Re: [lamps] [EXTERNAL] Re: Do we have a FALCON draft yet?
Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 23 November 2022 14:22 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A11D6C14F744 for <spasm@ietfa.amsl.com>; Wed, 23 Nov 2022 06:22:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.996
X-Spam-Level:
X-Spam-Status: No, score=-6.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mst7xwxN8U_V for <spasm@ietfa.amsl.com>; Wed, 23 Nov 2022 06:22:27 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EED47C14F732 for <spasm@ietf.org>; Wed, 23 Nov 2022 06:22:26 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2ANDeXdB010969; Wed, 23 Nov 2022 08:22:23 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=rCa7mQ3m3n9anHOkSuU1I6bH0i7V4GkH/V1+hoyZFC4=; b=LpRB+aX6mbyBcJzoLVGL6kajy1V2pR6Xulg7jBgl6EsRffJL0A0f6W1p4bbZ4WPjsr56 iG7bS4GPaVKR4/vadC2EeaBqrCf7L4Pfg1ndyLWNGHrOxRo4ezPkYypMvancT1abEHba 8NOSrRY8lOB0KrNDDUefi66PLeo0ov/WIAvhSFQ7jCuTDkvhwKyW0ivNIEGwSphie7Dm HpoD7ySok6FE3giNZsrA4PcMUtIh0BlQCKTVR0a94SV5utLIUtNhujnivBoFTrlEhuZO 0278ljT8XnXG59Qmdg+j4hYFdPyO4t+3mjQ0WZyklSCR0e79PvFwAQEbaDVvCtxy5KEP BA==
Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam04lp2168.outbound.protection.outlook.com [104.47.73.168]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3kxvq6q5tq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 23 Nov 2022 08:22:23 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jiVY4di7Pzt2EkKhZTz3gFn2XtjUiQiq2LGCqKfhJkkKY1tHMEWUmqZmNZDS9GrlEfqUzscQtBrbIRbICLOLu93wPrRnSQEnorI8Ww9xR0QuMoa3ZMPqeNhL24dCJTBcbzEr/DA9EXjLCE+8pR0poOZd4nXJPEycoK4L7nZlv3JJCdx+Xg5Dw5bgF9TLbWBB2RvQX/jMFqtD6jQ7qAK3y4Dt4HduTeJqVDRMyGZlVXnsWxMdjX4ZRZwxlwKPCmANtEMGTnnu6wBQaMc2ioi6H+pVpcrmY1XlGcGmMdaUnVKXCP0ZfCaUXj43O0p53C9JDicwn71I5CAJDHd7Bg3e3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rCa7mQ3m3n9anHOkSuU1I6bH0i7V4GkH/V1+hoyZFC4=; b=J90BBM+n0eIWqGt1L3ZzqqKwpR+cCTOD9PwqLjC1cPuLF2L15fBDa0DYPwRuwMGTypnBwlEpqfpT4wfktukfbWNhj05RuiTiXyxn0DMOqwEIgHWDaWl8K7CLjddSfrEWkOwZ8iCp1sSD1Nwp62LZW4Pk5nwt+OaZTZX59GaMvs4X9M40xW6mY8XN5nCVnI0ByMVzQx5cepgoCneFHfGLplpXfn08puNvR4lk08Xd5jytsJpZy6w/bxjt3cn1v3BLCz6ktLr+T1tgYzltSkm0H2VN0XyI2DqFyahaf2JiXcuSklcNF1PYoNZTGGlA5ya/uOhwRJcQP3Yahh1O3Rq4Zg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DM6PR11MB4722.namprd11.prod.outlook.com (2603:10b6:5:2a7::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.15; Wed, 23 Nov 2022 14:22:17 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::a95:6d:ab71:f8e1]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::a95:6d:ab71:f8e1%7]) with mapi id 15.20.5857.017; Wed, 23 Nov 2022 14:22:17 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "Markku-Juhani O. Saarinen" <mjos@pqshield.com>, LAMPS <spasm@ietf.org>
CC: Bas Westerbaan <bas@cloudflare.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Thread-Topic: [EXTERNAL] Re: [lamps] Do we have a FALCON draft yet?
Thread-Index: AQHY/S1PjByFoP3lak6swSt0r2XAUK5JSZMAgANI/DA=
Date: Wed, 23 Nov 2022 14:22:16 +0000
Message-ID: <CH0PR11MB5739C43F55F39B5A5438FDC09F0C9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CAMjbhoUUKjuU1rMJ--21TDz4h6MxMdghGZPVVVJjGaSyCNAgLQ@mail.gmail.com> <F17215D0-255B-4DD5-8410-4F5FDA250658@ll.mit.edu> <CAPwdP4P7A+rcGTm3k603KcftigV5Hg-fS0XGpgXv3N5=MzOaYA@mail.gmail.com>
In-Reply-To: <CAPwdP4P7A+rcGTm3k603KcftigV5Hg-fS0XGpgXv3N5=MzOaYA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DM6PR11MB4722:EE_
x-ms-office365-filtering-correlation-id: 92b67763-3326-49d3-f81f-08dacd5e1fbd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l+Ldjorf64j50oOPfxQLxPUTPeUCckpltb7uWHljIyx4iP4C9V1DYPKlH7A++lgTB6tDEaXLoY+Ov4xDgVNl6M22+zJ4Rf9TqkOWUF5Q7+4ctbZZ8RNWNqCFcNBmJxoJA/LTEQNBls05w3HwQSULWnvu4Po2Pl8os+nslBaFCWIQ6rqvgsHDxxl4+LvGpCEtMIG63mLmKecA0hOvYG5QOoDXoV/VI35Ntq3kynYEvxmsXszuCKrK4dOBUJU24B4Uy65uW731ERCnr6FnOUO1v30h9SazWcqMgB+eDx1Y4VvTTPnkOUt3epdSrdeo9hCmFwDy3HzzvZBYNhoT070mI9+VloH8m/H1vdiF1Uww7M1DuYeICqn9AS4aBKp/2n84ilGkwYhorgcD3sgcmOf+/rwcbMFNJ6kK89t6CZg9D9o4z/jlpAXgwXa0DDWcC/i5NVF57BPujhsrYxso2iy38WQfrEkeTO6pSUo90jw4hOg5wh/sod2K6oZQhGmIEpsq6BPUIWioMqtXuzuAwWBVok2wD88xSMvSLHKrXe3CwXY1NNNaC4tML1DjF72l0FFnOkwdizgiOxTPtbZ+G/2qxrDVXW0uR63ogJ4TFx7G2+6gepS+j+KXLPZ4O67rZ+m31JUN1EzEar4qLcQ0LpVwfylM74Ff+ui02elCDhm5MaN7ezbpe6TqwTMpQj3UaZlwS4VDYoMAQnyPFHxnH2WS8+0PAG/Ym3vIH2W3eM6l+s4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(39850400004)(396003)(366004)(346002)(376002)(136003)(451199015)(53546011)(122000001)(38100700002)(6506007)(166002)(86362001)(33656002)(38070700005)(7696005)(76116006)(5660300002)(26005)(186003)(71200400001)(66946007)(66446008)(316002)(9686003)(966005)(64756008)(478600001)(66476007)(54906003)(4326008)(110136005)(8676002)(52536014)(66556008)(8936002)(2906002)(83380400001)(9326002)(41300700001)(55016003)(66899015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /Het6vm2L0UfjEc7STlj0NSC5+A082vjBFA3mYr2Dqz666sh8RME10Bc2A8aUJVTgB4jX/0mR4qBlYxVvLM5f/hy6o5xbZ3+RpyWqVIxL/H4YsPQNj6y7BEh4q4pY3xqldkQow4dGAWP4A+2ChUYj5U0xitjgRcVci6vwFVdXoF7KbDThuqBlH7mDdFyD+4YNX/YYTacoUqWJFb7GOYV4JWEU2n2q+tbWCDf3Mq6WJ0kPRhMvgww1diiW969SgvEvfj3YlVYCrGXCHZOnCgj/Jj0CR5bLrBwIFjwRf64tPViqk2UKxRxcU5bw59XU1/5LLBIeumiCQc9xpBTQM9ReArZB3kqN4abwI3//gmThrN/Ueqs1qXjkvE2GM4257HuWSXhKDN8Vr/VhMlvkLJK0yvHA/CUJPeaxyneCG/i98VIr9brGHvjB1fxH5lbJWCMcizZ3jP9W8dtV56V7Bwm/yRVs9zyID99mTAiPjwBR9nN8B9SL6cZgakueXbAOQZm0VvHs4+JshFyp757rCvJndKNaafJBxPvPxAGHGIu2878lM27W57iblCPbZLmQdlvCrZQkwB7PUl9caLkdxIc+8XtcDqAy1gpjjvyaiIKJEMro+vsJEc3otiPFA3Pm5GZ3sWj4ID8mlufcL3uysQl9Tc7ZcgKh+XV64S91MgBtf0+YzYTCATgdNCiTrX9842v0QE3UUcUArD7sAnKDmY0kQs4NqiXF1t1tqQnZx/cB+bWN0c4rxe2RkEh8atJg/IkI1AqMpf4Zjxc/efTS0PxJSMwST04/U0T+UdkAsl6rV53YjpjTlbl7cInLGIOkBr5Gqhy2Sw/0CACixQ5GbEu7/nphcYO0EI+HUB22ZZ215z/POfguASg04f4xFPmIlr3iWkL1Vw40WBe2jjsfAPUzoE4ZgH+E/gqLWcTaXTbVtrybUKGM05kFAt6CT39pOsmJL+qrsxgv2xpKFHBKGhKssViqlCFKv2lbQOoM6bbha3NUTWbjUim7QJ8aexLi6yJJPcO4uCO/yB+VlqTxwE4I/mk7QYCU/hZRC4Jl6Bo1HQjWLUb9SKlRh/hjcUimEDzHGzfKsYXSxjJ7ggjvao5PpguZCgfodouA+8y1jwCxS/QCAEITdJQ4E8YKeJjm1auSuFpjmd9byUiMza1r984by4HaFDYK7T5LvdDc1Nv/UeJXD8eAwmbUR4YRn3OEOCqnHGjsqKbQFzt3jVTQwLkt1i2+wyVy8jgKZzsVMoFzePIT9I1H56agTfD4iM42F3RGegW6FPhzAqERgTgxZ2YfSxAlxJutqUHHQJPbsgED1RIO6zQmEFmJKDoZn5GIp6HzADQrBM8A7Eita9MwyV0giMVj8xg34lY10JD8IsDVdQ2Jdb5J1iaLseKv79Ih7L/L04HtUczfCJbeyQYhSx42orGdeLyAEyiRELaMaenoiAgyIC8CcZ5J5Qkb/ohbIJM3Dn5RYTUksrM598MAAJNMhtZ9VSv84xjl5u4x/9i+dVmCTDVY80LDHT1gqpelcPa0eTs8Me3eO9u0v3ZSZb+PehjYRiiI6efSKWqxd7FVPV6m6gmND0G4EpD0FprD4PV
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739C43F55F39B5A5438FDC09F0C9CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 92b67763-3326-49d3-f81f-08dacd5e1fbd
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2022 14:22:16.9041 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fk8NPKW7l1A8lOrwRvze3Z7znSukTHb43DsHyO7ufkJLl4S8xJ4ueFeoddzJWpxN5214OSfiFxbbVIaZcYHhi+UwcosxIiEEpGkHYyGuajk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4722
X-Proofpoint-ORIG-GUID: Y8kYgseOnnUYzQCeA-1G5hdXE1Vo9Tn8
X-Proofpoint-GUID: Y8kYgseOnnUYzQCeA-1G5hdXE1Vo9Tn8
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-23_08,2022-11-23_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1011 priorityscore=1501 impostorscore=0 mlxscore=0 suspectscore=0 bulkscore=0 malwarescore=0 spamscore=0 phishscore=0 mlxlogscore=999 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211230106
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Kps-B4Kc5rui5ZpymmJ53ebIDnc>
Subject: Re: [lamps] [EXTERNAL] Re: Do we have a FALCON draft yet?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2022 14:22:31 -0000
Hi Markku, For a FALCON I-D, we’re really just looking for something analogous to Jake’s draft-ietf-lamps-dilithium-certificates-00 (and I saw that Jake even offered to co-author and give the same template). Some placeholder we can adopt and start using as a cross-ref for other drafts trying to incorporate PQ algs into protocols. draft-ietf-lamps-dilithium-certificates-00: There’s no actual algorithm details (for that you refer to the eventual FIPS spec), it’s just OIDs, “DilithiumPublicKey ::= BIT STRING” and a few PEM samples. --- Mike Ounsworth From: Markku-Juhani O. Saarinen <mjos@pqshield.com> Sent: November 21, 2022 6:08 AM To: LAMPS <spasm@ietf.org> Cc: Bas Westerbaan <bas@cloudflare.com>; Mike Ounsworth <Mike.Ounsworth@entrust.com>; Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> Subject: [EXTERNAL] Re: [lamps] Do we have a FALCON draft yet? WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ________________________________ Hi, I have been looking at possibly preparing an I-D for Falcon, but the technical details are currently in flux. I've been in contact with members of the Falcon design team, and I hear that they're getting around to revising the algorithm for standardization (my understanding from NIST is that they will try to get the Dilithium specs in shape before moving on to address Falcon -- this is private communication and not official.) One of the issues is that there is a yet another twist to message hash processing with Falcon (surprise, surprise!) Falcon spec (v1.2, 1 Oct 2020), Sect 3.11.3: "A Falcon signature consists of two strings r and s. They may conceptually be encoded separately, because the salt r must be known before beginning to hash the message itself, while the s value can be obtained or verified only after the whole message has been processed. In a format that supports streamed processing of long messages, the salt r would normally be encoded before the message, while the s value would appear after the message bytes. However, we here define an encoding that includes both r and s." For purposes of, say, PKI formats having the concatenated pair (r,s) as the signature obviously makes more sense than having the signature in two parts. The second issue is that SHAKE-256 XOF output is used directly. Unless this is changed, Falcon will be yet another case for API architects to consider: 0. For classical (PKCS #1) RSA or ECDSA you can just hash a message and pass the H(m) to the signing function. 1. For Dilithium, you prefix the message "m" with a hash of Dilithium pub key tr=H(pk) and use that as a prefix to compute H(tr | m). You don't need the signature to start verification, just the public key (the "tr" hash can also be found in the private key). 2. For Falcon verification, it's different again. You grab "r' from the signature (not the keys) and prefix the message with it; str = (r | m). If you're singing, you need to throw dice and get a random r before starting to hash the message. But that's not all; HashToPoint() function uses SHAKE256 XOF output directly -- there is no actual upper bound to the number of bytes needed (albeit statistical ones are easy to work out.) One can also pass the entire Keccak context (200 bytes, containing the prefix r and the mixed message m) to the signing/verification function. This is a compatibility-breaking issue, unlike the randomized vs. non-randomized aspects of Dilithium singing. As the Falcon spec says, "Of course, any variant deviating from the procedure expressed in algorithm 3 implies that the same message will hash to a different value, which breaks interoperability." This will have to be addressed by the design team. Ps. I agree that eliminating potential timing oracles from the current Falcon is trickier/costlier than with most other algorithms. Masking and other electromagnetic (DPA/DEMA) countermeasures for hardware implementations are even trickier -- as required for platform security, smart cards, etc. Unless there is a major design change concerning floating point operations in the Gaussian sampler, this appears to be an "inherent" security consideration for Falcon and, indeed, needs to be discussed in the I-D/RFC. Cheers, - markku Dr. Markku-Juhani O. Saarinen Staff Cryptography Architect PQShield Ltd M: +44 0 7548 620723 E: mjos@pqshield.com<mailto:mjos@pqshield.com> W: www.pqshield.com<https://urldefense.com/v3/__http:/www.pqshield.com/__;!!FJ-Y8qCqXTj2!fXA4XP2j3VQEc8U1SLV5jWto5dHzBceAeGEdCmu8nAL-Nja4k2a31AdCmt2j0Z15yA8OWvoSHf4V8D9I2qY$> On Sun, Nov 20, 2022 at 10:13 PM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu<mailto:uri@ll.mit.edu>> wrote: Completely agree with Bas. Regards, Uri On Nov 20, 2022, at 07:14, Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org<mailto:40cloudflare.com@dmarc.ietf.org>> wrote: Not that I know of. If someone picks this up, may I urge them to add a warning to the following effect in the earliest draft. The Falcon signing procedure is difficult to implement in constant time because of its use of floating point arithmetic. By default, it should be assumed that the timing of the creation of the signature leaks the private key. Thus, without careful consideration, it should not be used when signatures are created on-the-fly such as for TLS handshakes. It is safe if floating-point emulation is used (which comes at a performance penalty) or a (custom) FPU with sufficient constant-time guarantees. Verification does not use floating-point arithmetic and does come with the same concerns. Best, Bas On Sun, Nov 20, 2022 at 12:56 AM Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:40entrust.com@dmarc.ietf.org>> wrote: For completeness, we also have Kyber [3]. [3]: https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/__;!!FJ-Y8qCqXTj2!fXA4XP2j3VQEc8U1SLV5jWto5dHzBceAeGEdCmu8nAL-Nja4k2a31AdCmt2j0Z15yA8OWvoSHf4V4Idsg14$> --- Mike Ounsworth From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Mike Ounsworth Sent: November 19, 2022 5:53 PM To: 'LAMPS' <spasm@ietf.org<mailto:spasm@ietf.org>> Subject: [EXTERNAL] [lamps] Do we have a FALCON draft yet? WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ________________________________ Hi LAMPS, We have drafts for SPHINCS+ [1] and Dilithium [2] in LAMPS. Has anyone started one for FALCON yet? (I need something to cross-reference the composite draft against) [1]: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sphincs-plus/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-cms-sphincs-plus/__;!!FJ-Y8qCqXTj2!fJ0iZFzue-XVZBbJ18itKI-6e6y12C3g-v1B6dzJyGsg9sgUnSr-uGDYsyjTI-fvpuSJoWVhNP0h3vCR5xxUkcbW4I-VqfjlT2DqrQ8jQA$> [2]: https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/__;!!FJ-Y8qCqXTj2!fJ0iZFzue-XVZBbJ18itKI-6e6y12C3g-v1B6dzJyGsg9sgUnSr-uGDYsyjTI-fvpuSJoWVhNP0h3vCR5xxUkcbW4I-VqfjlT2A2XHyKVQ$> --- Mike Ounsworth Software Security Architect, Entrust Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!fXA4XP2j3VQEc8U1SLV5jWto5dHzBceAeGEdCmu8nAL-Nja4k2a31AdCmt2j0Z15yA8OWvoSHf4VN94LDK0$> _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!fXA4XP2j3VQEc8U1SLV5jWto5dHzBceAeGEdCmu8nAL-Nja4k2a31AdCmt2j0Z15yA8OWvoSHf4VN94LDK0$> _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!fXA4XP2j3VQEc8U1SLV5jWto5dHzBceAeGEdCmu8nAL-Nja4k2a31AdCmt2j0Z15yA8OWvoSHf4VN94LDK0$>
- [lamps] Do we have a FALCON draft yet? Mike Ounsworth
- Re: [lamps] Do we have a FALCON draft yet? Mike Ounsworth
- Re: [lamps] Do we have a FALCON draft yet? Bas Westerbaan
- Re: [lamps] Do we have a FALCON draft yet? Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Do we have a FALCON draft yet? Markku-Juhani O. Saarinen
- Re: [lamps] Do we have a FALCON draft yet? Ilari Liusvaara
- Re: [lamps] Do we have a FALCON draft yet? Massimo, Jake
- Re: [lamps] [EXTERNAL] Re: Do we have a FALCON dr… Mike Ounsworth