**Session Date/Time:** 10 Nov 2023 12:00 # pquip ## Summary The pquip working group meeting covered several topics related to post-quantum cryptography (PQC) interoperability, terminology, and use cases. Presentations included updates on the PQNX 509 interoperability project, hybrid terminology, PQC for engineers, hybrid signature spectrums, PQC use cases, and a comparison of hybrid KEM drafts. Discussions focused on clarifying definitions, aligning algorithm choices across working groups, and the practical considerations of deploying PQC in different environments. ## Key Discussion Points * **PQNX 509 Interoperability Project:** * Progress on testing PQC algorithms and creating an artifact format for interoperability testing. * Collaboration with the NCCoE. * The artifact pository format is a zip file containing trust anchors with self-signed certificates, and entities for Kyber as KEMs cannot be signed. * Discussion on the OID mapping table. * **Hybrid Terminology:** * Defining terminology for post-quantum traditional hybrid schemes. * Discussion on the use of terms like "post-quantum" vs. "quantum-resistant." * Debate on whether to publish as an RFC or maintain as a living document. * **PQC for Engineers:** * Explaining the need for engineers to understand PQC and migration strategies. * Addition of sections on authenticated key exchange and IKEv2. * Discussion about hardware acceleration for PQC KEMs. * Update on changes with Kyber becoming ML-KEM. * **Hybrid Signature Spectrums:** * Exploring security properties of hybrid signature schemes, including separability and non-separability. * Discussion on artifact, message and scheme level integration of signature schemes. * **PQC Use Cases:** * Collecting and organizing use cases for PQC to aid in migration strategies. * Considered a companion to the PQC for Engineers draft. * **Hybrid KEM Drafts Comparison:** * Comparing different hybrid KEM drafts across various IETF working groups (CFG, TLS, LAMPS, OpenPGP, JOSE). * Focus on algorithm choices, KDF constructions, and security considerations. * Debate on which drafts fit which implementations. ## Decisions and Action Items * **Hybrid Terminology:** * Add definitions for mixed certificate chains and multi-cert authentication in the next version. * Address comments on the mailing list regarding the definition of traditional algorithms and multi-algorithm schemes. * **PQC for Engineers:** * Add a paragraph comparing stateful hash-based signature sizes to SPHINCS+. * Address open issues on the mailing list. * Consider adding a section or subsection on hardware acceleration for PQC KEMs. * Add note about the changes to Kyber and the cyber attack commitment. * **Hybrid Signature Spectrum:** * Add language about black box implementation of underlying signature systems. * Consider including a reference to pre-hashing. ## Next Steps * Continue working on the existing drafts and addressing open issues on the mailing lists. * Explore the possibility of a new virtual interim hackathon towards the end of January. * Discuss the alignment of algorithm choices and security considerations across different working groups. * Progress the Hybrid terminology document. * Pquip meeting monthly next meeting on Tuesday December 5.