Session Date/Time: 23 Jul 2024 22:30

pquip

Summary

The pquip working group meeting covered several documents related to post-quantum cryptography (PQC). Discussions included the "PQC for Engineers" draft, hybrid terminology, hybrid signature spectrums, NIST's post-quantum standardization efforts, migration use cases, and hash-based signature schemes. The meeting addressed potential last calls for some drafts and future directions for the working group.

Key Discussion Points

PQC for Engineers Draft:
- Authors believe the draft is nearly complete and proposed a working group last call after IETF 120.
- The draft serves as an IETF-focused PQC primer.
- Participants were encouraged to review the draft and provide feedback, specifically identifying any missing topics or areas for improvement.
Hybrid Terminology Draft:
- The draft standardizes terminology for post-quantum/traditional hybrids.
- A working group last call was conducted in February, resulting in updates to the draft.
- There was a discussion of the scope of the document and where to address more complex aspects of hybrid security, potentially in another draft.
- A second working group last call is likely.
Hybrid Signature Spectrums Draft:
- This document describes different security properties and spectrums related to hybrid signature construction.
- Discussions were held around separability, generality, and artifact locations within hybrid signatures.
- The draft includes language on why one would use a hybrid signature, a hybrid PQ traditional signature, versus not going PQ at all, or going directly to PQ and not doing hybrid at all.
- Consensus on these additions may be challenging.
- Discussion regarding strong non-separable (fused) hybrid signatures, including potential use cases.
- A working group last call may flush out any further issues.
NIST Post-Quantum Cryptography Standardization Update:
- NIST provided an update on its post-quantum cryptography standardization process.
- Four algorithms are in the standardization track: ML-KEM (Kyber), ML-DSA (Dilithium), Falcon, and SPHINCS+.
- Round 4 candidates are being evaluated, with a focus on Classically Enhanced McEliece (Classic McEliece), BIKE, and HQC.
- On-ramp signature candidates are also being evaluated.
- Relaxation of restrictions around state copying in SP 800-208 is planned.
- A special-purpose publication discussing ML-KEM deployment scenarios is forthcoming.
Migration Use Cases Taxonomy Draft:
- This document aims to guide engineers in choosing appropriate algorithms and parameters for post-quantum migration based on factors like duration, backwards compatibility, and protocol negotiation capabilities.
- The draft was revised to address previous feedback.
- The decision tree was updated to rely on objective measurements rather than subjective opinions.
- Exploration of a "pessimistic migration" approach is under consideration.
Hash-Based Signature Schemes Draft:
- Document on how to manage the stateful part of hash-based signature schemes like XMSS and LMS.
- Feedback was received to add when stateful schemes are appropriate in the first place.
- The authors propose adopting the draft.
PQC Hackathon:
- Positive work being done at the PQC Hackathon with new GitHub actions enabling interoperability testing.

Decisions and Action Items

Action Item: Participants to review "PQC for Engineers" draft and provide feedback on missing topics or areas for improvement.
Action Item: Authors of the "Hybrid Terminology" draft to proceed with a second working group last call.
Action Item: Authors of the "Hybrid Signature Spectrums" draft to prepare for a working group last call.
Action Item: Britta Hale to push to CFRG a few strong, non-separable construction which use P-56 and MLDSA.
Action Item: Alexander to include information about PQC Hackathon to the mailing list.

Next Steps

Continue discussions on the mailing list for all documents.
Begin working group last calls for drafts where consensus is reached.
Consider adoption of drafts when appropriate.
Monitor progress of NIST's post-quantum cryptography standardization efforts.