Markdown Version | Session Recording
Session Date/Time: 25 Jul 2023 22:00
CFRG Meeting Minutes
Summary
The CFRG meeting covered a wide range of cryptographic topics with updates on several in-flight documents. Discussions included guidelines for IRTF specifications, updates to the BBS video signature scheme, LMS parameter sets, AEAD properties, HPKE extensions, CPace protocol, OPEC, MTL mode signatures, combine cams and Aegis cipher. Several action items were identified, primarily related to document updates and reviews.
Key Discussion Points
- Guidelines for IRTF Crypto Specs: Discussion on improving clarity and consistency in IRTF cryptographic specification documents, including referencing past RFCs, using mathematical symbols consistently, defining terminology (e.g., "formality"), and providing guidance on parameter choices.
- BBS Video Signature Scheme: Updates on draft, including efficiency improvements based on a Eurocrypt paper. Discussion on generator creation procedures and message-to-scalar mapping extensibility for future cipher suites.
- LMS Parameter Sets: Update on the draft defining new LMS parameter sets using SHA and SHAKE. Call for reviewers. Question on using 128-bit truncated SHAKE.
- AEAD Properties: Discussion on categorizing AEAD properties (basic security, additional security, implementation properties, additional functionality). Classification is based on potential adversary goal or change/extended interface of related API.
- HPKE Extensions: Proposal to add compact public key representation for the NIST curves, deterministic authenticated encryption (DAE) for lossy networks, and key wrapping support. Suggestion to split the document into two based on the separate use cases.
- CPace Protocol: Updates on the CPace protocol draft, which addresses a symmetric password-authenticated key exchange. Focus on implementability and discussion about including support for Restretto and Decaf curves versus x25519/x448.
- OPEC: Discussion of changes from the previous presentation, including the separate treatment of peer reputation and the group used for authenticated key exchange, and removing the notion of internal and external modes, focusing on internal only.
- MTL Mode Signatures: Introduction of MTL mode signatures for reducing the impact of signatures in expanding message series, specifically for post-quantum safety. Addresses using hash functions available on hardware platforms and short proofs compared to signature schemes.
- Combine Cams: Updates on draft that combines cans for hybrid cryptography in the post-quantum setting.
Decisions and Action Items
- Guidelines for IRTF Crypto Specs: Continue work on the document addressing feedback received, including the consistency in format and use of mathematical symbols.
- Action Item: Authors to address comments and feedback received on the mailing list.
- BBS Video Signature Scheme:
- Action Item: Authors to collect and provide a list of implementations for interoperability testing.
- LMS Parameter Sets:
- Action Item: Seek additional reviewers for the draft.
- HPKE Extensions:
- Action Item: Split the document into two. The first for compact representation, and the second for DAE and lossy networks.
- CPace Protocol:
- Action Item: Review for editorial consistency with OPEC, potentially by volunteer. Aim for consistent terminology and notation.
- OPEC:
- Action Item: Start crypto review panel and move towards an RGLC (Request for Group Last Call).
- MTL Mode Signatures:
- Action Item: Explore possible alignment and/or interoperability with Merkel Tree certificates.
- Combine Cams:
- Action Item: Authors to clarify that they rely on the random oracle assumption for catch. They also have to give guidance on how to choose the Kmart Key.
Next Steps
- Continue to work on resolving open issues and address feedback on the drafts.
- Coordinate cross-document consistency (e.g., CPace and OPEC).
- Initiate crypto review panels for documents nearing completion.
- Publish implementation lists and encourage interoperability testing.