Henry CaseNov 7, 2024
Sophie Schmieg
I hate how much the NSA will sing the "I told you so" song, due to utter chaos caused by composite classic/PQC algorithms.
Nov 7, 2024 at 10:23amWeb
Show threadErin 💽✨Nov 7, 2024
@sophieschmieg due to people getting the combinations wrong or....?
Show threadSophie SchmiegNov 7, 2024

@erincandescent no, due to things getting bogged down in discussions, combinatory explosions, and technical complexities, while the pure algorithms are making steady progress.

At this point in time, it's likely that many scenarios will deploy pure PQC versions simply due to combiners not being ready yet, and not having a clear timeline to be ready in the nearish future.

Show threadSophie SchmiegNov 7, 2024
@erincandescent it is immensely frustrating, since these constructions are not technically all that complex, but due to compliance and having like five competing standards (in part due to not being all that complex), things have gone at a snails pace, while pure algorithms have been mostly smooth sailing.
Show threadErin 💽✨Nov 7, 2024
@sophieschmieg i wonder if the CFRG could push out a standard combination RFC quickly...

... I guess that would get bogged down too? 
Show threadErin 💽✨Nov 7, 2024
@sophieschmieg we both know it should be a simple case of HKDF-Extract(KEM1() || KEM2(), algorithm name) and yet
Show threadSophie SchmiegNov 7, 2024

@erincandescent CFRG has X-Wing, which is currently the most likely to get RFC status. It takes the "I don't care about FIPS, I want secure" approach to compliance.

It will certainly help to have it as an RFC.

Show threadFilippo ValsordaNov 7, 2024

@erincandescent @sophieschmieg

> [...] CFRG [...] quickly...

Let me stop you right there.

Show threadSophie SchmiegNov 7, 2024
@erincandescent the only exception here has been TLS encryption in transit, in part due to the TLS working group being able to take relatively liberal approaches to compliance, due to the ephemeral negotiation of encryption keys. (I.e. you can just use the pure algorithms if you want compliance)
Show threadrobrykNov 7, 2024

@sophieschmieg @erincandescent

Do you mean for encryption, signing, key exchange, or some subset?

Show threadSophie SchmiegNov 7, 2024
@robryk @erincandescent all of the above, but especially signing, since encryption might just go with X-Wing.
Show threadbepNov 7, 2024
@sophieschmieg This sounds so fashionably astute and dripping with condescension — mind if I borrow this phrase?
Show threadSophie SchmiegNov 7, 2024
@Blackeyepee sure 😄
Show threadEckes Nov 7, 2024
@sophieschmieg the only one responsible for that is NIST refusing to standardize it