IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

"D. J. Bernstein" <djb@cr.yp.to> Thu, 27 November 2025 07:37 UTC

Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 185589192E17 for <tls@mail2.ietf.org>; Wed, 26 Nov 2025 23:37:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=unavailable autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBrZyLuy9CpK for <tls@mail2.ietf.org>; Wed, 26 Nov 2025 23:37:23 -0800 (PST)
Received: from salsa.cs.uic.edu (salsa.cs.uic.edu [131.193.32.108]) by mail2.ietf.org (Postfix) with SMTP id 04F7A9192DA9 for <tls@ietf.org>; Wed, 26 Nov 2025 23:37:11 -0800 (PST)
Received: (qmail 3834736 invoked by uid 1010); 27 Nov 2025 07:37:11 -0000
Received: from unknown (unknown) by unknown with QMTP; 27 Nov 2025 07:37:11 -0000
Received: (qmail 399882 invoked by uid 1000); 27 Nov 2025 07:36:55 -0000
Date: Thu, 27 Nov 2025 07:36:55 -0000
Message-ID: <20251127073655.399880.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
Mail-Followup-To: draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
In-Reply-To: <9c237f425c0b1ebccf099c47a8badfcf41eb2ef0.camel@aisec.fraunhofer.de>
Message-ID-Hash: XS3HME7HPU6NYRGGQJQSVWMF62YET2TA
X-Message-ID-Hash: XS3HME7HPU6NYRGGQJQSVWMF62YET2TA
X-MailFrom: djb-dsn2-1406711340.7506@cr.yp.to
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TqnQkkTm02Ocpw_ZrY7wyo9Sthw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Bellebaum, Thomas writes:
> the main claim there is 0.06 kWh/GB for **2015**

I agree that this article uses 2015 instead of 2018 as the baseline;
thanks for the correction!

Unfortunately this still leaves the question of figuring out where the
actual costs are between the extremes that I cited, namely (for 2024)

    https://web.archive.org/web/20240301102137/https://www.usatoday.com/tech/internet/should-you-purchase-internet-over-1-gig/

implying a cost of roughly 2^-42 dollars/byte but the data caps in

    https://web.archive.org/web/20231210121119/https://www.forbes.com/home-improvement/internet/xfinity-internet-review/

implying a cost of roughly 2^-34 dollars/byte. In general, the economics
are tricky to analyze, for reasons explained in the 2020 Greenstein
paper that I cited:

    https://pubs.aeaweb.org/doi/pdfplus/10.1257/jep.34.2.192

As a simpler analogy, there's an up-front cost to laying train tracks
and buying trains, plus maintenance costs that are only very loosely
connected to the number of train users, so how do you figure out the
real cost of a train trip? The train companies, when not constrained by
regulations, will just experimentally pick trip prices and see whether
their partially captive market will pay those prices. Minimum prices
certainly underestimate the average cost: those prices come from the
companies trying to lose less money on seats that would otherwise be
unused. The only time the companies need better models of the trip
prices are when they're considering building a new train line and trying
to guess whether the line will have enough usage to make money overall.

CPU manufacturers also have up-front costs, but have much less of a
captive market, so the purchase prices end up with much less variance
than Internet-service prices. It's also clear how much computation power
you're getting when you buy, to take an example from my paper, a Dell
PowerEdge T440 server with two Intel Xeon Silver 4216 CPUs and a 5-year
warranty, whereas it's much less clear how much data you'll actually be
able to transmit when you buy Internet service. I find the data limits
for cellular service much more clearly documented, but I think focusing
on the cellular case would be unfair to Kyber/ML-KEM since there are so
many situations where users can and do switch to Wi-Fi.

---D. J. Bernstein


===== NOTICES =====

This document may not be modified, and derivative works of it may not be
created, and it may not be published except as an Internet-Draft. (That
sentence is the official language from IETF's "Legend Instructions" for
the situation that "the Contributor does not wish to allow modifications
nor to allow publication as an RFC". I'm fine with redistribution of
copies of this document; the issue is with modification. Legend language
also appears in, e.g., RFC 5831. For further background on the relevant
IETF rules, see https://cr.yp.to/2025/20251024-rules.pdf.)

v2.37.1 | Report a Bug | By Email | System Status