2023 2:28 PM
To: spasm@ietf.org
Subject: [EXTERNAL] Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash

On Mon, Oct 30, 2023 at 12: 56: 42PM -0400, Michael StJohns wrote: > On 10/29/2023 10: 02 PM, Kampanakis, Panos wrote: > > > > > try and practice algorithmic pluralism in the way we define things > > > > Personally,


On Mon, Oct 30, 2023 at 12:56:42PM -0400, Michael StJohns wrote:

> On 10/29/2023 10:02 PM, Kampanakis, Panos wrote:

> >

> > > try and practice algorithmic pluralism in the way we define things

> >

> > Personally, I am not sure algorithmic pluralism for the sake of variety

> > is a good idea. Integrating and using only new algorithms that make

> > sense is a better one imo.

> >

> > I can’t think of a case where SHA-3 would be preferred over SHAKEs, but

> > I am open to suggestions.

> >

> AFAICT from FIPS202 both are just parameterized instantiations of the same

> KECCAK function and have exactly the same performance (and strength).  E.g.

> from FIPS202

>

> SHA3-256 (M) ::= KECCACK[512](M||01, 256)

>

> SHAKE256 (M,d) ::= KECCACK[512](M||1111, d)

>

> Now RFC8702 says that SHAKE256 should use d = 512 if you're using it as a

> hash/message digest, but I can't find anywhere in the NIST document that

> also use that value as a default.  That worries me with respect to future

> interoperability.



d=512 is the minimum to reach the nominal strength of SHAKE256: 256

collision, 256 preimage.



This is above the nominal strength of SHA3-256, which is 128 collision,

256 preimage.



Of course, the difference is practically meaningless, but hey, it is

free.



Or if one thinks 128-level is enough, there is SHAKE128, which is even

faster than SHA3-224. It has d=256 (again, minimum to reach nominal

strength).





Now, I do have a major interoperability concern about the ECDSA

variants, but for different reason. And ECDSA with SHA-3 has the exact

same conern (maybe even worse).









-Ilari



_______________________________________________

Spasm mailing list

Spasm@ietf.org<mailto:Spasm@ietf.org>

https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!YZ42MSxjDOe55p83lIgrm1lX93y7hAqitR04NmDpT42i0MvuuNPSPlhST61nOT9xMdd2_IEwXAXbXcKcNTJ0L3ueL_50vTtA-tk$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!YZ42MSxjDOe55p83lIgrm1lX93y7hAqitR04NmDpT42i0MvuuNPSPlhST61nOT9xMdd2_IEwXAXbXcKcNTJ0L3ueL_50vTtA-tk$>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email