Markdown Version | Session Recording

Session Date/Time: 25 Jul 2023 20:00

pquip

Summary

The Post-Quantum in Crypto (pquip) working group meeting at IETF 117 focused on the progress and coordination of post-quantum cryptography (PQC) efforts within the IETF. Key discussions included updates on the hybrid terminology draft, the "PQC for Engineers" document, and a list of IETF protocols and working groups involved in PQC. Real-world deployment experiences from Google were shared, and the Labs working group provided updates on their PQC-related activities.

Key Discussion Points

• Hybrid Terminology Draft:
  • Discussion on base definitions for traditional algorithms, post-quantum algorithms, and hybrid schemes. The consensus was to move forward with defining more specific language.
  • A proposal to split the draft into separate documents for hybrid key exchange mechanisms (KEMs) and signatures was discussed, with a preference expressed to keep them combined to avoid duplication and maintain alignment.
  • The group sought feedback on missing elements and suggestions for testing the language against existing protocol drafts.
• PQC for Engineers Document:
  • The draft aims to provide operational and design guidance for engineers transitioning to PQC. It avoids complex cryptographic math but offers an overview of PQC in various protocols.
  • The discussion included the impact of quantum computers on symmetric and asymmetric cryptography, the "store now, decrypt later" attack, and the need for hybrid key agreement and digital signature schemes.
  • The importance of Mosca's threat model for assessing the impact of quantum computers on systems and the need for cryptographic agility was highlighted.
  • The working group discussed the scope, completeness, and target audience (technical but not necessarily crypto experts) of the document. A call for adoption was initiated for next week.
• IETF PQC Coordination:
  • The group maintains a GitHub repository listing IETF working groups and protocols involved in PQC to facilitate coordination.
  • Pull requests are welcome for adding new information or suggesting specific resources.
  • It was noted that some IETF protocols do not require any specific PQC updates, and this information is tracked in the repository.
• Google's Deployment Experiences:
  • Google shared their experiences in deploying PQC in internal encryption-in-transit systems (ALTS), emphasizing the importance of addressing "store now, decrypt later" attacks.
  • The discussion covered hybridization strategies, size overheads of PQC algorithms (e.g., HRSS, Kyber), and practical implementation challenges such as stack overflows.
  • Hybrid deployments are great, but can be dangerous from a complexity perspective.
• Lamps Updates
  • Overview of composite signature drafts.
  • Discussion of the challenges and benefits of hybrid keys.
  • The group gave status updates on PKIX and CMS updates.

Decisions and Action Items

• Hybrid Terminology Draft: Continue developing the draft, keeping KEM and signatures terminology in a single document.
• PQC for Engineers Document: Initiate a working group last call for adoption. People are encouraged to submit reviews with other folks in their organizations.
• IETF PQC Coordination: Continue updating the GitHub repository with relevant information, including work in MLS.
• Test Vectors: Start using the existing catch all document on GitHub for listing sample keys.
• Working Group Website: Update the "about" page for this working group to include the GitHub repo link.
• Hackathon: Let IETF know about having a potential interim hackathon so the group can use IETF resources.

Next Steps

• Initiate working group last call for the "PQC for Engineers" document.
• Continue discussions on the mailing list regarding the Hybrid Terminology draft, test factors, and other PQC coordination efforts.
• Update the pquip website.