**Session Date/Time:** 25 Jul 2023 20:00 # pquip ## Summary The Post-Quantum in Crypto (pquip) working group meeting at IETF 117 focused on the progress and coordination of post-quantum cryptography (PQC) efforts within the IETF. Key discussions included updates on the hybrid terminology draft, the "PQC for Engineers" document, and a list of IETF protocols and working groups involved in PQC. Real-world deployment experiences from Google were shared, and the Labs working group provided updates on their PQC-related activities. ## Key Discussion Points * **Hybrid Terminology Draft:** * Discussion on base definitions for traditional algorithms, post-quantum algorithms, and hybrid schemes. The consensus was to move forward with defining more specific language. * A proposal to split the draft into separate documents for hybrid key exchange mechanisms (KEMs) and signatures was discussed, with a preference expressed to keep them combined to avoid duplication and maintain alignment. * The group sought feedback on missing elements and suggestions for testing the language against existing protocol drafts. * **PQC for Engineers Document:** * The draft aims to provide operational and design guidance for engineers transitioning to PQC. It avoids complex cryptographic math but offers an overview of PQC in various protocols. * The discussion included the impact of quantum computers on symmetric and asymmetric cryptography, the "store now, decrypt later" attack, and the need for hybrid key agreement and digital signature schemes. * The importance of Mosca's threat model for assessing the impact of quantum computers on systems and the need for cryptographic agility was highlighted. * The working group discussed the scope, completeness, and target audience (technical but not necessarily crypto experts) of the document. A call for adoption was initiated for next week. * **IETF PQC Coordination:** * The group maintains a GitHub repository listing IETF working groups and protocols involved in PQC to facilitate coordination. * Pull requests are welcome for adding new information or suggesting specific resources. * It was noted that some IETF protocols do not require any specific PQC updates, and this information is tracked in the repository. * **Google's Deployment Experiences:** * Google shared their experiences in deploying PQC in internal encryption-in-transit systems (ALTS), emphasizing the importance of addressing "store now, decrypt later" attacks. * The discussion covered hybridization strategies, size overheads of PQC algorithms (e.g., HRSS, Kyber), and practical implementation challenges such as stack overflows. * Hybrid deployments are great, but can be dangerous from a complexity perspective. * **Lamps Updates** * Overview of composite signature drafts. * Discussion of the challenges and benefits of hybrid keys. * The group gave status updates on PKIX and CMS updates. ## Decisions and Action Items * **Hybrid Terminology Draft:** Continue developing the draft, keeping KEM and signatures terminology in a single document. * **PQC for Engineers Document:** Initiate a working group last call for adoption. People are encouraged to submit reviews with other folks in their organizations. * **IETF PQC Coordination:** Continue updating the GitHub repository with relevant information, including work in MLS. * **Test Vectors:** Start using the existing catch all document on GitHub for listing sample keys. * **Working Group Website:** Update the "about" page for this working group to include the GitHub repo link. * **Hackathon:** Let IETF know about having a potential interim hackathon so the group can use IETF resources. ## Next Steps * Initiate working group last call for the "PQC for Engineers" document. * Continue discussions on the mailing list regarding the Hybrid Terminology draft, test factors, and other PQC coordination efforts. * Update the pquip website.