On Tue, Jul 11, 2023 at 05:49:45PM +0530, tirumal reddy wrote: > Hi all, > > The new draft https://datatracker.ietf.org/doc/draft-ra-cose-hybrid-encrypt/ > defines the use of traditional and PQC algorithms, a hybrid post-quantum > KEM, for JOSE and COSE. Hybrid key exchange refers to using multiple key > exchange algorithms simultaneously and combining the result with the goal > of providing security even if all but one of the component algorithms is > broken. > > Comments and suggestions are welcome.
To me, this seems greatly overcomplicated. 1) The mess of N algorithms can be reduced to just two by making method polymorphic in key, just like ECDH-ES has always been. - KEM - KEM+A256KW Only AES-256 because: - This is intended for post-quantum. - Security level of even Kyber512 could be significanly above AES128. - AES-192 is poorly supported. And for simplicity, fixedInfo should use the same format as for ECDH-ES. Specifically: - For COSE, Core Deterministic Encoding of the COSE_KDF_Context. - For JOSE, the concatenation format with the same inputs as used for ECDH. 2) It would be simpler for implemeters to always use KMAC256. Most of the code can be shared with Kyber, which is _not_ guaranteed for KMAC128. And the speed difference is minor. 3) The mess of the key format could be reduced to just concatenating the parts into OKP key with new "curves". Yes, OKP was designed for such stuff from the very begninning. And even if it is philosophically wrong, this could technically even be appiled to ciphertexts in order to stick the ciphertext into "eph". 4) I don't think the use of K is allowed by kem-combiners. AFAIK, the minimum length of K for KMAC256 is 32 bytes, but some of stuff using it has 21 byte K. > ---------- Forwarded message --------- > From: <[email protected]> > Date: Wed, 5 Jul 2023 at 17:56 > Subject: New Version Notification for draft-ra-cose-hybrid-encrypt-00.txt > > Name: draft-ra-cose-hybrid-encrypt > Revision: 00 > Title: Hybrid key exchange in JOSE and COSE > Document date: 2023-07-05 > Group: Individual Submission > Pages: 30 > URL: > https://www.ietf.org/archive/id/draft-ra-cose-hybrid-encrypt-00.txt > Status: > https://datatracker.ietf.org/doc/draft-ra-cose-hybrid-encrypt/ > Html: > https://www.ietf.org/archive/id/draft-ra-cose-hybrid-encrypt-00.html > Htmlized: > https://datatracker.ietf.org/doc/html/draft-ra-cose-hybrid-encrypt -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
