Re: [Suit] PQM signature algorithm ROM requirements
Russ Housley <housley@vigilsec.com> Thu, 24 March 2022 15:54 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CF453A1163 for <suit@ietfa.amsl.com>; Thu, 24 Mar 2022 08:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2GPmqxrAcPO for <suit@ietfa.amsl.com>; Thu, 24 Mar 2022 08:54:21 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97E983A10DA for <suit@ietf.org>; Thu, 24 Mar 2022 08:54:21 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 9EE86153F7A; Thu, 24 Mar 2022 11:54:20 -0400 (EDT)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 92AC415436C; Thu, 24 Mar 2022 11:54:20 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <866527de-88ed-882a-97d4-a3dc4b6d252a@inria.fr>
Date: Thu, 24 Mar 2022 11:54:19 -0400
Cc: suit@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <01448EED-895A-4689-B0D1-73EEEC089A26@vigilsec.com>
References: <866527de-88ed-882a-97d4-a3dc4b6d252a@inria.fr>
To: Koen Zandberg <koen.zandberg@inria.fr>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/VW3XPwpelzz5XI7TIN11mkhDLzA>
Subject: Re: [Suit] PQM signature algorithm ROM requirements
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 15:54:27 -0000
Koen: Thanks for doing the work. For HSS-LMS I expected the vast bull of the size to come from the SHA-256 part of the implementation, and this small code size aligns with that expectation. Russ > On Mar 24, 2022, at 9:01 AM, Koen Zandberg <koen.zandberg@inria.fr> wrote: > > Hi all, > > During the discussion of the draft-ietf-suit-manifest document and the MTI part there was some discussion on PQM algorithms implementation sizes[1]. One question that was raised was whether the ROM requirements on the algorithms in question (HSS-LMS and Falcon) is verification only, or includes the signing code. The short answer here is that the numbers in table 5 include the signing code. Based on our measurements with the same code base and on the same hardware, for HSS-LMS, a verification only build needs 2864 bytes for the HSS-LMS code. For Falcon it is 10112 bytes for verification only. (gcc 10.3.1 with -Os) > > The HSS-LMS implementation used is the hash-sigs repo [2] from Cisco. The Falcon implementation used is based on the reference implementation [3]. The code to get these numbers is of course available online [4][5]. > > Best regards, > Koen Zandberg > > [1]: Article to appear in ACNS 2022. Preprint: https://eprint.iacr.org/2021/781.pdf > [2]: https://github.com/cisco/hash-sigs > [3]: https://falcon-sign.info/ > [4]: https://github.com/future-proof-iot/RIOT/tree/postquantum_crypto/tests/bench_hash-sigs > [5]: https://github.com/future-proof-iot/RIOT/tree/postquantum_crypto/pkg/falcon_sig
- [Suit] PQM signature algorithm ROM requirements Koen Zandberg
- Re: [Suit] PQM signature algorithm ROM requiremen… Russ Housley
- Re: [Suit] PQM signature algorithm ROM requiremen… Brendan Moran