[IPP] Fwd: [Cfrg] Applied Quantum Resistant Crypto

[IPP] Fwd: [Cfrg] Applied Quantum Resistant Crypto

Ira McDonald blueroofmusic at gmail.com
Mon Jul 23 15:23:56 UTC 2018


FYI - The start of a lively thread on the IRTF Crypto Forum list - all
positive replies.

- Ira

---------- Forwarded message ----------
From: Dr. Pala <director at openca.org>
Date: Tue, Jul 17, 2018 at 3:35 PM
Subject: [Cfrg] Applied Quantum Resistant Crypto
To: "saag at ietf.org" <saag at ietf.org>, PKIX <pkix at ietf.org>, "cfrg at irtf.org" <
cfrg at irtf.org>

Hi all,

I was wondering if there are people interested in setting up some sort of
discussion forum where to discuss the deployment (from a practical point of
view) for QRC in their systems. The intent here would be to share the
experiences, provide feedback, and possibly even share

Moreover, being this quite a new field when it comes to real-world
applications, it would be interesting to understand the new requirements so
that we can plan for algorithm agility correctly and not having to go
through what we suffered in the past (and in some cases with current
protocols) to upgrade/switch among different schemes/algorithms.

For example, some of the topics might include:

   - How to deploy PKI services
   - Mixed environments considerations (QRC and "Traditional" Crypto)
   - Mixed environments (stateful vs. stateless)
   - Encryption and Key-Exchange for QRC - what are the options there (it
   seems auth is well understood, but other problems are still open)?
   - Are there implications for the deployment of PKIs we need to be aware
   of and are not currently mentioned/addressed?
   - Any real-world deployment out there (or plans for it)?
   - Algorithm Agility, what to plan for?
   - Applicability to Revocation Services

Most of the activities to standardize QRC in CMS/SecFirmware/etc. that I
can see are related to the use of Stateful HASHSIG and I have not seen any
"standardization" activities around stateless schemes (e.g., SPHINCS), but
if I am wrong, please let me know (and if you could provide some
interesting links, that would be great). I think it would be useful to
understand how to practically deploy these new schemes and how to refine /
provide the building blocks required for their implementation and

Here's some references:

Merkle Tree Signatures (Stateful):

   - https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs/
   - https://datatracker.ietf.org/doc/draft-housley-cms-mts-hash-sig/
   - https://www.ietf.org/id/draft-housley-suit-cose-hash-sig-04.txt
   - https://datatracker.ietf.org/doc/rfc8391/ (XMSS)
   - https://eprint.iacr.org/2018/063 (Viability of Post Quantum X.509
   Certs Paper)

   - Implementations:
      - https://github.com/cisco/hash-sigs

SPHINCS Related (Stateless):

   - https://sphincs.org/

   - Implementations:
   - https://sphincs.org/data/sphincs+-reference-

Other Relevant Links:

   - https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/
   - https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
   - http://test-pqpki.com/

I guess this is all for now - you can reply privately at the following

    director at openca.org
    m.pala at cablelabs.com

Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
[image: OpenCA Logo]

Cfrg mailing list
Cfrg at irtf.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180723/6267613f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pmcbhebgdaofbblo.png
Type: image/png
Size: 3146 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180723/6267613f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3994 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180723/6267613f/attachment.p7s>

More information about the ipp mailing list