[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: Specification for Kyber in GnuPG (was: Very first Beta of GnuPG 2.6 available)
From: Andrew Gallagher via Gnupg-devel <gnupg-devel () gnupg ! org>
Date: 2024-05-02 13:27:27
Message-ID: BE4A733A-68D8-4489-998F-802456AAA844 () andrewg ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 2 May 2024, at 07:42, Werner Koch via Gnupg-devel <gnupg-devel@gnupg.org> wrote:
> +Curve | ML-KEM | ECC-KEM | SHAFunc | Requirement
> +---------------:|--------|---------|----------|------------
> +X25519 | 768 | XKem | SHA3-256 | SHOULD
> +X448 | 768 | XKem | SHA3-512 | MAY
> +X25519 | 1024 | XKem | SHA3-256 | MAY
> +X448 | 1024 | XKem | SHA3-512 | SHOULD
> +brainpoolP256r1 | 768 | ecdhKem | SHA3-256 | MAY
> +brainpoolP384r1 | 768 | ecdhKem | SHA3-512 | SHOULD
> +brainpoolP512r1 | 768 | ecdhKem | SHA3-512 | MAY
> +brainpoolP512r1 | 1024 | ecdhKem | SHA3-512 | SHOULD
> +brainpoolP256r1 | 1024 | ecdhKem | SHA3-256 | MAY
> +brainpoolP384r1 | 1024 | ecdhKem | SHA3-512 | MAY
> +NIST P-256 | 768 | ecdhKem | SHA3-256 | MAY
> +NIST P-384 | 768 | ecdhKem | SHA3-512 | MAY
> +NIST P-521 | 768 | ecdhKem | SHA3-512 | MAY
> +NIST P-256 | 1024 | ecdhKem | SHA3-256 | MAY
> +NIST P-384 | 1024 | ecdhKem | SHA3-512 | MAY
> +NIST P-521 | 1024 | ecdhKem | SHA3-512 | MAY
This is an enormous set of initial combinations, not all of which make any sense. Why \
suggest pairing P-256 curves with kyber1024? Do we need all three grades of brainpool \
and NIST? The four SHOULDs and the corresponding two NIST equivalents are plenty.
Once again I'll beg you to please implement the Kousidis, Strenzke and Wussler spec \
instead of making trivial changes to their assigned numbers in order to start a \
pointless and exhausting fight with the IETF WG over ownership of the registry. If we \
need to allocate four more code points for the brainpool and nist alternatives, \
what's the harm? The registry is SPECIFICATION REQUIRED (or will be shortly) and the \
use of brainpool/nist curves in PQC is not controversial. Why reinvent the wheel?
A
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEKR55odxVrielLu+DXB7EBNWQZikFAmYzlMAACgkQXB7EBNWQ
ZikevQ/+Pj/6sZmZba+QRZoBaHryyxYpwwHLEshjeZvdCHEFIR6A5W95DJQUGZWe
2LFL1Bvl1Q3hse6Fg3LuNJsq8FcMk1SO1qwOx0L78cxtPuWhe7B8QGMWhJHFbjzU
T/jHwlJh89eErEB+bHRkbJyPFotpx/psLX2MkhvgDjn1y/ckhcDV8ksAjZbdU9vb
jo0SlMlJbIzNJTtFB+va5mtGt2c+3hBVOFb8j2V0jU9T1P8K5Fw/nF3h9J6fzsNe
c4gmFXTqaDpocdiJAOg1Lu9cVWkeuBh3NznZw0TER/gwxWmOMGG9iJgYb+A/I7YS
fhpWyId4fYzhIg9mauLJJ67jjrAAqXEEnOo+DwlIekLpz5svgjdMi4G6wr7bHLME
h2DBzOePfS7oGIoUrq63cfEXDBIKS6IJcvSrKaBY+TcR6V+rU5BDL4Qb4Cwz3Atj
rsF1ssoRL8AwpiNvkttEUhk6M/voFL8tqbuK5kdyfJQTXoNlWerBYkkUGpaNHkaN
q9xpXB1IVmNqmDpJRloYvUxH6tNUEdWFJ0X/KvSJzqu7DP0YN/t4rdNxug+tTiPQ
zJBoNaTlHNU9RENnef89ThnfrEPgVgiUfm+2GVGE7e07T1tikDczSW+5JyP2yzsB
xRs80KFnhAmlK0cv49rRyLFeHYFNLgeXpkf9fOzPOLt6OCRd34g=
=wse7
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic