Markdown Version | Session Recording

Session Date/Time: 10 Nov 2023 12:00

pquip

Summary

The pquip working group meeting covered several topics related to post-quantum cryptography (PQC) interoperability, terminology, and use cases. Presentations included updates on the PQNX 509 interoperability project, hybrid terminology, PQC for engineers, hybrid signature spectrums, PQC use cases, and a comparison of hybrid KEM drafts. Discussions focused on clarifying definitions, aligning algorithm choices across working groups, and the practical considerations of deploying PQC in different environments.

Key Discussion Points

• PQNX 509 Interoperability Project:
  • Progress on testing PQC algorithms and creating an artifact format for interoperability testing.
  • Collaboration with the NCCoE.
  • The artifact pository format is a zip file containing trust anchors with self-signed certificates, and entities for Kyber as KEMs cannot be signed.
  • Discussion on the OID mapping table.
• Hybrid Terminology:
  • Defining terminology for post-quantum traditional hybrid schemes.
  • Discussion on the use of terms like "post-quantum" vs. "quantum-resistant."
  • Debate on whether to publish as an RFC or maintain as a living document.
• PQC for Engineers:
  • Explaining the need for engineers to understand PQC and migration strategies.
  • Addition of sections on authenticated key exchange and IKEv2.
  • Discussion about hardware acceleration for PQC KEMs.
  • Update on changes with Kyber becoming ML-KEM.
• Hybrid Signature Spectrums:
  • Exploring security properties of hybrid signature schemes, including separability and non-separability.
  • Discussion on artifact, message and scheme level integration of signature schemes.
• PQC Use Cases:
  • Collecting and organizing use cases for PQC to aid in migration strategies.
  • Considered a companion to the PQC for Engineers draft.
• Hybrid KEM Drafts Comparison:
  • Comparing different hybrid KEM drafts across various IETF working groups (CFG, TLS, LAMPS, OpenPGP, JOSE).
  • Focus on algorithm choices, KDF constructions, and security considerations.
  • Debate on which drafts fit which implementations.

Decisions and Action Items

• Hybrid Terminology:
  • Add definitions for mixed certificate chains and multi-cert authentication in the next version.
  • Address comments on the mailing list regarding the definition of traditional algorithms and multi-algorithm schemes.
• PQC for Engineers:
  • Add a paragraph comparing stateful hash-based signature sizes to SPHINCS+.
  • Address open issues on the mailing list.
  • Consider adding a section or subsection on hardware acceleration for PQC KEMs.
  • Add note about the changes to Kyber and the cyber attack commitment.
• Hybrid Signature Spectrum:
  • Add language about black box implementation of underlying signature systems.
  • Consider including a reference to pre-hashing.

Next Steps

• Continue working on the existing drafts and addressing open issues on the mailing lists.
• Explore the possibility of a new virtual interim hackathon towards the end of January.
• Discuss the alignment of algorithm choices and security considerations across different working groups.
• Progress the Hybrid terminology document.
• Pquip meeting monthly next meeting on Tuesday December 5.