Re: [lamps] [Pqc] Multiple drafts with PQ algorithm key encodings that are not compatible.

Dieter Bratko <Dieter.Bratko@iaik.tugraz.at> Fri, 30 September 2022 15:52 UTC

Return-Path: <dieter.bratko@iaik.tugraz.at>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6909C14CF09; Fri, 30 Sep 2022 08:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.004
X-Spam-Level:
X-Spam-Status: No, score=-2.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tugraz.at
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlEaSvokCWL4; Fri, 30 Sep 2022 08:52:39 -0700 (PDT)
Received: from orelay.tugraz.at (orelay.tugraz.at [129.27.2.230]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A8BBC14CF0F; Fri, 30 Sep 2022 08:52:34 -0700 (PDT)
Received: from mx01.iaik.tugraz.at (unknown [129.27.200.178]) by mrelayout.tugraz.at (Postfix) with ESMTPSA id 4MfF9R0ZF0z8qqD; Fri, 30 Sep 2022 17:52:26 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mrelayout.tugraz.at 4MfF9R0ZF0z8qqD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1664553148; bh=mGV+9igDSH/guZFiGr5BfU26GGlpR/nfzBM9gaIRdVA=; h=Date:Subject:To:CC:References:From:In-Reply-To:From; b=ZBkz7GbDhBl/fRhhkfBMIp1SR53iYOyRCV9sYIBcdzMlKE1hwdpmsVSEwfT8fOikr TChfpVliOELIPNwwz6Df0B4TntnBFzcjJDCahYJqCkIORRPuVk6y7O3ukmjJwrwaIc L4liCsiE4QcR6QUEiqrmV7t2yFYYzjoqhuoMS8Eg=
Received: from [10.6.1.11] (10.6.1.11) by srvEXMBD2.iaik.tugraz.at (10.10.0.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 30 Sep 2022 17:52:26 +0200
Content-Type: multipart/alternative; boundary="------------t23KlCooT0QfIzSZNsntzVB5"
Message-ID: <9c3cd3da-fa03-7160-b018-bcdd7cd098f5@iaik.tugraz.at>
Date: Fri, 30 Sep 2022 17:52:26 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.0
To: "Massimo, Jake" <jakemas=40amazon.com@dmarc.ietf.org>, Mike Ounsworth <Mike.Ounsworth@entrust.com>, John Gray <John.Gray=40entrust.com@dmarc.ietf.org>, "pqc@ietf.org" <pqc@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>
CC: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, Sean Turner <sean@sn3rd.com>, "bas@westerbaan.name" <bas@westerbaan.name>, "cvvrede@gmail.com" <cvvrede@gmail.com>, "sid@zurich.ibm.com" <sid@zurich.ibm.com>, "bhe@zurich.ibm.com" <bhe@zurich.ibm.com>, "tvi@zurich.ibm.com" <tvi@zurich.ibm.com>, "osb@zurich.ibm.com" <osb@zurich.ibm.com>, "dieter.bong@utimaco.com" <dieter.bong@utimaco.com>, "joppe.bos@nxp.com" <joppe.bos@nxp.com>, "Markku-Juhani O. Saarinen" <mjos@pqshield.com>
References: <DM6PR11MB25852643FB14014E92A5CFE1EA549@DM6PR11MB2585.namprd11.prod.outlook.com> <CH0PR11MB5739E17E6696FA41BD909E1D9F549@CH0PR11MB5739.namprd11.prod.outlook.com> <574516F5-098F-4CB6-8D9C-F193BF1B1507@amazon.com>
From: Dieter Bratko <Dieter.Bratko@iaik.tugraz.at>
In-Reply-To: <574516F5-098F-4CB6-8D9C-F193BF1B1507@amazon.com>
X-Originating-IP: [10.6.1.11]
X-ClientProxiedBy: srvEXEDGE1.iaik.tugraz.at (10.10.0.43) To srvEXMBD2.iaik.tugraz.at (10.10.0.35)
X-TM-AS-Product-Ver: SMEX-14.0.0.3080-9.0.1002-27174.000
X-TM-AS-Result: No-10--13.957000-4.000000
X-TMASE-MatchedRID: u7Yf2n7Ca/2bKgbEt01qEfHkpkyUphL9FNcW5Y2zGvngm7lSO4VWyxd2 51g4pLw68a6H5MFw2KEW72/BUdOd4cQTSPZE5H8gxkQABNmid9OCJKEqkH7OTT9v2abr45nEyv3 i/J9Cz5lcwgrJFDkEP3/vRflT3wNMvyBUrJVp7YFoOA9kFf9sy66IBbSnfz+3srDwfHQQaK1na4 2ZCQpcXjbdvnblbg6AgqOhjIAGhPddXu3jAKewY4vptQwz5tsiXef5t6q8Rcz8DCHGEvzYBy/p/ EilsSmLzh9/JTWzqEwjGtzozoJsm/75hgMP9X+X585VzGMOFzABi3kqJOK62QkOroU/RNhSOlxB O2IcOBbuvQ/yg9C4yicx++7jWaPZw1hJlNhwN7lPwWSG9ljucc6IVJ3b26VeMKfHTwxtSHc1Ncn Jrl9ncC6udlDmtvS0hHi4AWjPRGS+68HqACCvKA==
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
X-TMASE-Result: 10--13.957000-4.000000
X-TMASE-Version: SMEX-14.0.0.3080-9.0.1002-27174.000
X-TM-SNTS-SMTP: 61787352EEF287CBB68D75F6E98922588267F299E05CAC9FEF59DF5705635E762000:9
X-TUG-Backscatter-control: biYb0C0m31NH2O/F2I9vDw
X-Spam-Scanner: SpamAssassin 3.003001
X-Spam-Score-relay: 0.4
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/zGaNe4W0ljnDIrpHMHFYQ4Vy7BI>
X-Mailman-Approved-At: Fri, 30 Sep 2022 08:58:53 -0700
Subject: Re: [lamps] [Pqc] Multiple drafts with PQ algorithm key encodings that are not compatible.
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 15:52:42 -0000

Hello,

> I was considering changing the DilithiumPrivateKey ASN.1 to match 
> other private key formats 
> (https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/ 
> and https://www.rfc-editor.org/rfc/rfc5915) This means proposing the 
> new sequence structure:
>
> DilithiumPrivateKey ::= SEQUENCE {
>
> version                               Version,
>
> privateKeyAlgorithm      PrivateKeyAlgorithmIdentifier,
>
> privateKey                        OCTET STRING,
>
> publicKey          [0] IMPLICIT DilithiumPublicKey OPTIONAL
>
> }
>
> i.e., the parameters are defined/contained within privateKeyAlgorithm. 
> This means we can support the byte array encoding for the private key 
> proposed by the algorithm designers in privateKey an OCTET STRING.
>
To be clear (if the DilithiumPrivateKey shall be wrapped by an 
OneAsymmetricKey/PrivateKeyInfo): the PrivateKeyAlgorithmIdentifier of 
the privateKeyAlgorithm field identifies (by id) the Dilithium parameter 
set, and the PrivateKeyAlgorithmIdentifier of the same-name 
privateKeyAlgorithm field of the wrapping OneAsymmetricKey identifies 
the key as being a Dilithium key? Perhaps the privateKeyAlgorithm field 
of DilithiumPrivateKey should be given another name. Another possibility 
(as done in the draft of Christine) might be to omit the 
privateKeyAlgorithm field from DilithiumPrivateKey and use the 
parameter-set id for the privateKeyAlgorithm field of the 
OneAsymmetric/PrivateKeyInfo (thereby implicitly identifying the key as 
Dilithium key).

Regards,
Dieter