IETF Logo Mail Archive

Re: [Suit] SUIT Manifest MTI Algorithms

Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr> Thu, 11 November 2021 08:40 UTC

Return-Path: <emmanuel.baccelli@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F2643A0E13 for <suit@ietfa.amsl.com>; Thu, 11 Nov 2021 00:40:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVmaN7ZW9fXG for <suit@ietfa.amsl.com>; Thu, 11 Nov 2021 00:40:27 -0800 (PST)
Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B7E13A0E11 for <suit@ietf.org>; Thu, 11 Nov 2021 00:40:27 -0800 (PST)
Received: by mail-yb1-f180.google.com with SMTP id j75so13265240ybj.6 for <suit@ietf.org>; Thu, 11 Nov 2021 00:40:27 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5EApyX1eibCLEbvd2Vwt1agNU05ZqO9UGwY1N1G40f4=; b=BHZdrNGHq9+qJlBQDrjd+Xrs1ZxvNn17JNmYifTyp+F6FiL9NDPvfjWL9Ix/qtwSJ2 kPbRebP+0amJvpB4WbGkaxYnuOK6n/Y68WFaaiFAuYkjvZyhKCMt9lxOtfqNKIFkUui6 An6FeZlTGasCHbOOKKYXF4LGHtLZascMrhkXEkG/AOsxrYio9T+MPGiJFs3vFRRhwJdV oiN1VekwOBuuDUfl6YIyuvdVkzG+6SP7pv+i3e+SScW+9mQ/A77s3UWWh0zWdnf7GDTQ 3LBpZIgEyv1CBXw/qisBIHeM6Pd7zIupTnMmY8MWXjryClkiUtmB0PK9f6MMwjuidf3H rkNA==
X-Gm-Message-State: AOAM532ATW8c9pg8IXJuQyjr2qnL4DDkF5+R30877MkxeT/ZmAOHIdtn EKGcGsFDsJosM7AmuqfBXQpwcaNAd/XA9LCniTpTCwDCM5M=
X-Google-Smtp-Source: ABdhPJwOIBb8gLUvnya0F2uCjRz31TuFNW5gPaOAXEht7hwGF3cox2IcLrXPbMV5Y6SRGjPfazQXbrGo8P4eRBgVh5k=
X-Received: by 2002:a25:d4d5:: with SMTP id m204mr7065299ybf.418.1636620026070; Thu, 11 Nov 2021 00:40:26 -0800 (PST)
MIME-Version: 1.0
References: <ED069850-06BE-4DEA-A319-FDF0469627C3@vigilsec.com> <CANK0pbZcuYidA7hX823t5Q0V8+Nq_5LjVgXcQcN2MOhb+D9u4w@mail.gmail.com> <396751.1636572754@dooku>
In-Reply-To: <396751.1636572754@dooku>
From: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
Date: Thu, 11 Nov 2021 09:40:14 +0100
Message-ID: <CANK0pbYBuuQw_5MxXX2NndfytuY0XAbxyTz8A=+C-fvMdcUtxw@mail.gmail.com>
To: suit <suit@ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="000000000000494e7905d07f4b4a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/unWC5_DBIxF3LlgMqtoodfNLPOk>
Subject: Re: [Suit] SUIT Manifest MTI Algorithms
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 08:40:32 -0000

Hi Michael,

    > [...] for small-sized software updates using SUIT with LMS, we
>     > measured impact on network transfer costs (~45% more data over the
>     > wire) and on memory footprint on-device (~35% more Flash memory
>     > required), but only little impact on RAM or execution time, compared
> to
>     > using SUIT with ed25519. If the baseline is something else (i.e. not
>     > SUIT, or not ed25519), the overhead might be more.
>
> I looked into your paper trying to understand where this 35% more flash
> memory required.  Is it table 6 and 7?   I think it's a 35% increase of
> the verification code from ECDSA to HSS-LSS.  I don't think it's a 35%
> increase in total flash required, right?
>

It's table 8 in https://eprint.iacr.org/2021/781.pdf
and it's a ~35% increase in total Flash, for the basic image we used RIOT
(simple application with network stack CoAP + SUIT).


>     > What will be considered bearable overhead to upgrade to
> SUIT-compliant
>     > security, on microcontroller-based IoT devices? That is a question.
>
> Your paper seems to suggest it's acceptable.
>

Our experimental study confirms quantum-resistant SUIT is doable in
practice,
and LMS signatures seems the best choice for that, at this point.
We did not conclude on the wide acceptability of using "large footprint"
crypto.

--Emmanuel

v2.8.7 | Report a Bug | By Email