IETF Logo Mail Archive

Re: [Suit] NIST selected PQM algorithms

Russ Housley <housley@vigilsec.com> Mon, 11 July 2022 20:48 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD70C188737 for <suit@ietfa.amsl.com>; Mon, 11 Jul 2022 13:48:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWvEzrep1jKm for <suit@ietfa.amsl.com>; Mon, 11 Jul 2022 13:48:53 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3323C157B57 for <suit@ietf.org>; Mon, 11 Jul 2022 13:48:52 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 40F5BEABCB; Mon, 11 Jul 2022 16:48:52 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 30070EA87C; Mon, 11 Jul 2022 16:48:52 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <ED134EF2-86CC-474E-8970-F7AE04063358@arm.com>
Date: Mon, 11 Jul 2022 16:48:50 -0400
Cc: Koen Zandberg <koen.zandberg@inria.fr>, "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6756AF00-6A54-4317-9732-829FA5F42B93@vigilsec.com>
References: <5ccdaef9-1e28-9d4e-8ab5-28179454b09f@inria.fr> <9EBE36DB-4E12-4849-ABA1-538330A778B2@vigilsec.com> <35BEE00D-AA5A-40CC-BBF1-867DDE21D597@arm.com> <219AA8B1-AEBB-49CC-BF1A-2FA670FFC5C5@vigilsec.com> <ED134EF2-86CC-474E-8970-F7AE04063358@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xSCvgN34lYFt67l0cYPRU00DyEo>
Subject: Re: [Suit] NIST selected PQM algorithms
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2022 20:48:57 -0000

I like the lack of state needed for the SPHINCS+ hash-based signature.  This is preferable over the stageful HSS/LMS hash-based signature that we have been discussing.

Russ

> On Jul 11, 2022, at 2:36 PM, Brendan Moran <Brendan.Moran@arm.com> wrote:
> 
> Hi Russ,
> 
> Thank you for clarifying. I thought you were expressing a specific preference for SPHINCS+ above other Round 3 winners and I was hoping to get some insight as to why that was.
> 
> Best Regards,
> Brendan
> 
> 
>> On 11 Jul 2022, at 15:23, Russ Housley <housley@vigilsec.com> wrote:
>> 
>> I am not opposed to any of the NIST Round 3 Signature winners, but I gather it will be another year before there will be NIST standards.
>> 
>> Russ
>> 
>> 
>>> On Jul 10, 2022, at 4:37 PM, Brendan Moran <Brendan.Moran@arm.com> wrote:
>>> 
>>> Hi Russ,
>>> 
>>> Are you opposed to Falcon for SUIT? If so, is it just the maturity of the algorithm? It seems to have an excellent set of tradeoffs. Bearing in mind that we are only looking at the verify operation, there shouldn’t be any concern about constant time implementations or side channels.
>>> 
>>> Best regards,
>>> Brendan
>>> 
>>>> On 8 Jul 2022, at 16:51, Russ Housley <housley@vigilsec.com> wrote:
>>>> 
>>>> I think SUIT needs to look at SPHINCS+ as an alternative to HSS/LMS for the hash-based signature algorithm, but the NIST standard for SPHINCS+ will probably not be available for a year.
>>>> 
>>>> Russ
>>>> 
>>>> 
>>>>> On Jul 8, 2022, at 7:25 AM, Koen Zandberg <koen.zandberg@inria.fr> wrote:
>>>>> 
>>>>> Hi all,
>>>>> 
>>>>> NIST announced the first four quantum resistant cryptographic algorithms a few days back. Matching the earlier discussions on this list, NIST also selected FALCON for the case where smaller signatures are required.
>>>>>> From what I understand of the process there is still a document that
>>>>> should be released soon(tm) with the exact parameters that should be used for the algorithms. In any case I think this is good news for us as one of the selected algorithms matches what was preferred from the SUIT side.
>>>>> 
>>>>> To be complete, the other algorithms selected are Dilithium and SPHINCS+, where Dilithium has large signatures (2.5 KB) and SPHINCS+ has even larger signatures (17 KB).
>>>>> 
>>>>> Best Regards,
>>>>> Koen Zandberg
>>>>> 
>>>>> [1]: https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
>>>>> 
>>>> 
>>>> _______________________________________________
>>>> Suit mailing list
>>>> Suit@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/suit
>>> 
>>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>> _______________________________________________
>>> Suit mailing list
>>> Suit@ietf.org
>>> https://www.ietf.org/mailman/listinfo/suit
>> 
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email