Hi, I am against that this document standardizes more SHA-2 variants than SHAKE. I agree with Arne Padmos that the prefered way forward would be only SHAKE-based SLH-DSA [1].
SHA-3 was designed with side-channel security in mind, whereas SHA-2 is significantly harder to protect against side-channels. HMAC, HDKF, MGF, etc. are constructions only needed when the hash function has significant vulnerabilities/issues such as length-extension, failure to behave like a random function, lack of variable-length output, etc. SHA-3 is practically much more secure than SHA-2. An earlier version of SHA-2 SPHINCS+ has security problems and got "fixed" into something which I would call quite ugly. I think Section 11 of FIPS 205 [2] is a very clear example why SHAKE is highly preferred over SHA-2. [1] https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/vtMTuE_3u-0/m/80Cvu_HYAAAJ [2] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf Cheers, John Preuss Mattsson (As an individual) On 2024-10-21, 00:24, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote: Internet-Draft draft-ietf-cose-sphincs-plus-05.txt is now available. It is a work item of the CBOR Object Signing and Encryption (COSE) WG of the IETF. Title: SLH-DSA for JOSE and COSE Authors: Michael Prorock Orie Steele Rafael Misoczki Michael Osborne Christine Cloostermans Name: draft-ietf-cose-sphincs-plus-05.txt Pages: 11 Dates: 2024-10-20 Abstract: This document describes JOSE and COSE serializations for SLH-DSA, which was derived from SPHINCS+, a Post-Quantum Cryptography (PQC) based digital signature scheme. This document does not define any new cryptography, only seralizations of existing cryptographic systems described in [FIPS-205]. Note to RFC Editor: This document should not proceed to AUTH48 until NIST completes paramater tuning and selection as a part of the PQC (https://csrc.nist.gov/projects/ post-quantum-cryptography) standardization process. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-cose-sphincs-plus/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-cose-sphincs-plus-05.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-cose-sphincs-plus-05 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
_______________________________________________ COSE mailing list -- cose@ietf.org To unsubscribe send an email to cose-le...@ietf.org
