Re: [lamps] Hybrid-for-the-sake-of-security, and Composite vs Non-Composite

"aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov> Wed, 10 November 2021 18:51 UTC

From: "aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, LAMPS WG <spasm@ietf.org>
Thread-Topic: Hybrid-for-the-sake-of-security, and Composite vs Non-Composite
Thread-Index: AdfVsjPJvhmRyNYwSd+PO+jOYyc/rAArT1E3
Date: Wed, 10 Nov 2021 18:50:48 +0000
Message-ID: <SA0PR09MB72412AF3E7DDBF2EA66179EBF1939@SA0PR09MB7241.namprd09.prod.outlook.com>
References: <CH0PR11MB5739E8891ABAE189998D03859F929@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739E8891ABAE189998D03859F929@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
suggested_attachment_session_id: d7802686-f4fd-d427-2bfb-ba7c386a6fa1
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uwe.nsa.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c7bb5ad6-d583-4295-29e5-08d9a47b0308
x-ms-traffictypediagnostic: SA0PR09MB7081:
x-microsoft-antispam-prvs: <SA0PR09MB7081871649E814D2DF13E458F1939@SA0PR09MB7081.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9PEOrKI8wi+oP54849BWdOj35XgP9Fx6sxIEkjy3ADWQVWI3zeEekK/QDd2CsgcGcqtN53gN00WjLJuceNSq2gUjnqZpgnpNB3lrYrosIWubR3ELIWiQKpejjez1BRVHG447uVrNhfWNHNXcNRziGAC0hJwX07Wcg/TeSn0uLc6PMIOHEHx6u/2oonvgHUqpv0FfGQ9DoCqP1WyhnP6oOCi1hOJ3OcZyjbQ+uj8ugR+cE3dlegt4kUt1YwNNPTNUv7kjkHs+Y2TLAhkTTZ/f9c59jigmjWnq7p5ghLgCbNn6pbThk8M7ccoJyjA+Xxi4lynIT9wfF4v0J0jxkWGBkIBpaKYM6Twn1HvaE5gw5xVegYsktYw0FGgV/k9lYaa4TvSQT+6xyoaicEcK9yZ2w4M+TemTxbtdLHa4OGboOWPjyoWC9AupjQ1BesrarQWGf9kSde578AL6Hcuok0o3HBGOpm1EAs2LCvJBvhHjJ7oUFYnV41W5ffxtj93vPing3Mub8Z7lrsVC/UuhHmuTANsnfhLxo0WtJs6tYhLGeJghDD/j04ZNYkMNZ+j7NyaMtjbM6SVTB6Q/+4RwcY5fuGxgx7UOx01U1FiAw0msECKEowKFcyOsNyDOtijGdLy7yXEPFb6kN8Z4e8pqgKV/2Op/a9jZtyAjaVckHo0sPxArBR9gemT44MwhvIXzY/dQBCRhbhaboVLbv2Vez5jgDYoRAnBNWLOVZeVfFZOzBZ8VMD+Ylr2L01JfFyW5MJfLYTxicYcko7iT+49IuaTesQ/ZOYd7pnKput2+u9G91t4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA0PR09MB7241.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(82960400001)(45080400002)(5660300002)(7696005)(186003)(15650500001)(166002)(26005)(19627405001)(52536014)(8676002)(76116006)(91956017)(55016002)(6506007)(53546011)(66946007)(8936002)(9686003)(83380400001)(110136005)(66556008)(64756008)(66446008)(66476007)(508600001)(122000001)(38100700002)(2906002)(71200400001)(316002)(66574015)(38070700005)(86362001)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7kBa2TTAENMTP1ZibzLV43egJsEdKOOjQa72lCZ4G6VgmmHztofMM5x40/NZDt+/dk0DTi/2OdbojupWq7kzZPpkW4YxaWgCXiM40t6YA5NeFAYlBSfvbSe72x/hrpxuf5Lfs8DvsbyMM2HnNdbrsesoa6JKBpwmDEdxp05gU94mZf/aPGtT/zNmMU3VDf/XN+aX8QO6Fjdp1G2kekLiIXuAEG2sXbyRu6KQsbX/u1d0Zrvk+Zg0SoCe07itk9M2pJiTuYixAlBZFfSLKvOZ+QSY8g243D3mprhgfEPp1rFSxgYtogtJ1f21Jcvh44GUlRhT+yFB9pW2XELSHaR//A71KvNIF8Y9BhPHdllQSZQxBTsCHIhWFIsxKZcUSOQ/QIvhQhlJP6Hyz/JfizaWUJ+lc5IuNlwa6epAUB5mbW7bg0aMpm4voXQfw77bxRSpQ55zoH4BAodKjL4MJJahy43d8/Nj2VZFULRyLm+uFFDLXOH7h6dQvi4p/etVd9777r2a140c7iKF8ZAOoiQ9mcOO/J+z6aAvT3o6p0d5DsVl8hg+DEEfOeUD5B2dluyK3oW9mIH6XZ9xzLSp3uJSFvY0GMCebPkVi5ZnTJhs5EVjyEQilZEfTQ0onLgNYA4JOHAYtc96o3mThu72DJAJWjh5SZtpOiuEZakhc49EK0gBckkKrkq1frSpUxRGdm74Yw89bo1G9DuX6Kk22qx0uMIvGT3jtm+MVM9BMfmWmmauyeeOcG5rkK21AWYhSGuHtl9wFkAfTqvuB73bBn8Iie2sszHkGRazS+8yOFou4CzdzhFCGEN7Gozhqd9Z8DrWOHMIiO91V2jI7lPF2ZpLycRtEzzyQLCI4TCcZUaS1DWx4wQS96Dx1M3WIuCsqQVBwvZ2Ltqxe3wk/ua4MyPfrxs4XhUxPYmMQ5KnNPPn7PBmoNi2KLqKK1SshZiah96J9G9bGIMyI2pxMVj+OGQcMnZa7VjYMTGU5j2KJYGHag+k0l8GZJ9q/JZdszZ0aZolRnr/yKjwZuQnwYtwuMtOVvjeJPWYNcLjPSFMaMpfz5w4oCSynnULXDB8HZCdMu/mCkbNZgExqblfgoZjAxAm/+Me/10xvECdUEtRWYMyuk68C/FYGEVs3gQCWvmckAuZQHiNQwvBb2/RHv9rflGmQGy3r9al/izfi3+Yp42B4Ka1E6LZZAOxbxnVpDygHdHioCqm6rsoMZ7VuRIt3U4+2PTOdiE/4/5tInlHXndzemyDgtlEzF7tDcVYykfDEUsLINxp2b4na4MPJIZVngJMraE5/vhBq6IqGMAFlgdilgk=
Content-Type: multipart/alternative; boundary="_000_SA0PR09MB72412AF3E7DDBF2EA66179EBF1939SA0PR09MB7241namp_"
MIME-Version: 1.0
X-OriginatorOrg: uwe.nsa.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA0PR09MB7241.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c7bb5ad6-d583-4295-29e5-08d9a47b0308
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2021 18:50:48.7917 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d61e9a6f-fc16-4f84-8a3e-6eeff33e136b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR09MB7081
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/McksDhejGgJJ6xG617FEWLbBq0k>
Subject: Re: [lamps] Hybrid-for-the-sake-of-security, and Composite vs Non-Composite
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 18:51:01 -0000

Hi Mike!

Great to hear your feedback! The quantum-resistant algorithms resulting from the NIST program are well-vetted, and NSA has no concerns in this area regarding their security. Based on our analysis and experience, NSA has decided that the NSS path forward is toward strictly-PQ solutions, and thus we require flexibility in the architecture of hybrid protocols. We understand other users may have security-based concerns that are satisfied by using hybrid solutions, but we believe there to be no difference between the security of composite vs. non-composite solutions. Non-composite solutions can satisfy those concerns, as well as provide built-in interoperability with strictly-PQ solutions.


As you pointed out, implementation errors in current cryptographic algorithms are quite common, and the statistics you provided on CVEs for 2020 are telling that issue is prevalent even today, with well-established algorithms. As such, if implementation errors are your largest concern, doubling up on algorithms introduces a larger surface for error.


I will emphasize that our non-composite approach does propose changes to existing protocol logic; however, in most instances this is primarily a matter of duplicating existing processes, and not introducing entirely new structure. There will most certainly be varied levels of readiness to PQ-migration, thus a strong framework that allows for strictly-PQ implementations and inherits straightforward backwards and forwards compatibility is necessary. Essentially, there should not be a conflict between migratability and cryptographic strength; we want to ensure a flexible migration environment that maintains crypto-agility.


To your question regarding use of composite and non-composite certs together (i.e., EC and PQ in the PQ cert)- it is an essential characteristic of a non-composite approach that the traditional and PQ entities are distinct from one another. The idea is not to alter the existing structure of the individual certs, and avoid adding complexity or altering the signing or validation process (other than the required alterations for a PQ signature that both composite and non-composite approaches will require). If the protocol is validating both certs, there is no need to include a traditional algorithm in the PQ cert, as it has already been included via a separate certificate.


Regarding offline protocols, we agree, and we hope others will also participate!

Cheers!
Alie

-----
Alison Becker, PhD
Center for Cybersecurity Standards
National Security Agency

________________________________
From: Spasm <spasm-bounces@ietf.org> on behalf of Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Sent: Tuesday, November 9, 2021 4:38 PM
To: LAMPS WG <spasm@ietf.org>
Subject: [lamps] Hybrid-for-the-sake-of-security, and Composite vs Non-Composite


Thanks Dr. Alison Becker (Ali?) for the presentation on your framework. It’s great to have some independent analysis here to guide the design discussions!









Point #1: Risk model:



First, I’m struggling to understand the risk model that underpins your second slide, which gives the conclusion that hybrid is not for security; only for backwards compatibility.

Could you please expand on how you reached that conclusion? I’ll explain how we got to the conclusion that Hybrid-for-the-sake-of-security is highly desirable.



I understand that by the end of the NIST “competition”, theoretical confidence in the winning algorithms will be high. Theoretically, in a perfect world well vetted algorithms won’t contain any overlooked weaknesses, and standards bodies will produce precise specifications that everyone will implement perfectly. In the real world there were 18,000 CVEs filed in 2020 because somebody overlooked something in an implementation. Once there are FIPS specs for the PQ algorithms, how many open and closed source implementations will we be written? How many of those will have buffer overflows or timing-invariance issues or other bugs that can lead to key leakage, plaintext leakage, signature forgery, etc? How many XMSS or LMS implementations will have race-conditions or poorly thought-out backup and restore procedures that lead to private state re-use in some bizarre corner-case? How long until we stop seeing new CVEs in both PQ crypto implementations and applications that (mis)use them? If Bleichenbacher’s oracle attack against RSA PKCS#1 v1.5 padding can provide a historical example, that was published in 1998, and 19 years later, a new research effort (https://robotattack.org<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Frobotattack.org%2F&data=04%7C01%7Caebecke%40uwe.nsa.gov%7C2085a7745f0e4bef456708d9a3c964aa%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C637720907660242488%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AQV8kEurJB5P9zxzkCAjD78pYI9Wm657WNNodWc7MuQ%3D&reserved=0>) found a pile of implementations that were still vulnerable because implementors (and many of the big-name ones) didn’t follow the spec perfectly.



I guess I’m arguing that Hybrid-for-the-sake-of-security would increase the chances of closed- and open-source PQ implementations getting the maturing time the time they need without a devastating breach in the meantime. Expect bugs, design in some defense-in-depth to give us time to patch the bugs that come up. I think dual signatures and hybrid encryption is the optimal place to build in that resiliency.

And yes, I would propose applying this equally across PQ algorithms; just because we like hash functions doesn’t mean that SPHINCS+ is immune from implementation error, and strong hybrid modes would also mitigate the consequences of bungling the state-management of your XMSS private key; yes if you produced two signatures with the same state then you would still need to revoke it for key compromise, but with a layer of EC, you would have days – weeks to safely notice and take action as opposed to hours.



I also understand that backwards compatibility, ease-of-migration, ease-of-adoption, etc are in fact security goals themselves (fewer reasons to stay on the old broken stuff), so in a conflict between migratibility and cryptographic strength, migratibility wins. But I don’t believe there is a conflict here; I don’t believe it’s Composite VS Multi-Cert; I believe the two play harmoniously together, which brings me to the next point.









Point #2: Are composite and multi-cert competing or complementary in TLS and IKE?



I would like to clarify what I (speaking for myself, not necessarily my co-authors) see as the posture for composite public keys, signatures, and content encryption:



The point is well-taken that negotiated protocols want full flexibility to negotiate and don’t want to send large PQ keys to legacy clients who won’t use them. Really though, nobody is proposing doing that (at least not since draft-truskovsky-lamps-pq-hybrid-x509, which was abandoned in 2018).



I think we’re all imagining a similar thing where TLS servers are provisioned with multiple certs, for example an RSA cert chain + a PQ cert chain; runtime negotiation gets to choose to use one or the other or both. The question is whether the PQ cert chain should itself be composite, ie PQ := {EC, PQ} to protect against the cryptologic and implementation risks that I outline above until we have confidence in both the algorithms and their implementations.



So in my mind composite and multi-cert are complementary: do multi-cert for backwards compatibility, and bury an Ed25519 inside your PQ cert for good measure. Given the size and CPU of most PQ algs, you won’t even notice it’s there.







Point #3: Offline protocols

As mentioned in the LAMPS meeting, I would love to see your analysis extended to cover offline protocols (aka non-negotiated, or what I think Russ called “Sign-and-store” or “encrypt-and-store”). I propose that good subjects for this analysis are: the Microsoft X.509-based code-signing infrastructure, document (PDF) signing infrastructures, and S/MIME infrastructures.



For this section I’m going to assume a risk model that a code-signed binary or a signed/encrypted document has a security shelf-life of 30 years, during which time we can expect RSA to fall to quantum computers, or the particular PQ alg used to have a bug found in it, or both (though the “both” case is a bit hopeless unless you want to go to hybrid models with more than 2 algs).





Research / design questions for offline use-cases:

In the signing case, how does a recipient know that there should be two signatures when it only sees one? (aka stripping attacks, assuming one alg is vulnerable to forgery attacks due to the above risks).





With PQ hybrid content-encryption (I hate that PQ has overloaded this term.. maybe “multi-key encryption” would be better?), the big risk I see is that it is not the key-holder who gets to decide security, but the sender. Ex.: it is not responsible-disclosure@megacorp.com<mailto:responsible-disclosure@megacorp.com> that gets to choose how its encryption public keys are used, but rather the mail client that whitehat.dude@gmail.com<mailto:whitehat.dude@gmail.com> used to encrypt the super-secret email. In fact, the recipient doesn’t even know that somebody is using their keys until the encrypted content has already crossed the internet. If we’re proposing a multi-cert model here, then how does the sender know that the recipient actually has two certificates that are expected be used together? You could imagine cross-linking certs (or CAs) with some kind of extension, but A) nobody, as of yet, has proposed a spec for that, and B) that would count as new cert verification logic, which I think goes against your “Non-Composite PRO: Computational processes remain unchanged (but perhaps multiple iterations)”.



I would love to see your analysis framework extended to cover these sorts of long shelf-life non-negotiated protocols because these are the ones that I feel benefit the most from composite certs.



---
Mike Ounsworth
Software Security Architect, Entrust



Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

[lamps] Hybrid-for-the-sake-of-security, and Comp… Mike Ounsworth
Re: [lamps] Hybrid-for-the-sake-of-security, and … aebecke@uwe.nsa.gov