IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: PQ-composite OR or K-of-N logic

Mike Ounsworth <Mike.Ounsworth@entrust.com> Sun, 01 May 2022 17:27 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20515C14F73A; Sun, 1 May 2022 10:27:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tljjIOg0RX8W; Sun, 1 May 2022 10:27:06 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EADD5C14EB1E; Sun, 1 May 2022 10:27:05 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 241HR1Ug024613; Sun, 1 May 2022 12:27:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=+jqzq5fIFCEP7W+YcdoUnXFL0Aqny3Z1PZilsGDvhpo=; b=MYFg1rZVDAlhIJ25PhxGAwP0KWuk6uboUMJkztUAIiPObUhlvMsaP82s8KaTlcCYpo4u 4x6gULv2BO6RnS9S7Tkjb4V1hyOhFrf0aYiQQV+/nGZqdybYE36DyKzzBgCegVcplaZ/ nUik4/NAVTPz369htOKGYMJB2Rdp1HY8EAEjulZU2hgavnj/UPApa6+os7Pt2oGheRnG omcwEgv9/vI77sRTTkqQrRn8a2hf4q+lGbHmwX+jKogyWiV6tkY9sUCwY9hKNJ2axrxb K04tN7a4wzXHWIjhmocnQOe2PEPuWANBL4jfVKCj0PjDb+Pouzike89ao8y+LeATVbXC 8A==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2174.outbound.protection.outlook.com [104.47.57.174]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3fs03njtyh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 01 May 2022 12:27:01 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GLVYn1n9XcEOR+Ir7y5mW5gLUADrsJPQSOYe3h6zMwrRVEUnI/+05rLQfUnXqz/xCu+mY3QwHxDFyjYqsEv0WnExhNwOFLyAGBLHdqE4i2pSGkpA7Y+48hMM3g5vO9Ys/zCWgM/VKfY2OTvwG7d0SutxOnwbg3rCV00iHQsXanax87ir40A3UcR9gPLQR0N1I9JbMjMK3UAQxOTHYBu14DaB0dwnTU5ASptHPjehGcVOq3YncrTtlVzBOqsJc9IZsidefjGgoyl39HkQ7BUQS2H9jLl10W5UbhpEqiY5yIdHmPKFyC+h5FmEY85uB/ZzXNHbIXh1Bzjwxxz3EwVC7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+jqzq5fIFCEP7W+YcdoUnXFL0Aqny3Z1PZilsGDvhpo=; b=HcF80N0gJL8wcsREqexUWbH16T7YqLNo3ZMG8WA1wcXwFcLhSOz50bZBfNG2LCIsc61c3p0UgK2lRIVGdivBCweySpsP+j59ycCkCG2PZZlRTUaTtVg6SXNKM1SH0IJsAChJRwhOEfsu+odScfaaH42SCvTd34Rkijq+VPvseG4Cm9FupLpCspEHpXtDPMYcyOfMA/lTbKuZn3yVrAhlk0bH8ZrdDP+I6rMl5iBGQexFmdvMDD+XbJrhIrilmyRgZ7iYSb5Xj1Z0nLJFJEcxLul5c4Y4fzwqE2LJzbGT6bjVyq4rssBMkKIFbSRkEKoSq6ECtv0uyNwxLrB2lzGFLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by MWHPR1101MB2144.namprd11.prod.outlook.com (2603:10b6:301:51::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.15; Sun, 1 May 2022 17:26:58 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b92e:47ec:21f6:b602]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b92e:47ec:21f6:b602%8]) with mapi id 15.20.5186.028; Sun, 1 May 2022 17:26:57 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, "\"Klaußner, Jan\"" <Jan.Klaussner@d-trust.net>, LAMPS <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] PQ-composite OR or K-of-N logic
Thread-Index: AQHYWkEMfwAhOkSIf0yFgX5YyaBKCq0HDhGAgAM2c3A=
Date: Sun, 01 May 2022 17:26:57 +0000
Message-ID: <CH0PR11MB5739E392E0DB4347B9F0ED6A9FFE9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <f2fb2b2459fe42818348838eb14cc2ac@EX13D01ANC003.ant.amazon.com> <1312273.1650733310@dooku> <ca18a6bf6cb74756ac942fb514c82d78@d-trust.net> <F24836DA-1304-4379-B91D-BBB4F012A888@vigilsec.com> <6cff3100963349cb8399bbe853e2186f@EX13D01ANC003.ant.amazon.com> <14588.1651247617@localhost>
In-Reply-To: <14588.1651247617@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b13d9813-3696-43fb-30b0-08da2b97cb5e
x-ms-traffictypediagnostic: MWHPR1101MB2144:EE_
x-microsoft-antispam-prvs: <MWHPR1101MB21440F1B654D91699ACDCF149FFE9@MWHPR1101MB2144.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zAHkyPGM2vgfIZuqopcSn+6XiPIdYVVVX4zgLkx0q8roitfIC8HWM69RLVHoR232ZykVZpSQrI8OhOuCv8wV36gwXgEzaBvj8QWMOWvCWJf8BHvqYijqeAoWgNgB/gK71bym9vH3DKBHpzv9FdHVFgqrXoxZ1qoQtGiigiAqwgmUWLJn3iLIaOc7GeB6+mTPP4w+4qNt36pKpGejSK2IDGc4ZD01+f58/TPi/PT26yTiNkFvoUK739Z3dRn1kwcl7Cvk/eSfzdKdfGtRRAsHM8fu1YluV3BlVFwCYtrL+fKqxZMD9HvKxa9nRq8lT4iFBTDwgAwXEroTOZZ/fvk++Mm9AF070CNY+Z5Tp83Db1ZK2IIp6vMS2hKDQZi6SP00DtDQ1DC8Htw6mvzeafjfzMVkfkmePlBckZEYyDQc6G29DCl/uQXJKQhIqz2lDG3qwE8V6o5Y3yBNvDUZMmVnsvpM66r/G+SAQI8wVzK9MD0w0UknvisPJ0D6KyjlxaWHcXJtLHjv2e20DHsQrNlVK5FneYZS8TxUL0SYABkS+lwkLw+UJMcMbxQvPSE4c5MV5fb1ql3AS+B+Jzf13sA81oNA4ppUuIbTGTtkqHI3rZzhmRbovqTkIyWKDEOT+F2afob7pN0W77n4E4tc8Luc1O/R6lONCR8VFb89LyrO5mzRSVvVzubsZlGLkfoSw+f1f8Cefh1ywTmAcatcOHIsnQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(38100700002)(38070700005)(66446008)(66476007)(64756008)(66556008)(122000001)(66946007)(76116006)(8676002)(52536014)(8936002)(55016003)(110136005)(5660300002)(508600001)(316002)(2906002)(86362001)(71200400001)(83380400001)(66574015)(33656002)(7696005)(186003)(26005)(53546011)(6506007)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kwCiaauhwCI/uJll/1dRrUSErPMG9o2FTOkK2xL1VzENt7+UKjCmo3vxml0ttlSXmxRxjvZBlvlm9Qqma6sEZgvbNGEdIn9kaoUtIvofdqG0FY9fIaE6JMN1gwLwC3KLQzDxzJFWBFEyDAQHCJW8K+jVKtOYgOIAQZoYaM6K/zrxiPfjoJjekiKTE7zISvnXoOim9B4dlIQ2MxIXk2fQBkyudRPEBkb9lhPw9PFLFqzGDoO2YYQ3NJGaRWFbdkwBwkZ60GIuWpTTOafOputlxAzh5808YS8PliC+4nIwRcdWL9QZwGTy9hL3WOjQDSPF2YzCbEHCxy0UO/0W7YngbzWCR7nfrJz/2ZA6pigBDxH6EWvL6wTDkMMf/CTxlUjO4SfHSBHmqT8AqfWyHuin1yjvObni3JZNAaYfrYT1CWwyE9xqM3pKLTkuRKJt2QdX0R3HJoLF4iy+z8qXyz9UnCnx9n2MavBHR/vVJZAuk42ZyigS3yBvf2tgPpjrORRKG8wu9QIr/qieSOXyyubXk2yHDAQ5pH4tjFdy5BCLxP3MLW+enjsjJz3xv5Qq6Vfp3MfeJJBMBY0ZU5m4zUa1Uczo+K/FNRb6yAKiDINX9apePVZ7Wbm0wXh9IfovuMwNNu8WmnXhZvrH/mdI20gsxbTnCE5Em88kNITIyeSq+clDRXNAu9MOPxAEOda6OzT+YyAJO5fOMceJWi4Bm6bJftwx25V1rrsbs9/qsgYzol62CVz3G3bXt8ySV0CeJdncADyJSYQs2PYLrZ8mXkfA1LYPAUO37B8KfoZ6D1odja8SMOQ+Zl8vj+lDdts4hDhJ1X7pwhgkW5nh+43OtdZrfb6gMG2giaa1/DScf9cs24fWT1mXsccHIZu5TYqw3HXh0A+CiyyImUz19LVKIbetLPBPcTW3w63P3QRVUiZh8emW7yXHcA1W8S89rEmJhQS+SnBb/IIgG8qM0lZFk9OerubNh+YTM6VbgTgIMXhVOpZNgvOMT2hwZetz72oS274+UzFfH8wSoQCQ/b6Pn/40MUnROiHnq+QsQWXXFNUNyDegJVocoq3Ez34Qcetj3I8H6b2w6pcPMMyagReAHrBERhe2XUVnCkqyWMVj8fnEa3wAOa396IcGwM5XCZQIilzMfb/eFbXJw+Ovn3VoWlNbCzBokSGeb3FkueHixcM1q2JLyuV4xz60SK63gkNScl5mN26U2uir3Nm7c5J2m4203ris0fXPoE6GQR9eTLbS9/69PzNc8wnROtvRXsUMA/Ql2bIb1D88NkBFpgwvHK+2jMZWbAtbFfjSNrdq6dbhU4ElZu2NfqOdAYHN5NYeWDYTovkkYbkbPYF/J18c5pW/4gWTLe+FvqIdjwm64OWpAwD6TRe8i2keBnKGBgQCwlwsI5+XT9mRQ2Zr5iY0wL//6eeGQozqRZ6iFILYtGimvdi0qQPmUURpCFyeY0buUxQh1HDZF7DAE/vdFxu+lYNN5GUOodODiC6X3JLAEJNSxZxv9BjkacGr9gJaPINlyzTrspROAmgvZg17SjJ0a+AT06T2cpKJxW9mY+Ts1VROzq2V31j1JmCLaPqGDZiL9ZTyhCwZqQWx0s0rZ5ry5JO55WbTO7BkxKHDbyc5X5fnrM24JoWhun4wNKBj3ywFNjF04b7Puu7Zojwu+GjxDQetK59wmQ1GZFATUmZf4yObrBRZCMGuI4awurgQYH7VoR2jQLHIhvLKfxzA453eDwDg/hNnZm0CbM06c/+uBZ/N4jE=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b13d9813-3696-43fb-30b0-08da2b97cb5e
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2022 17:26:57.7882 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q1ujul3GWcZ9F3EH/K0hRi1El1Zup8F4/h1Wolc6Q4bgLuLDZppAnHoq7hckwNrTxX4drHzoIe7TAEDLLV0ZegsDWQxfdiIAfClmZw3cDnc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2144
X-Proofpoint-GUID: SdNwm2s8sB0RDoMvGqN5HKxM_7SuQEXz
X-Proofpoint-ORIG-GUID: SdNwm2s8sB0RDoMvGqN5HKxM_7SuQEXz
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-05-01_07,2022-04-28_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 impostorscore=0 phishscore=0 adultscore=0 priorityscore=1501 mlxlogscore=979 malwarescore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2205010141
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/rwUzE1OAmzeaf4NfAg2SFNN0Rj0>
Subject: Re: [lamps] [EXTERNAL] Re: PQ-composite OR or K-of-N logic
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2022 17:27:10 -0000

Hi Panos and Michael,

Putting on my Editor hat -- just trying to see if I've understood this discussion correctly.

"Subset signatures" := when the signer uses only some of their component keys, and emits a "null signature" in place of the others.

This has been in the draft since draft-ounsworth-pq-composite-sigs-05 (July 2021). Currently this is " 3.4.1.  Composite-OR Legacy Mode" in sigs-06. This is the source of a lot of complexity and confusion in design discussions (for both composite signatures and composite content encryption).

Other than some handwaving about saving bandwidth, I don't think I've heard anyone say that this is actually useful, so I think at this point we can remove it from the draft and leave only signature and encryption modes where the signer / encryptor use all available keys.

Currently, draft-ounsworth-pq-composite-encryption-01 sections 2.2.1, 3.2.1, and 4.2.1 define Composite-OR as a subset algorithm, so we would need to change it there too.


"OR mode" := When listed in a public key / signature algorithm (draft-ounsworth-pq-composite-sigs-06 sections 3.2 and 3.3) it means that the verifier is allowed to pick its favourite signature from those provided and ignore the rest. When listed in a public key / encryption algorithm, it means ... what? that the CEK has been encrypted independently for each component key? (seems a bit redundant when used inside CMS)

QUESTION: Is there value in defining OIDs to specify OR mode in A) a public key, B) a signature algorithm, C) an encryption algorithm?



"K of N mode" := When listed in a public key / signature algorithm, it means that the verifier is allowed to pick its favourite k signatures from those provided and ignore the rest. When listed in a public key / encryption algorithm, it means ... what? that the CEK was encrypted under some sort of secret sharing scheme?

It seems like this IS NOT valuable for public key / signature algorithms, and should be left up to verifier local policy.

QUESTION: is that valuable for public key / encryption algorithm?

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: April 29, 2022 10:54 AM
To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>; Russ Housley <housley@vigilsec.com>; =?utf-8?B?IktsYXXDn25lciwgSmFuIg==?= <Jan.Klaussner@d-trust.net>; LAMPS <spasm@ietf.org>
Subject: [EXTERNAL] Re: [lamps] PQ-composite OR or K-of-N logic

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________

Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> wrote:
    > That does not need the signer to define the k-of-n logic. The signer
    > will just create n signatures and put them in a composite one. The
    > verifier will verify k-of-n and pass verification. No need for
    > upgrades. And no need for the AND, OR, K-OF-N logic to be added in the
    > composite signature or public key to complicate things.

I agree, the value of k is probably Verifier policy.
The signer could express a hint via a policy OID, but ultimately, it's the verifier that needs to implement something.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide




Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email