[TLS] Re: Composite ML-DSA

Dennis Jackson <ietf@dennis-jackson.uk> Thu, 16 April 2026 09:04 UTC

Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C0A53DD6F8B5 for <tls@mail2.ietf.org>; Thu, 16 Apr 2026 02:04:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776330257; bh=NTY+dNX16nsxPI0RPisVQFwDhbiBx3FLUYRXoJ6C8H8=; h=Date:Subject:To:References:From:In-Reply-To; b=HACHrL+r3EtmIfES+hnZBpxUkppLODlRVRcMhOfMNZwEoBz4pmQsRuhr5/Gg4ACbx 9EWixxo1nu0qha/Q/UFkq4nn521DfVp0W09iqTqj0Uyn4HLydyfYpuIprVrSnkzdtU tkr/NNO20O6CNSjXGgaPIgDnk+makGzsNiAwHX64=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NufRv0tQJv9A for <tls@mail2.ietf.org>; Thu, 16 Apr 2026 02:04:16 -0700 (PDT)
Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [IPv6:2001:67c:2050:0:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 08E29DD6F882 for <tls@ietf.org>; Thu, 16 Apr 2026 02:04:12 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4fxBry0HqNz9v67 for <tls@ietf.org>; Thu, 16 Apr 2026 11:04:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1776330242; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Gbs1D5CkH8+VXx0CU6F3p96UopI2mc+ki0RzoT01bJk=; b=0LvYHWzRJbAq4FHikoEfkvIZElJhnEJ6P38hJ9vGcmacp+/zDDspEM8jbzssm48Wra9Gp9 W6WcQ9I6Mvi+xn7iZ/+BvMHDaoF4RNZWPZaK7RrT1MFD+IV8usUD1St9NU/bkZlw9o7AsS d57inQspeZhcMIuRrrqdCtGG2BQkiC84uKJAOluj+97iX2/W61WLSi2dNXoIHLJ7mduCEk X0umGPk3KV918R5wSzXaRvVtvipxYdZ++bt0PpG3JG69H4Z3c7zqAe8whChpCm9yvhDlkc RRYoMNL0wUEAhHJ5bLU/XIVOFpx/NQAjcIHJk7GXhH3mdT0zp1mxXhGIEkN0fA==
Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of ietf@dennis-jackson.uk designates 2001:67c:2050:b231:465::2 as permitted sender) smtp.mailfrom=ietf@dennis-jackson.uk
Content-Type: multipart/alternative; boundary="------------B54XjD3QivMhwCgF0HedMNAX"
Message-ID: <487c7f61-9ffa-4846-a2c5-092e695351cd@dennis-jackson.uk>
Date: Thu, 16 Apr 2026 10:04:00 +0100
MIME-Version: 1.0
To: tls@ietf.org
References: <16CF0FDA-7263-461A-9F2B-D37DBEAF5DD9@sn3rd.com> <CAMjbhoWwvfkfScpbf4-5PBzk__qb+6M4ZzAOba64kk9aXBba5g@mail.gmail.com> <d47a34ab-7fb9-4687-84aa-a5fa6bcf6a6c@tu-dresden.de> <2971d01a-89e3-43d3-a01d-b9c17b178763@amongbytes.com> <692bb582-ab7e-4d6b-aa75-ac5d93228bb2@tu-dresden.de> <DS4PPFA08475C7DBE27468E40C672197481C1242@DS4PPFA08475C7D.namprd11.prod.outlook.com> <LV0PR21MB6623B48B1F3A05D745F5A79D8C242@LV0PR21MB6623.namprd21.prod.outlook.com> <ad0svakv_WUM3btz@chardros.imrryr.org> <CAF8qwaBU_YHWX2MsWeeaOJ8sutR1wMozvbiTJF5kyvTE8YjWWA@mail.gmail.com> <CACsn0c=GDta824UF7uJ3nw_4U_rT=XhYOGHRemMWa+2AdbsiAg@mail.gmail.com> <3a16c7c4-345e-48ce-af70-a3bf503c8caf@app.fastmail.com> <CACf5n7_0hdeHJXXucva9pb=+pjhcgveHRpjA8XAcXB3LsYUvaw@mail.gmail.com> <CAFpG3gcC+UfO7E=ADGhwr2En5PwipZiq_r6_RdqvmT-5nnh2jw@mail.gmail.com> <d69ba150-0257-4e64-9abb-9229d03a03a6@app.fastmail.com> <129715714.1963.1776284832509@app.mailbox.org> <CAEEbLAYbQF5XapVPqGbNCuj64oYiYQ5BO5WnRBeXFQuFzs=o8g@mail.gmail.com>
Content-Language: en-US
From: Dennis Jackson <ietf@dennis-jackson.uk>
In-Reply-To: <CAEEbLAYbQF5XapVPqGbNCuj64oYiYQ5BO5WnRBeXFQuFzs=o8g@mail.gmail.com>
X-Rspamd-Queue-Id: 4fxBry0HqNz9v67
Message-ID-Hash: BGG33CRJ2BXJQA364MRZLVKQMRKU6D47
X-Message-ID-Hash: BGG33CRJ2BXJQA364MRZLVKQMRKU6D47
X-MailFrom: ietf@dennis-jackson.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Composite ML-DSA
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/W0ofNtOlmj6MULgxZzzx7xkzuR0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I broadly agree with Sophie, especially:

> In many cases, signature keys can be revoked with varying amounts of 
> pain. In those circumstances, the additional security benefit of 
> hybrids is soley in defense against unpublished attacks, as published 
> attacks will be mitigated via revocation. As the blast radius for 
> signatures has a strict end with revocation of the key (as opposed to 
> encryption, where any ciphertext that has ever been encrypted with the 
> algorithm is now up for grabs).

I see hybrid KEX sticking around for a while, but I don't think 
composite signatures make much sense in any eventuality and especially 
if you think the probability of near-term CRQG is rising.

Best,
Dennis

On 15/04/2026 23:16, Sophie Schmieg wrote:
> hi all,
>
> here is my dump on thoughts about hybrid signatures, apologizes if 
> some of the points have already been brought up before
>
> When it comes to implementation security, I've never fully bought the 
> argument that hybrids pose a meaningful defense. The most dangerous 
> implementation vulnerabilities are things like spectre, row hammer, or 
> good old buffer overflows. Since memory is shared, the vulnerability 
> of a hybrid implementation to these issues is the union of the risk 
> surfaces of the individual implementation, so using a hybrid increases 
> the risks. You could argue that correctness related vulnerabilities 
> like CRT faults or point not on curve attacks are the main 
> implementation mistakes hybrids protect against, but given the design 
> of the PQC algorithms which do not allow for many subtle logic bugs 
> (at least as long as one uses seeds as private keys [1]), and the bugs 
> they do allow for can be tests very well using high quality test 
> vector suites like Wycheproof (It was actually difficult to find 
> compelling test cases for Wycheproof due to the design decisions made 
> in the spec which made many creative input choices simply not work, as 
> opposed to classical crypto where such creative choices result in fun 
> vulnerabilities).
>
> In my experience, by far the biggest risk when it comes to signatures 
> is not in the algorithms themselves, but implementers either 
> forgetting to verify, ignoring the verification result, or forgetting 
> to check that the message actually attests to the thing they wanted 
> attesting for (i.e. the valid certificate for a different domain 
> problem). If the hybrid is implemented as a single algorithm, this 
> risk doesn't differ between hybrid and non-hybrid signature (and this 
> is one of the reasons why I strongly prefer this approach). The more 
> details of the hybrid construction is exposed to the caller, the more 
> this is no longer the case. If you teach a verifier to ignore some 
> signatures, you add code that is a frighteningly close Hamming 
> distance away from code that ignores all signatures. If you want to do 
> things like using an HSM for your classical signature, but a software 
> implementation for your PQC signature, the only takeaway that I can 
> see is to bury this capability as deep in the cryptographic library as 
> possible, and not expose any of it to the caller (other than possibly 
> a boolean flag that enables the HSM or a classical software 
> implementation, but even that is dubious).
>
> In many cases, signature keys can be revoked with varying amounts of 
> pain. In those circumstances, the additional security benefit of 
> hybrids is soley in defense against unpublished attacks, as published 
> attacks will be mitigated via revocation. As the blast radius for 
> signatures has a strict end with revocation of the key (as opposed to 
> encryption, where any ciphertext that has ever been encrypted with the 
> algorithm is now up for grabs), this is good enough in most threat 
> models, and as such I don't consider hybrid signatures essential in 
> those use cases. When they can be done without additional cost (this 
> cost can be in terms of performance, overhead or even coordination 
> headwinds), I still recommend using hybrid signatures, but with a 
> heavy bias towards just using pure signatures in case of difficulties 
> arising. Most importantly for the IETF here are the coordination 
> difficulties. I much prefer having pure ML-DSA over not having any PQC 
> signature at all.
>
> There are cases where revocation is not really possible, like for 
> example firmware signing keys. Here I much prefer having SLH-DSA, or 
> as a fallback, hybrid signatures, but these usually do not require 
> fully standardized solutions for the hybrid construction.
>
> [1] https://eprint.iacr.org/2024/523
>
> On Wed, Apr 15, 2026 at 1:27 PM 
> <tim.beckmann=40mailbox.org@dmarc.ietf.org> wrote:
>
>     Hi,
>     I'd like to add a perspective on why hybrid certificates and
>     authentication are useful. My background is with IoT and OT
>     (operational technology) devices manufactured by medium-sized
>     businesses. These devices often maintain a connection to the
>     manufacturer's backend, mutually authenticated by small scale
>     private PKIs (plural, because device certificates and backend
>     certificates are under different roots).
>     The deployment of these devices has the unfortunate property that
>     between production and first installation a lot of time can pass,
>     sometimes upwards of a year. With IoT, this can be because the
>     devices are stored in a crate or a shelf somewhere along the
>     retail chain, with OT, operators keep devices in storage for hot
>     swapping in case of hardware failures for any of the deployed devices.
>     The transition from traditional to post-quantum authentication
>     methods poses a significant problem for these device classes. In
>     many other scenarios, you can flip the switch from ECDSA-based
>     authentication to ML-DSA-based authentication the moment you judge
>     the CRQC threat as too high by pushing a config or
>     software/firmware update. (This requires that
>     PQ-keys/-certificates have been distributed beforehand, of
>     course.) But devices lying in storage have no active internet
>     connection to receive that information. When they authenticate the
>     backend many months later, for the first time in over a year, the
>     ECDSA keys might have been compromised already. (Under the
>     assumption that attacks against EC keys are widely available soon.
>     I'm still somewhat on the fence about that in regard to targets
>     that don't have extremely high value.)
>     One way around that dilemma is to do an initial check on whether
>     authentication should be switched over, by connecting to a special
>     endpoint once with ECDSA certificates and once with ML-DSA
>     certificates and verify that both give the same advice (and abort
>     if they don't). But from an operational perspective, issuing
>     hybrid certificates as soon as possible and just using those for
>     mutual TLS seems to be the easiest and most robust solution.
>     (Now, there are a lot of hurdles along the way. Most notably,
>     secure elements (and cellular modems with TLS stacks) are still
>     widely missing ML-DSA support (or SLH-DSA for that matter), but we
>     have that problem with non-composites as well.)
>     What are your thoughts on that? Do you know of a more
>     straightforward solution? Relying only on ML-DSA as soon as
>     possible is problematic, both because of customer concern and
>     regulatory requirements.
>     Best regards,
>     Tim Beckmann
>     _______________________________________________
>     TLS mailing list -- tls@ietf.org
>     To unsubscribe send an email to tls-leave@ietf.org
>
>
>
> -- 
>
> Sophie Schmieg | Information Security Engineer | ISE 
> Crypto |sschmieg@google.com
>
>
> _______________________________________________
> TLS mailing list --tls@ietf.org
> To unsubscribe send an email totls-leave@ietf.org