Markdown Version | Session Recording

Session Date/Time: 18 Mar 2024 03:00

CFRG Meeting Minutes

Summary

The CFRG meeting covered a wide range of topics, including updates on existing drafts, discussions on new proposals related to post-quantum cryptography, federated machine learning, and formal analysis of TLS protocols. Key discussions revolved around hybrid key exchange mechanisms, secure aggregation techniques for privacy-preserving machine learning, and potential inconsistencies in existing TLS implementations.

Key Discussion Points

• Hedged ECDSA/EDDSA Signatures:

  • Discussed naming conventions and alignment with academic literature and NIST standards.
  • Addressed concerns about the order of random value and prefix for side-channel attack mitigation.
  • Reviewed the inclusion of test vectors and potential proofs of construction.

• GCM with Secure Short Tags (GCM-SST):

  • Explained the motivation for secure short tags in GCM, particularly for radio link layers and media applications.
  • Compared GCM-SST with standard GCM in terms of performance and security properties.
  • Solicited interest from CFO (Codec Foo Optimization) working group for potential adoption.

• ML-KEM in HBKE:

  • Analyzed the binding properties of DH-KEM (Diffie-Hellman Key Exchange Mechanism) in HBKE (Hybrid Public Key Encryption) and compared them to ML-KEM (Module Learning with Errors Key Encapsulation Mechanism).
  • Discussed potential re-encapsulation attacks and the need for strong binding of ciphertext and public key.
  • Considered options for modifying HBKE or adapting ML-KEM to ensure security in hybrid post-quantum scenarios.

• Mastic for VDAF:

  • Presented an update on the Mastic protocol, an alternative to Poppler 1 for the heavy hitters problem.
  • Outlined the use cases for Mastic, including weighted heavy hitters and grouped metrics.
  • Discussed the progress on security analysis and implementation in Rust.
  • Considered replacing Poppler 1 with Mastic in the base VDAF draft.

• Private Inexpensive Norm Enforcement (Pine) for Federated Machine Learning:

  • Introduced Pine, a new VDAF (Verifiable Distributed Aggregation Function) designed to support federated machine learning use cases.
  • Addressed the challenge of preventing wraparound effects when computing squared out to norms in field operations.
  • Compared Pine with Pro 3 in terms of communication cost and performance.

• Synchronous Remote Key Generation:

  • Introduced a draft on synchronous remote key generation, a technique for generating non-correlatable public keys.
  • Explained the applications of this technique in verifiable credentials and remote secure elements.
  • Requested reviews and feedback on the draft.

• Hybrid PQ Cams:

  • Addressed the lack of a clear consensus as to how to combine PQ and classic public key cryptography safely.
  • Discussed issues related to the difficulty of the certification of PQ algorithms.
  • Debated approaches for specifying combiners and providing general advice to protocol developers.

• Analysis of Ratls:

  • Presented a formal analysis of the combination of remote attestation with TLS, focusing on the validation part of the model.
  • Identified potential issues related to the handshake secret and master secret generation in TLS implementations.
  • Solicited feedback and insights on the observed inconsistencies.

Decisions and Action Items

• Hedged ECDSA/EDDSA Signatures: Include test vectors in the next version. Investigate the need for proofs for the construction.
• Hybrid PQ Cams: A design team will be formed to compile requirements for hybrid PQ cams and combine them with classic public key cryptography safely.
• Mastic for VDAF: Post questions and discussion to the mailing list regarding whether or not to immediately replace Poppler1 with Mastic.

Next Steps

• Continue discussions on the mailing list regarding the replacement of Poppler 1 with Mastic.
• Form a design team for hybrid PQ cams and develop a reasonable set of requirements.
• Continue working on aligning the reference implementation with security analysis for the Mastic protocol.
• Gather feedback from implementers on the Pine protocol for federated machine learning.
• Continue reviewing and providing feedback on the Synchronous Remote Key Generation draft.
• Continue analysis on existing TLS implementations, to ensure that no security issues or issues with spec compliance will impact remote attestation.