Re: [lamps] Do we have a FALCON draft yet?
Bas Westerbaan <bas@cloudflare.com> Sun, 20 November 2022 12:13 UTC
Return-Path: <bas@cloudflare.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB1BC14F5E1 for <spasm@ietfa.amsl.com>; Sun, 20 Nov 2022 04:13:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0IgcqRyNIgQ for <spasm@ietfa.amsl.com>; Sun, 20 Nov 2022 04:13:50 -0800 (PST)
Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28BAFC14F72F for <spasm@ietf.org>; Sun, 20 Nov 2022 04:13:50 -0800 (PST)
Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-39e61d2087dso14672287b3.5 for <spasm@ietf.org>; Sun, 20 Nov 2022 04:13:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KTQ4rQmAipMfshCeb2FJ7DbIPv+Uxdao9n3LoxLdYY0=; b=Y/UyfaKBfrt552qqtczTfAScZm/jPLLY8AROx+geZV2dSt+w0SU7N4atcjvDDpRHfZ TQfITv3bQGeBI42m6YJtqf0jyi8tdrpWOg083kRyGMvDNod9NXX8Uywe+j5pdAbHEKCa /nS5tJez6/MgRjknSc19B83BZnDQthLqWjZKU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KTQ4rQmAipMfshCeb2FJ7DbIPv+Uxdao9n3LoxLdYY0=; b=ivf0IjlfDOheGJ1pH5+Dev3ifsgK9mUAdVZ44+7j7mTxE2hcwwRATWzJPY0mKDGhpL gZemM7FuJclRVXGAw517zYLdeEDz/pdxQVVnzPN0GURss0hO2JEaN5BFBQKMZwniLTPf 92MW/1Jc61hPFHwjroJOg6cR561LC6oVqoIxctIMKSECa+43D8HXaU4lEM6AQ9CTbbk/ nKLbgKNuFI7dizEbtLZjGlw0enn4MG+pG72jX9nJYdBQ2+hzU6PhqtmNf943G1v/1eKk ImhZFQLXqF0mPme0X+P6RlLNKUR+L6yYKSugkkE+XRe9dejsRsulQYHJYQZG2ltTY9W8 CMzQ==
X-Gm-Message-State: ANoB5pl5qYIMfav6/tyhFj1UQArcDjt6WYEKbDiup997in/Hq3335hdI fdfiFlRI/P67r5o9JTtnEJ9hye5I3XTyVS2sxYZLQg==
X-Google-Smtp-Source: AA0mqf4cLlg0vhiLTzinBuo3V5qZCg484WbZZmuB6f1PfUamPPdl8m3gc+qTArB6SZSJIC5hzHjoofQAMcgAfH/wN3c=
X-Received: by 2002:a0d:da07:0:b0:367:eca6:e0fe with SMTP id c7-20020a0dda07000000b00367eca6e0femr13406191ywe.150.1668946428621; Sun, 20 Nov 2022 04:13:48 -0800 (PST)
MIME-Version: 1.0
References: <CH0PR11MB5739FF43CFFE1BB36F08566B9F089@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739087321613C91103CFBBD9F089@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739087321613C91103CFBBD9F089@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Bas Westerbaan <bas@cloudflare.com>
Date: Sun, 20 Nov 2022 13:13:37 +0100
Message-ID: <CAMjbhoUUKjuU1rMJ--21TDz4h6MxMdghGZPVVVJjGaSyCNAgLQ@mail.gmail.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Cc: LAMPS <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000007297d05ede5dff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/B2q8DZB2Og7hQvipufzGzPkJYxs>
Subject: Re: [lamps] Do we have a FALCON draft yet?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Nov 2022 12:13:54 -0000
Not that I know of. If someone picks this up, may I urge them to add a warning to the following effect in the earliest draft. The Falcon signing procedure is difficult to implement in constant time because of its use of floating point arithmetic. By default, it should be assumed that the timing of the creation of the signature leaks the private key. Thus, without careful consideration, it should not be used when signatures are created on-the-fly such as for TLS handshakes. It is safe if floating-point emulation is used (which comes at a performance penalty) or a (custom) FPU with sufficient constant-time guarantees. Verification does not use floating-point arithmetic and does come with the same concerns. Best, Bas On Sun, Nov 20, 2022 at 12:56 AM Mike Ounsworth <Mike.Ounsworth= 40entrust.com@dmarc.ietf.org> wrote: > For completeness, we also have Kyber [3]. > > > > [3]: https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/ > > > > --- > > *Mike* Ounsworth > > > > *From:* Spasm <spasm-bounces@ietf.org> *On Behalf Of * Mike Ounsworth > *Sent:* November 19, 2022 5:53 PM > *To:* 'LAMPS' <spasm@ietf.org> > *Subject:* [EXTERNAL] [lamps] Do we have a FALCON draft yet? > > > > WARNING: This email originated outside of Entrust. > DO NOT CLICK links or attachments unless you trust the sender and know the > content is safe. > ------------------------------ > > Hi LAMPS, > > > > We have drafts for SPHINCS+ [1] and Dilithium [2] in LAMPS. > > > > Has anyone started one for FALCON yet? (I need something to > cross-reference the composite draft against) > > > > > > [1]: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sphincs-plus/ > <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-cms-sphincs-plus/__;!!FJ-Y8qCqXTj2!fJ0iZFzue-XVZBbJ18itKI-6e6y12C3g-v1B6dzJyGsg9sgUnSr-uGDYsyjTI-fvpuSJoWVhNP0h3vCR5xxUkcbW4I-VqfjlT2DqrQ8jQA$> > > [2]: > https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/ > <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/__;!!FJ-Y8qCqXTj2!fJ0iZFzue-XVZBbJ18itKI-6e6y12C3g-v1B6dzJyGsg9sgUnSr-uGDYsyjTI-fvpuSJoWVhNP0h3vCR5xxUkcbW4I-VqfjlT2A2XHyKVQ$> > > --- > Mike Ounsworth > Software Security Architect, Entrust > > > > *Any email and files/attachments transmitted with it are confidential and > are intended solely for the use of the individual or entity to whom they > are addressed. If this message has been sent to you in error, you must not > copy, distribute or disclose of the information it contains. Please notify > Entrust immediately and delete the message from your system.* > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >
- [lamps] Do we have a FALCON draft yet? Mike Ounsworth
- Re: [lamps] Do we have a FALCON draft yet? Mike Ounsworth
- Re: [lamps] Do we have a FALCON draft yet? Bas Westerbaan
- Re: [lamps] Do we have a FALCON draft yet? Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Do we have a FALCON draft yet? Markku-Juhani O. Saarinen
- Re: [lamps] Do we have a FALCON draft yet? Ilari Liusvaara
- Re: [lamps] Do we have a FALCON draft yet? Massimo, Jake
- Re: [lamps] [EXTERNAL] Re: Do we have a FALCON dr… Mike Ounsworth