IETF Logo Mail Archive

[TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt

John Mattsson <john.mattsson@ericsson.com> Mon, 10 March 2025 13:34 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D2154994C94 for <tls@mail2.ietf.org>; Mon, 10 Mar 2025 06:34:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XOko6ik1NX1C for <tls@mail2.ietf.org>; Mon, 10 Mar 2025 06:34:36 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2068.outbound.protection.outlook.com [40.107.249.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BEB51994C8D for <tls@ietf.org>; Mon, 10 Mar 2025 06:34:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YQ4Brm8SCfPz0OAQjGtmS/8Mo7KuqLthawZXv2IXmfn0lG2FBKGb8dLgORuFwBBFilHwJEq+KrhhUMCqij0ZNt+0WXhWVQGOo8GSt7sdP3UbK1N5XfyK563/qeFnpBYDhFyqbppmK4cgl0GTNPxED8li+oowRbdxAxgGY85oUytjligxSqN8uuyQIWXLai+uiz2Mj9uz7yusXTSucfuJ62ehTDcIqOkwfqT888CY3usPRd84OeC2wmDs5Ri5hH7sI4laEPaGJutqrQFKlPp68v4iwV4xc2g/AxZw/TXa+pXGbSM8HQY70qgOtOXaBvzyySZioWDxlpA9DHJDbMzIcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=abEdqxVlD1QftKX/y4xfHlbNeVdSLf3lE4iA03MSvuw=; b=gmp3WZFG8flshlzEzh0TruPOEmiAtX+HIFqPOdJPqF9KvI4ArKS9qmrFec+cHAzwPSRk+Qx94lfD/Ho9U50vxWuEyU1E7KVc3UQhXAjyapGFhkzvc8+eSvTRQIZEER7hT56c9QAjxr/mqdUE9oh9mJ8OqrkKgglnNqPZ7cESFKgDrR3bd3xRzaE219TE2VaYYLWjZX3VNDBWVXg9kPD6v28zrO/MxPDaI1bMWFRjDvXRhXbvKB981dMc2tyOHKnsa6RjtxiEKYX3shdotGsjRwlZK6i6zj41ksbFPjaCCI40y3Ohxe/y8J89cH/ZTpFLNoQl3PqTnLTPSBNsikbbYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=abEdqxVlD1QftKX/y4xfHlbNeVdSLf3lE4iA03MSvuw=; b=zRf/cBMOhf2oHH+r2lvsoe3mtGoZJNq2be1unYKLLQ3SRn9hmQPXxzCSnrdGistCdrdpXafG8TI5S2GjyaNU+xIpuMr18zQh2nUuZEJu2kHHMXxskK8kOn4GUWd9jfHpqDfQd5St+9EKIxkxduOo2O5jJlHqahn4sJTleW2LfVmk1GCsx860ye5boJS+dZgKwVha8oQKxJ35PzsK4Vo1TrNfBhuJjxN+xPM0+1YGFIUYg6XKarhomWizYzJmiX0VO/awejUOQOZdOiu1UAKFQIU2JuYNWUezpKMawjkzFi2819kP4HYz1YrK6tpiBHhy/HYQ7/qMHm8stAZfl/17ag==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PAWPR07MB9902.eurprd07.prod.outlook.com (2603:10a6:102:386::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.26; Mon, 10 Mar 2025 13:34:33 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%7]) with mapi id 15.20.8511.025; Mon, 10 Mar 2025 13:34:32 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt
Thread-Index: AQHbkO2ehAcnOcvdxk63BWeYOC61mrNqz28AgACheQCAABkFgIAApdRAgAAi7wCAAAH20IAACP2i
Date: Mon, 10 Mar 2025 13:34:32 +0000
Message-ID: <GVXPR07MB967866D9A284F287505F1BAB89D62@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <Z82aAuvLY1tiDxbQ@chardros.imrryr.org> <20250309231710.335050.qmail@cr.yp.to> <Z842c12hY9LNOd8J@chardros.imrryr.org> <LO2P123MB70510AFFBB46844E256C0A06BCD62@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM> <Z87e3EL3VbwPvQae@chardros.imrryr.org> <MW4PR09MB100596625FFF5130AA1C4D240F3D62@MW4PR09MB10059.namprd09.prod.outlook.com>
In-Reply-To: <MW4PR09MB100596625FFF5130AA1C4D240F3D62@MW4PR09MB10059.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PAWPR07MB9902:EE_
x-ms-office365-filtering-correlation-id: 5afab23b-05f6-4205-2731-08dd5fd84a86
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|4022899009|376014|38070700018|7053199007|8096899003;
x-microsoft-antispam-message-info: mdVKYiK+H5tZoZGKY57Uzf3WV6hukSrJsi+CUN5aOb0QO2ccTqeE+j/VSlY8X4YUfNRTNQPiCjj62ylZinbOcRrgW5eJP93+ecD09d4u5i1BCnzs/ZZruDBz5Smw+A8+EjIjYwBEOhtE/OWECwbIT865VygQmPI1OpLXEwNwK5yuMXyLm80LwMrF96+sAG78Uc4P6frX3EiysXXMi96gGiknjxeislPxcic3v7NxydgV5Orkujvc97OSeSDtNfUFRjaK3Lx7uyQhLWwgUFKHx5VioGfwnEUPWn6/dzvA+G4eZu858nomylwpmwRr0m67hI0LaA1Z06fxN9dOnMpFQ/YPHQY5lg1UWihiYCbwpliG+F334k/ePDNmXDWhoM4ceigp/dQe1eBOZFqmFWDbJlHXlN7Y8SxAOBOlcQqWopSIK2RHnaQQ9KtIcKriyhzHdnAjljLzyeGyA5T1zo8b2u3F4tOmgsTmW7/Vf8R4sbJ79qAVgdwXCzRDLLFrTGHP0ZsHT4FAj0IYsFaOHml7Elvc/i1T0z8mw2qx6V0CVl9NBdckbObbs7I+51MasHhnMSqllRebTp3j+gtJ37XAQTflNKpilN4hh+qU5Rm+Hm01Ro+Xor993cMNZymIuqCrmsFRJVgZLESZSG+nEjq3agKxVC65g9yOO+tlqunCgDesewvjDDTOt2C6iThjcmRH6oQJoC8ynqYbVCUAIPPEflv0Fo8GGhO1dNm5Mp9xh3SVGldeXZpCrzDxQCSPy08KmM/MBOZcUyVQSaMWxLReWtG2WyAGff5s1kkE0xacxVqHL5c1gDBh0V/BxDhykuq+F+FNe/0F2SevCU4/m4ooBHPz72dgl03dy0EMa+xJE2rVd6qsoSqjUYi6cAPCxUXvOJzeQZL54XRLDGNMgP4BrfhyeDQLojqwwaFtwRNBTP5grhcJX6nJdxTmVLU6H2u+y3X4NnJTWfspsyj7kfpTokCO53+pXhYkBLMw+VBOovXQJiHUo3lyWHv+5HpcAo7roFO23NoWJ80xPlmsKcC0DP4/34BU2J0IJd1RMqU2dmT2YFxkmlvLxqjRdCYBgtuwRZuXHI7xLJAy1agw8vYBxZcVnBf/EdR2xQkU9J9xkv3/oTwg8c4V446L2sSQudMorFp/0xiJAT6BVIrTksZwDpoPeZdAxXyibnM6rQUsROiBXjqIXwqcIP9KeZYLUo2oGoUyA6/ttE52gH+zuyZvJWADrkvNYWcWFutRFbi4nNq7fwJHECzMWYbDvAkjElGZ+OMDwQkjVYnxB5i6m+W4eBVHU3XYdoYIDs3tMNSmx9hELI+AtfR/m+XrbLbppMuC0ZaCz9J7p50j/j+O69wi1U8Um6tJOEMw1TNsZmIVZxZ03G9VsTZEuOZP70ye5PAjy/fC9JmfBndR3xtcO/tMaKwL2NnQ5vYQJMHtbqLXaZuIRNYcQLi2loqSKw8xxLYS
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(4022899009)(376014)(38070700018)(7053199007)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Uk8YjnwY+isEGumgOoh4oeYk/6gGSTxcRAwNz9UhzYW+D1U7zOpjVwF/LdHZy78xro3o20bs8c9Tk1Q3RsloYGQMKgIFQ3LHQEO96xEKpz1P8UCdPRJuH3JxvFZOCzopgPWjJeHAtAAi6sfw3BKWzzx2Rc0+z9S9QVd2bFjQ54w1aBodtxwIdZmkmCxn2U0nA4FWFrVLPXG1TDTnDKw46NZ3mCLoAbdcTcmyMDk148FBIyyxqDHIZH0P844ma3gtdE32lN4a6IylA/3O7KGYpNV2N++IlPyfo4RUZyq03QylJ9S6QNfkLOEUm7VZ7Wr4XZVvJy44fGnOzRDaQhFm/9r2Qngjmjz+N0TYMexp17nCIei6ggLDjRZLXtC5Sga0Dh8v56mjo4lH3NfXurJGU8sEFsTPLfeZlKSf5TSlASPmx5JRhp3SoN9VmPuzle9yV2+QyVlBdf+8Tvhqdh6RLOtQYgwY2GzXd8HPnLpXYSKtDFhwyzTJ6ThTqpA9HzXaDAuvct2x7SqF+2fWCDaZVvo7qsr+aeLjoPUqQNWXpwBRRg/HdxJk9I7I4eKez6GXh1qEiYDP3ubmUnl6NAkpU3eVmEZR2JsQdfcm0hADjXDZJbM6I/nHVRojdFfmuzmZTbUVrFym/Z18XA3/b2MT3JkFvcyfXZKZmEJDehDDkOLTFJjuxyTvmE7vf7VAV58IjGJsxD+dtbaMczoqOnlUrEDXfhONOui1jD8GyAESoF0rprUzfcM8TglBWPnvQgyOUMBx1biyV/GprZtvQmdhPbLMlq5s84Lglup9IG1xB4mTTfT3P6kK6YsLf5zjbuLQ44y32AFk1uLYNyBRCv0W0uEexu2WyS/lBimnrqBp6eQsoh4UaGGw88wSnLXmk0uQRJwewdbt839W3B3ZxbxYALOn5SoSDo/hHUPvvAvikEZZDvgfc9F3m9Y/w+6wFv9H0LsMnhVWyuoG7KiDI1IpGibRlyL8SY0EUTOCmbpgl50902SOP3bdfPphTMGwRwpf7PJ2vwfuOVcS/nyo8ibt2kbNcMQAfq1vo4wCFbHhJaR8abjOe71uHwWPse4ePtxQZv0QVgSv8H0lXt0DIrqNjXKnbZtTDAHNT37FVRdy7vjoce1A/N/FPpr4zBSqRaRGYcAWhdWHCMNlq1p48XYA2FB3mHIRzVy3oIyiSsNU2ofuRY3TLW/ky2uwiDH5TOSgl8Ka9xxPSbmYTu42NtVDhcQJZ+p+1i2MPMZomKnbYNswQ309F/J8iNNbeE/Xpoi2QVC9nbDloBubhabTcpCemfOzU897FXoW3wyw664pqrdkVePBBqD1I9nKb0PHEkYLVMzaJxi626qsYzMrMTX/tghNHpG5U5ISZb+1/DyE4cHCgq7xpFPjHY537doyUL05GKUiE60Pkk0p4zBAb2Jmz/FQjxz3NCQHAINIRTD4X3a9mL6leiUCrTxhG+zIv3kxoh1mlIirBV/1k6vq/afqPEPTdaAjCoBHW/WxR3dMSC2rYp4O2zvJI6Lc9aorb+srJ6RJ4TAwUUJvtBqHX64RVR/w0khIQS09cXXXX80hJIj7Rc3WrHtCe+LaqHLCEHf+9dXaPyZnuiZz19X4DKTF/cOtPpl/ufQYYWHIjC1Tufk=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB967866D9A284F287505F1BAB89D62GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5afab23b-05f6-4205-2731-08dd5fd84a86
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2025 13:34:32.3923 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LrUVZaQ5W2cDXpaIyPwKwquKBzv+hg8lL93PaFuSRXLyY0qQRi9vIiDoZqvVJDFAl5iN05UBys8oLVGJ7ctFvqxsIaVXqNHAnXySCQ0XHoE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR07MB9902
Message-ID-Hash: TF4M7LXYEFDZO6I5ULCKFHKKJMD4XVFX
X-Message-ID-Hash: TF4M7LXYEFDZO6I5ULCKFHKKJMD4XVFX
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eCv8qnd9qiwLKLKkPiaFw3850SA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Dang, Quynh wrote:
>My guess is that that would be an expensive operation because of many reasons.

Yes, and to make sure that the first two keys were not just before and just after a rekeying, you would need to look at three keys…

While any timing side channels in X25519MLKEM768 are hopefully mitigated by the hybrid construction, this is not true with standalone ML-KEM. For standalone ML-KEM, it is even more important to forbid reuse of encapsulation keys when communicating with several peers. Also, standalone ML-KEM is even faster than the already very fast X25519MLKEM768, so there is even less justification for any reuse.

Cheers,
John

From: Dang, Quynh H. (Fed) <quynh.dang=40nist.gov@dmarc.ietf.org>
Date: Monday, 10 March 2025 at 14:09
To: tls@ietf.org <tls@ietf.org>
Subject: [TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt
The server can detect a reused encapsulation key if it saves the keys which have been received and check the newly received key against the list of its saved keys. The server could just save the hashes of the keys or a "small" portion of the keys as the key IDs.  My guess is that that would be an expensive operation because of many reasons.

Regards,
Quynh.
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status