[lamps] New Version Notification for draft-ounsworth-pq-composite-kem-00
Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 19 July 2022 15:02 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D21DC13C50F for <spasm@ietfa.amsl.com>; Tue, 19 Jul 2022 08:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.809
X-Spam-Level:
X-Spam-Status: No, score=-2.809 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lY454VOxafcJ for <spasm@ietfa.amsl.com>; Tue, 19 Jul 2022 08:02:47 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7FAEC188723 for <spasm@ietf.org>; Tue, 19 Jul 2022 08:02:46 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26J4fRpL029118 for <spasm@ietf.org>; Tue, 19 Jul 2022 10:02:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=mail1; bh=D/6LKuUvjJgHh0eWy5LLesnBlEXgFOX+49Z2AwGKrnY=; b=az0Nt6QMREo4SHRtF7ii5kUJzcMacO57nOlUpvfwDpawyXp0AUmuEr2IWkpe5V+l9u2v Ukmf84hDQ6Sx9pHQ2m8qslOV40elXiT1G6bgJ3Vte4Q5lRg7iMFLQWLKk72rESj+AWnk WOfIHiuEUvji5Nw0ekpwErpbJoTO2SX9pHUyb50ilvlQAzFSOANitAneav+yJ+EIzJIf nmdsGz3Pw8eiCsTA/zAxJJRz7xxqhUw8eRCtki1noGMZL4EDCtWGUX7HTPkcnjmktoki 2cAlw2hlBfDr4AxaI1RZohOX5Gc7+wZVm/xg6E6NPgXZ3ZiZkSYyuTXs5g//uDe7I7oU WA==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3hbt12he5s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <spasm@ietf.org>; Tue, 19 Jul 2022 10:02:44 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lM+POiJZFtmhZhYU8YXPILeHTrJKVHgXbH36EojyKZPJQmyzhFprck4gu7xKPn0RyZJQA1aW46Wkj59IPTd2rVhznVfG+ERPwR5DMjKMxRZ9CLzhkYEnApV4oRqCtkPhOHWshO+BvAk/boTFjLcbH6ZFOjOI9dA4Qo1M+pr+Ftih2oa1mKH1DbTm/3N3vgod7QhM3jMXigA9+ifto/igyl/KQduilgf72Uni1EPHsGVmcn2kCBFkZYNCaKMBKcQUP+6OrKh647jkE7Cd4cMhD0g/SfG/XxsIwsTcsIVtftXOTKZaS7cSoRdNx4akJAUkfPJ0CH9HiR5y6hCr8JPkbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D/6LKuUvjJgHh0eWy5LLesnBlEXgFOX+49Z2AwGKrnY=; b=G0GxaQvjFSrNiSIZTXljXGw95feo1+uka3K8BdisV4MiCGPpS94l1xWlIfuVyy8LBWQAJd2KQmbtA9YDmC96zx5wNC7r78RGb3d2AgDhgyJ/tJkJo7rSOufAkGOvaB1ht+pzAlmAP8PBbSMqRMvvWUZofgr/2TLTlg6s6F6bh9ioL3OSWvkoMsMmyiyZW6XdJkAk1RQyZJX4aBW61CjBrnDQPT5bTZ3pe92PF5E+vGj2Xd2Z4bDLuIBciu8otfxeRX1A0dSMIG1ocQ1SOqafyZ16TGboKd0yfCUjDC4gt05Q+FW+qehbvy2zoyzaKz5rCN+9GTXGilM/j0vX3TUt3g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DS0PR11MB6397.namprd11.prod.outlook.com (2603:10b6:8:ca::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.24; Tue, 19 Jul 2022 15:02:41 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::28d0:f946:27df:f27a]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::28d0:f946:27df:f27a%7]) with mapi id 15.20.5438.023; Tue, 19 Jul 2022 15:02:41 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: 'LAMPS' <spasm@ietf.org>
Thread-Topic: New Version Notification for draft-ounsworth-pq-composite-kem-00
Thread-Index: AdibgIgy+z0OEwErQFCylnzAqSCNaA==
Date: Tue, 19 Jul 2022 15:02:41 +0000
Message-ID: <CH0PR11MB5739DFD33D1982C8A1D355869F8F9@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a5165a75-919a-4c67-c309-08da6997ba7e
x-ms-traffictypediagnostic: DS0PR11MB6397:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 24gqBaKbPAVNWin1jYENKEKGJvC2iPF+Lmc0JnK3/EGJhvIV4ELG/yM3ibHAW1bUHokmm3K5Wn47y7uZ0iLea4546b8E5+YiXmMfFL2TEwi8kUg0qHz7avyblAt8q/tCGmRKtrffl0OlNndJM8fo7ImYyYeuMck21aOPJgN01/Ns6rW6KerrRO/lE2LTiQUHMGnhxBDD+9AAUs6tUBI3st97YQP+w+1LQ4s0KJ5vKAJ+XU7wWKFI1yhdYwwB3QVmc5zA3+Enp3i+GYZ84QkQ0QdLHXqJ1cDe8qyRewHnqtfpJGmW1XuF06krsO5jU0ugyDjdGm45qw9pFMdHrUU8M4RlSA8x5A5Cmw1P00l3w0mA1VfAehJNAhub02k24aLNwnjZ/FpDlaeWpzuwRg2Qg2WjfIxR8KeGgum1RGwC+LeoFVWpE29B3ujKI6OORowFGo5DMYAj5fk2rP+d/uCxR5jYMocMwtN0410QdxFGYeTaFWNk1a0SBrsVpXvQX25CBDWfVR9or++aL3G0l8dt1oef+iISe64XEhhnhl4ewdSK8oZDmGvga7z8qwkCZKLVECiUk0GulFp64uLJ+vbmXCIg+eYLFi1dPlI4p1GrMdn1sO4o1EL7lBVf06lcSNHPoyEx8Bojr41aD8OG0XY2qVyB3m38M9/EH7wp6frPpjMpYvTAuSCNDv1ceF0JMC2QF89ODWCs2r+dGjmdJ+daCi5gp36SU19ZiADGSf2sYTnViYHRDSV2xCWveVM0mM2KgS9FUr9m6tGSIEQiS01GX81tcDmQ6WolMwewQP9BH9X1Q+Ud2D/bi/OJiNJJUJ5lQkxfJmMLIKAGDfruJM/mwDxdRLd+JchKNHwYTATjEaA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(346002)(39850400004)(136003)(396003)(366004)(376002)(76116006)(41300700001)(71200400001)(26005)(9686003)(316002)(7696005)(8676002)(64756008)(66446008)(6506007)(186003)(66574015)(6916009)(33656002)(5660300002)(8936002)(66946007)(52536014)(66476007)(53546011)(86362001)(66556008)(2906002)(55016003)(15650500001)(83380400001)(38100700002)(478600001)(966005)(122000001)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: h2ZxL/yCAViuKHhxxRYOxmSyqrdJousxvxDNzT8E6xPA1/V+b1zrVeINsV3NxLkaaHRjo1fPa4MJh5/mA042Jhpeu0FAdU804dNfD2wNyRosrrA7c0NM71SC0BQC2PIsqGTtCAjRN+RDxiATVE1AcfOrTtvEm8dNlCnRNMsp3gjXamxIJsOJN0ywcOPsvTbrhXNguws3aGAKxn57G45PYwhnvt7ZjgK8OT70vRYAg0x7+VSMbHbFHclJQykOYPGSE47Ep0YAFfYRQz4vRwRyjC6D6HHE4J3hyuiI43SHh/r90TRSRyhKp9WRA7jW60YleigqlJPNFhz01uUXYEnTwVOPGJz6g4aGJVjobdk26sKn6Mc+AChNmS+f3qz/bsOOK5BMrhROnoOgn1FcpgRu+FPLuF0Z4JGLmZ6kEmp1dMKdOoatdC20kZduKEc5OmGn8a33WOKpYn5razTFBZi+kgT6Ol6RlfBcreJNejzyhFupPDmVCD4DWX6JZSrpDfaCMp4mZWIlolw3V7zSmwRVUf+2Xg5yFbr7HCDiQ/cAGu+ywn+Sr4LR3UojqSQiWWvw6WWIJRObk5DcI+x3L2N+F5dGpKUAAMzF9WL1RHhAfwJ1ApwpGO8iAJZw//yDmsPoskvYa5MygaPDYCkjm3ICjrlmQwNrf0V6IUcZRQmi08DFrd3hVlcHygAovyqSwpOXmLvuve9Fcaa64KbYPEmowufZgLx1bzNYVLNKzlhPevA7iqzzE9KRtAw/r1gqvzjSsmf8m1e4E/xHPq/xkzUJJYBeyaOfk/VxIbUlLufpG48CvlN/NZvnBKEtYe43XubUELmsBOCFziC4r0tbYL+qNXvnLBjLwv0iGH+BJL4sBb14r+yuMRLIgsG0beHW5EnS1LO7vQixl11+p7K1NxZUxUaAkqt6ZTZPjR4EH010ycwE2+a5aNIeIl69nDris1nruz52KNPrPcGqBVnZeas4gTSjgrceZozfv3Fpmoj7RrPMDfUcV7JCA/yeU9zwaqo60AmeVgBgiXYXz1hQSr+L5fYRAgqAjElMU1DNGqedsX8MP6pPbszIqaF0UQvQ0dhOeY78yeISSV7uwK7d5ldI94M+6wxpVWU2pLTQsCplx1lzSzQ2TTRiVpnaQQnbDeKOqnoPQkAslBlJtRIeP77oZDFJ2fMuopreTGwYN429GYyG8MhCsto7R8bXxfbdQswVCpp/d0fXWbSO4cSvtodpEMaspVrzy6C20ZutbcIYKRgqHK91xgPGwjvU1ybur5OdBIa49MFmFh+8DtIxoH5Wy6VrMLe4A3LS+B22fiSK4C7vMo8gZ78TbrAVsb8aPKaE5OHpPjKT2w4uINbHoKn0GLvmKuamfuSGMAnu6DqOp+qTX3lriJ3TPPTh/zFa7aGG06DudPF+kNYMuvj0I7Z30cBkBGOhdBQb0c+ke1JdaqOr2bdck0APvCOG+qQgTXF/A0ytqGPHLb38K+p47dOaqEPGNFxhRSzhfe7ig1gmw2Eaq4SoJ6uzK9iEuPaLxpbs2bBPPT3NIg3bG4VngDbKXw64YGAUs/tWtaMkv+9w8vrePxaK0fb+GiItLdrdPfWk3331GAJZJ7jbJmwkuuTPjQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a5165a75-919a-4c67-c309-08da6997ba7e
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2022 15:02:41.5881 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6zMHLxUXKc4S3FSVbxtZ5HxTTSAjKdkMkel2LuHIqXhr0FBDpAHpgWOUoMW2N3s5ZbguJRuMZ402hFeDUckAoZGxVJTKOu6+Hznj7duTAn0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB6397
X-Proofpoint-ORIG-GUID: sR7YCgrpM5xBJ6it-PaXbZbc9eXgTh8s
X-Proofpoint-GUID: sR7YCgrpM5xBJ6it-PaXbZbc9eXgTh8s
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-19_03,2022-07-19_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=0 phishscore=0 adultscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1011 priorityscore=1501 mlxlogscore=999 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207190062
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Y4_Rx26wlAc0wcnvlL2iwxydewY>
Subject: [lamps] New Version Notification for draft-ounsworth-pq-composite-kem-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 15:02:51 -0000
Hi LAMPS, We have published draft-ounsworth-pq-composite-kem-00 which allows for multi-algorithm key exchanges anywhere that PKIX allows a KEM -- notably in CMS EnvelopedData (well, it doesn't allow a KEM yet, but draft-perret-prat-lamps-cms-pq-kem will fix that!). The composite KEM draft contains two non-trivial mechanisms which will require cryptographic review: 1. Transformations KeyTrans -> KEM, and KeyAgree -> KEM so that arbitrary combinations of {KeyTrans, KeyAgree, KEM} can be combined as if they were all KEMs. 2. Combiners to combine multiple component shared secrets into a single shared secret. We originally thought we would be good with SS = KDF(SS1 || SS2) as per NIST SP 800-56Cr2, but we have since discovered that this is a hot area of academic research [Aviram2021], [Aviram2022], [Giacon2018], so we probably need something more sophisticated. We've also added a crypto-agile way of specifying the combiner so that alternates can be added in the future. [Aviram2021]: https://github.com/nimia/kdf_public [Aviram2022]: https://eprint.iacr.org/2022/065 [Giacon2018]: https://eprint.iacr.org/2018/024.pdf PS -- it's an --00. I think it's currently more lines of TODO and EDNOTE than actual text. Our goal at this point is to start the discussion and to firm up the document over several versions. --- Mike Ounsworth Software Security Architect, Entrust -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: July 11, 2022 4:50 PM To: John Gray <John.Gray@entrust.com>; Mike Ounsworth <Mike.Ounsworth@entrust.com> Subject: [EXTERNAL] New Version Notification for draft-ounsworth-pq-composite-kem-00.txt WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ______________________________________________________________________ A new version of I-D, draft-ounsworth-pq-composite-kem-00.txt has been successfully submitted by Mike Ounsworth and posted to the IETF repository. Name: draft-ounsworth-pq-composite-kem Revision: 00 Title: Composite KEM For Use In Internet PKI Document date: 2022-07-11 Group: Individual Submission Pages: 24 URL: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ounsworth-pq-composite-kem-00.txt__;!!FJ-Y8qCqXTj2!epQBEDwlXF5Hp-QTdUggipQT0WEULocnrOwooDAeCOfZssGzH3ReI7voPzi6X2neL37UVixX9SPSuP5QVFf8HHUmvRNK_A$ Status: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-kem/__;!!FJ-Y8qCqXTj2!epQBEDwlXF5Hp-QTdUggipQT0WEULocnrOwooDAeCOfZssGzH3ReI7voPzi6X2neL37UVixX9SPSuP5QVFf8HHUZYZszFg$ Htmlized: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-ounsworth-pq-composite-kem__;!!FJ-Y8qCqXTj2!epQBEDwlXF5Hp-QTdUggipQT0WEULocnrOwooDAeCOfZssGzH3ReI7voPzi6X2neL37UVixX9SPSuP5QVFf8HHUDHx3HVQ$ Abstract: The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for the required data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptanalysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics as well as hardware and software implementations that have not had sufficient maturing time to rule out classical cryptanalytic attacks and implementation bugs. Cautious Implementers may wish to layer cryptographic algorithms such that an attacker would need to break all of them in order to compromise the data being protected. For digital signatures, this is referred to as "dual", and for encryption key establishment this as referred to as "hybrid". This document, and its companions, defines a specific instantiation of the dual and hybrid paradigm called "composite" where multiple cryptographic algorithms are combined to form a single key, signature, or key encapsulation mechanism (KEM) such that they can be treated as a single atomic object at the protocol level. EDNOTE: the terms "dual" and "hybrid" are currently in flux. We anticipate an Informational draft to normalize terminology, and will update this draft accordingly. This document defines a Composite key encapsulation mechanism (KEM) procedure, for use with Composite keys which consist of combinations of Encryption or KEM algorithms for each composite component algorithm. This document also introduces the idea of assigning an Object Identifier (OID) to a shared secret combiner so that stronger combiners can be implemented in the future without needing to re- issue this specification. This document is intended to be coupled with the composite keys structure define in [I-D.ounsworth-pq-composite-keys] and the CMS KEM-TRANS mechanism in [I-D.perret-prat-lamps-cms-pq-kem]. The IETF Secretariat Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
- [lamps] New Version Notification for draft-ounswo… Mike Ounsworth