[TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3

Sophie Schmieg <sschmieg@google.com> Fri, 10 April 2026 21:20 UTC

Return-Path: <sschmieg@google.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4E8FEDA039F2 for <tls@mail2.ietf.org>; Fri, 10 Apr 2026 14:20:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775856017; bh=AcGCXiG1wd2seOC2gtdF6kSKFBNWplIRSavnPxrkYxo=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=iDdPcrbRibtSsgklrU1PCbc2M+fUbyuY69nJRu4l5RlK6uHMsoDvY66426jpe1Jme 87oV6rFbu5xQMYW7VLsd3k/sSDepJyYYqlZrQCVGVZfVYPVCARAHWFSEAq4Yf+Pi7u Z5Nc8GglOwLITnQfljtFKWqIoEyUKPvuuuT4sTQA=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fp2b7TiTb9Ly for <tls@mail2.ietf.org>; Fri, 10 Apr 2026 14:20:16 -0700 (PDT)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D7746DA03454 for <tls@ietf.org>; Fri, 10 Apr 2026 14:18:58 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-488879dcbc3so333285e9.0 for <tls@ietf.org>; Fri, 10 Apr 2026 14:18:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1775855932; cv=none; d=google.com; s=arc-20240605; b=KIJ6uCTG1OXECxh4VyFatNQc7WjUW3H4cDiVvos3OqhTRXN27rNqR8skKJafCegOPM kPWpIC60zcQ9SfUdcIimFI7+Fn1xMs77mwxMKjjeUJQPufhuEvgwUX415My2biZybNVb VsoPvHi1sRThRYMjY66/JZBWVaMZAc3V4vYmhVwBeoZeajcRzycSpAp79eBLInJAVBk6 kLuyuzELVnmHuCktfPwWe2HVYDHArQCNYO/b0BwEqKRfB5Zbl769F/sSjtgChU3rUes+ a1pQfopnlGr7IOzA8BJh2GodqVpnXvtrNhptFG3QFtjhuf6f4Z2SaoUvkkd+WgvbFzyW B6XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=AcGCXiG1wd2seOC2gtdF6kSKFBNWplIRSavnPxrkYxo=; fh=thkB8EHXbUjoQRH/t7/qS4ppfEQlts8DXlpzJ4muDj0=; b=U/i6Lo8tQjWSvjXDcnJIQ6DJCpuY+sCncDrjQN7PJTE/Or4evYq0r5JKOWB50ryMvj tR2u1dmzX/dZyNzDqD6FuRdFzxcMBHFIqIB3RxXJFGf8A1Xh+4J9MKNlHR9m1M3e6HUi PsTZsJfnZqbO8GiqdJsJdzG7JWf+qZAsDkpzzFGYUnFiLiPt1JSyXgFwdYy0igibY9Yt 93Oe1kdXmFZF3uImJ63aLbrmK6HWC+qBykonKeVdtW6M0pfMHqtQMuLLQtF3TxkIpwQj 7WXqnm79CEg1rQwrcGGCJA4HCflFiFEkcWSvoZR4cpr+TFPm6jW8kf7AbDYHtw5nKcl8 RLQg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775855932; x=1776460732; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=AcGCXiG1wd2seOC2gtdF6kSKFBNWplIRSavnPxrkYxo=; b=c3b9b5jBPXFJ4753tVPjwV593fEBX19CRz/geo60pvSgMYY+XbZ6C2yXRbZEvogTZ6 isuO3S2JozS162NBYuEyH0sMkzYYJhWcTdlBAm5xs4gQmwWH64rElY8ICFoSizTFVG85 romZBIltRaBgn6sYUYuav1jImrWcoPz1c/qaWq6Z42IsW5fnF2KhjsHRhDM7X15ZY1XW M8wFT3ZR0w5VFQwFiHM78p4Goc7n55LGv0sDksrhpvvIMQN9R7moUfyXhHju4DucQY6n 7lR20sGgt2OyBnQxW7X0xHrUVaOYXpQUWApbgMAd76ozA1M7qzHBor8wvzGxKXKthZ3K Gphg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775855932; x=1776460732; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=AcGCXiG1wd2seOC2gtdF6kSKFBNWplIRSavnPxrkYxo=; b=jyO+mqUvDjvo4EF2SESvHWBaALRu35FqG4ZPKt0absz2AvCsTRmiM8XGzUXtzEgw/B v6UfMSF7N84OI02ehqXthGn85oSxE8pgpT/HsgSaSaqi9VNqSdFO8rDjwIbyOcT7co1W v9fVEwM5yxBQZseyVqPHhxfRIHbLGQq63cTkU1EntkLxAtdLnEdRLOcjxo5tMJhO6rTJ 4UNIUkwVcQn+H8QtfcGz0t24SXgZBLkL+rHAEqpvW2hDZQUNO3GtsyAbdM9NNQcPm8p4 ciImOMdwpQfhWorPT9Ipyy8xjKIMoGfH2SqIX9W8k77RvCfV5a+JCIjy8kiITl/L4Fjl d+Qg==
X-Forwarded-Encrypted: i=1; AJvYcCX3dBACgP+JEa3Yt3ZXHITvEOmmoi9Q5bCNLJoIC9sYQ6ctoBnMtqVwJ97e+rVgZNB5XJM=@ietf.org
X-Gm-Message-State: AOJu0YzYLi0QmvVkIqmlKx3+vel+G81y2cGgi5lkuKD9jmvdf+mEB/KA 5BpYveCLgxazUg3GiPKSw0VmZaCsobh1EQRgX3hv3WDqkEMYMcTXPnT89o/f96JWNRSg2heX1h+ VmFPrAokDiIzyWrHJi2Eyfr7l9Snbd2bhEEs3SBY/
X-Gm-Gg: AeBDievNaKai5IiJlNKcxX8uGY1JMqhQiYvHHfYjjpgQJnzpI/zcR7aFGcefoEQXabC qDyu71+jcj8wx5g0CBAElPYyyiTh1RkuRdPdeTCaiOz+Z2TtiIXSKtMtcmekNhL1/TndUOzF7IE CORcDkPfpXa3gnolilHqN//0vQsCA7VLBkdyOR+1UeizcSxtMh1AuFn6ZxD3H76ITG2mQdUCKWs dfw723rFaBlDlirlD18dGf1ngevlWrMeAV1ShqC7iLW2GsOOeA7pIChu4ek+N0n1JZsNkGGkdRn sjUnCAFHYLQNuoQa4jYlW6S4LSHvSFcIOJimph6JVq0BQmSHVV/aXJo9y8a2Do6TfnH0chx6CAQ w9n+ifVEyDDXDPWnUdg==
X-Received: by 2002:a05:600d:8488:20b0:485:2ab4:c1f9 with SMTP id 5b1f17b1804b1-488cdceacb0mr2205945e9.4.1775855931584; Fri, 10 Apr 2026 14:18:51 -0700 (PDT)
MIME-Version: 1.0
References: <16CF0FDA-7263-461A-9F2B-D37DBEAF5DD9@sn3rd.com> <25c8d414-e4c8-455b-bd64-28132615ba75@cs.tcd.ie> <68f49a81-dd2c-4bea-896a-87da3e6aff68@tu-dresden.de> <adlD2VdmKxjd0rR8@LK-Perkele-VII2.locald> <fc2d1dcc-7757-451c-8da0-ad681db42e88@tu-dresden.de>
In-Reply-To: <fc2d1dcc-7757-451c-8da0-ad681db42e88@tu-dresden.de>
From: Sophie Schmieg <sschmieg@google.com>
Date: Fri, 10 Apr 2026 14:18:39 -0700
X-Gm-Features: AQROBzA-gNOkv9RRzkCrtrZcUbgWuKEeKwNY_S7FX-PMUkNxr29HYx9neUMC_s4
Message-ID: <CAEEbLAY-JHEYkm=q51jr3BJgC3r2_pUCOQN_=E+0Je=obXr91g@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/alternative; boundary="000000000000fa1cfe064f21ad9e"
Message-ID-Hash: WZFUXGXWEZ75EWSAIEKTPNPJOABYHQY3
X-Message-ID-Hash: WZFUXGXWEZ75EWSAIEKTPNPJOABYHQY3
X-MailFrom: sschmieg@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YFA0zMvVbe8YZ1Rr8yvln7Wl1Lc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Random faults in ML-DSA can always leak single bits of the private key, but
this is a leak exists whether you use randomized or non-randomized
signatures, simply by hoping the fault messes with the rejection of
signatures with values outside of the limits. The more dangerous fault
would be resigning with the same value for y, which immediately leaks the
full private key, this is the same type of fault that EdDSA is in danger
of. However, different from EdDSA, the where private and public key could
be independently supplied (and therefore faulted) and the masking scalar
only depends on the message and the private key, ML-DSA's y depends on both
the private key and µ, which in turn depends on the message and the public
key. This means the only way to cause this fault attack is by faulting µ
in-between line 8 and 15 of the spec, and hoping that both signatures are
accepted at the same iteration of the rejection loop. That isn't to say
that deterministic signatures are not at a higher risk for fault attacks,
just that compared with EdDSA, this risk is substantially lower here, and I
do think that the argument that deterministic signatures lead to better
testability makes it defensible to use either mode of ML-DSA.

On Fri, Apr 10, 2026 at 1:02 PM Muhammad Usama Sardar <
muhammad_usama.sardar@tu-dresden.de> wrote:

> On 10.04.26 20:39, Ilari Liusvaara wrote:
>
> > Furthermore, I would be much more concerned about "TEE" (especially
> > something like TDX or SEV) getting possessed by an attacker than side
> > channel attacks.
>
> Well, TEE is already possessed by an attacker. As per white paper of
> Confidential Computing Consortium (CCC) [0], cloud provider is your
> attacker. Industry giants like Microsoft and Google use the same
> attacker model. And if cloud provider is not your attacker, it is not
> clear to me who are you protecting against with TEE? and for what purpose?
>
> Attacks like BadRAM, TEE.fail and wiretap.fail have shown exploitation
> of side channels attacks to be practically feasible within 10 bucks.
> Since Intel and AMD continue to exclude side channel attacks, I believe
> the software design has to be more robust to protect against side
> channel attacks.
>
> Best regards,
>
> -Usama
>
> [0]
>
> https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC_outreach_whitepaper_updated_November_2022.pdf
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>


-- 

Sophie Schmieg | Information Security Engineer | ISE Crypto |
sschmieg@google.com