I-D list for Crypto Forum RSS FeedDocument changesurn:uuid:593e4128-e423-5506-b261-25e7d84546a62024-03-28T22:24:11-0700X-Wing: general-purpose hybrid post-quantum KEM9833132024-03-26T12:00:23-07002024-03-26T12:00:23-0700Bas WesterbaanNew version available: <b>draft-connolly-cfrg-xwing-kem-02.txt</b>new_revisionnoneactiveidexists This memo defines X-Wing, a general-purpose post-quantum/traditional
hybrid key encapsulation mechanism (PQ/T KEM) built on X25519 and ML-
KEM-768.
02X-Wing: general-purpose hybrid post-quantum KEM9833122024-03-26T12:00:23-07002024-03-26T12:00:23-0700Bas WesterbaanNew version accepted (logged-in submitter: Bas Westerbaan)new_submissionnoneactiveidexistsX-Wing: general-purpose hybrid post-quantum KEM9833112024-03-26T12:00:22-07002024-03-26T12:00:22-0700Bas WesterbaanUploaded new revisionnew_submissionnoneactiveidexistsX-Wing: general-purpose hybrid post-quantum KEM9833102024-03-26T11:41:22-07002024-03-26T11:41:22-0700(System)Request for posting confirmation emailed to previous authors: Bas Westerbaan <bas@cloudflare.com>, Deirdre Connolly <durumcrustulum@gmail.com>, Peter Schwabe <peter@cryptojedi.org>new_submissionnoneactiveidexistsX-Wing: general-purpose hybrid post-quantum KEM9833092024-03-26T11:41:16-07002024-03-26T11:41:16-0700Deirdre ConnollyUploaded new revisionnew_submissionnoneactiveidexistsProperties of AEAD Algorithms9831662024-03-25T05:41:46-07002024-03-25T05:41:46-0700Andrey BozhkoNew version available: <b>draft-irtf-cfrg-aead-properties-05.txt</b>new_revisionirtfcfrgactiveidexistsrg-lc Authenticated Encryption with Associated Data (AEAD) algorithms
provide both confidentiality and integrity of data. The widespread
use of AEAD algorithms in various applications has led to an
increased demand for AEAD algorithms with additional properties,
driving research in the field. This document provides definitions
for the most common of those properties, aiming to improve
consistency in the terminology used in documentation.
05Properties of AEAD Algorithms9831652024-03-25T05:41:45-07002024-03-25T05:41:45-0700Andrey BozhkoNew version accepted (logged-in submitter: Andrey Bozhko)new_submissionirtfcfrgactiveidexistsrg-lcProperties of AEAD Algorithms9831642024-03-25T05:41:45-07002024-03-25T05:41:45-0700Andrey BozhkoUploaded new revisionnew_submissionirtfcfrgactiveidexistsrg-lcThe OPAQUE Augmented PAKE Protocol9831122024-03-24T14:56:49-07002024-03-24T14:56:49-0700Daniel BourdrezNew version available: <b>draft-irtf-cfrg-opaque-14.txt</b>new_revisionirtfcfrgStanislav V. Smyshlyaevactiveidexistsrg-lc This document describes the OPAQUE protocol, an augmented (or
asymmetric) password-authenticated key exchange (aPAKE) that supports
mutual authentication in a client-server setting without reliance on
PKI and with security against pre-computation attacks upon server
compromise. In addition, the protocol provides forward secrecy and
the ability to hide the password from the server, even during
password registration. This document specifies the core OPAQUE
protocol and one instantiation based on 3DH.
14The OPAQUE Augmented PAKE Protocol9831112024-03-24T14:56:48-07002024-03-24T14:56:48-0700(System)New version approvednew_submissionirtfcfrgStanislav V. Smyshlyaevactiveidexistsrg-lcThe OPAQUE Augmented PAKE Protocol9831102024-03-24T14:51:34-07002024-03-24T14:51:34-0700(System)Request for posting confirmation emailed to previous authors: Christopher Wood <caw@heapingbits.net>, Daniel Bourdrez <d@bytema.re>, Hugo Krawczyk <hugokraw@gmail.com>, Kevin Lewi <lewi.kevin.k@gmail.com>new_submissionirtfcfrgStanislav V. Smyshlyaevactiveidexistsrg-lcThe OPAQUE Augmented PAKE Protocol9831092024-03-24T14:51:33-07002024-03-24T14:51:33-0700Daniel BourdrezUploaded new revisionnew_submissionirtfcfrgStanislav V. Smyshlyaevactiveidexistsrg-lcAdditional Parameter sets for HSS/LMS Hash-Based Signatures9826362024-03-21T00:05:00-07002024-03-21T00:05:00-0700(System)Document has expiredexpired_documentirtfcfrgexpiredidexistsrg-lcTwo-Round Threshold Schnorr Signatures with FROST9816812024-03-19T13:33:44-07002024-03-19T13:33:44-0700(System)RFC Editor state changed to <b>RFC-EDITOR</b> from EDITchanged_stateirtfcfrgNick Sullivanactivenoicok-noactidexistsrfc-editrfc-editThe Asynchronous Remote Key Generation (ARKG) algorithm9802722024-03-17T18:20:35-07002024-03-17T18:20:35-0700John BradleyNew version available: <b>draft-bradleylundberg-cfrg-arkg-01.txt</b>new_revisionnoneactiveidexists Asynchronous Remote Key Generation (ARKG) is an abstract algorithm
that enables delegation of asymmetric public key generation without
giving access to the corresponding private keys. This capability
enables a variety of applications: a user agent can generate
pseudonymous public keys to prevent tracking; a message sender can
generate ephemeral recipient public keys to enhance forward secrecy;
two paired authentication devices can each have their own private
keys while each can register public keys on behalf of the other.
This document provides three main contributions: a specification of
the generic ARKG algorithm using abstract primitives; a set of
formulae for instantiating the abstract primitives using concrete
primitives; and an initial set of fully specified concrete ARKG
instances. We expect that additional instances will be defined in
the future.
01The Asynchronous Remote Key Generation (ARKG) algorithm9802712024-03-17T18:20:35-07002024-03-17T18:20:35-0700(System)New version approvednew_submissionnoneactiveidexistsThe Asynchronous Remote Key Generation (ARKG) algorithm9802702024-03-17T18:20:13-07002024-03-17T18:20:13-0700(System)Request for posting confirmation emailed to previous authors: Emil Lundberg <emil@emlun.se>, John Bradley <ve7jtb@ve7jtb.com>new_submissionnoneactiveidexistsThe Asynchronous Remote Key Generation (ARKG) algorithm9802692024-03-17T18:20:13-07002024-03-17T18:20:13-0700John BradleyUploaded new revisionnew_submissionnoneactiveidexistsThe OPAQUE Augmented PAKE Protocol9799242024-03-17T04:49:46-07002024-03-17T04:49:46-0700Alexey MelnikovThe official RGLC review period ended on February 1st, but the followup discussions haven’t concluded yet.added_commentirtfcfrgStanislav V. Smyshlyaevactiveidexistsrg-lcThe OPAQUE Augmented PAKE Protocol9799232024-03-17T04:49:46-07002024-03-17T04:49:46-0700Alexey MelnikovIRTF state changed to <b>In RG Last Call</b> from Active RG Documentchanged_stateirtfcfrgStanislav V. Smyshlyaevactiveidexistsrg-lcHedged ECDSA and EdDSA Signatures9794422024-03-16T07:23:44-07002024-03-16T07:23:44-0700John Preuß MattssonNew version available: <b>draft-irtf-cfrg-det-sigs-with-noise-03.txt</b>new_revisionirtfcfrgactiveidexistsactive Deterministic elliptic-curve signatures such as deterministic ECDSA
and EdDSA have gained popularity over randomized ECDSA as their
security does not depend on a source of high-quality randomness.
Recent research, however, has found that implementations of these
signature algorithms may be vulnerable to certain side-channel and
fault injection attacks due to their deterministic nature. One
countermeasure to such attacks is hedged signatures where the
calculation of the per-message secret number includes both fresh
randomness and the message. This document updates RFC 6979 and RFC
8032 to recommend hedged constructions in deployments where side-
channel attacks and fault injection attacks are a concern. The
updates are invisible to the validator of the signature and
compatible with existing ECDSA and EdDSA validators.
03Hedged ECDSA and EdDSA Signatures9794412024-03-16T07:23:44-07002024-03-16T07:23:44-0700John Preuß MattssonNew version accepted (logged-in submitter: John Preuß Mattsson)new_submissionirtfcfrgactiveidexistsactiveHedged ECDSA and EdDSA Signatures9794402024-03-16T07:23:44-07002024-03-16T07:23:44-0700John Preuß MattssonUploaded new revisionnew_submissionirtfcfrgactiveidexistsactiveGalois Counter Mode with Secure Short Tags (GCM-SST)9794392024-03-16T07:14:31-07002024-03-16T07:14:31-0700John Preuß MattssonNew version available: <b>draft-mattsson-cfrg-aes-gcm-sst-03.txt</b>new_revisionnoneactiveidexists This document defines the Galois Counter Mode with Secure Short Tags
(GCM-SST) Authenticated Encryption with Associated Data (AEAD)
algorithm. GCM-SST can be used with any keystream generator, not
just a block cipher. The main differences compared to GCM [GCM] is
that GCM-SST uses an additional subkey Q, that fresh subkeys H and Q
are derived for each nonce, and that the POLYVAL function from AES-
GCM-SIV is used instead of GHASH. This enables short tags with
forgery probabilities close to ideal. This document also registers
several instances of Advanced Encryption Standard (AES) with Galois
Counter Mode with Secure Short Tags (AES-GCM-SST).
This document is the product of the Crypto Forum Research Group.
03Galois Counter Mode with Secure Short Tags (GCM-SST)9794382024-03-16T07:14:31-07002024-03-16T07:14:31-0700John Preuß MattssonNew version accepted (logged-in submitter: John Preuß Mattsson)new_submissionnoneactiveidexistsGalois Counter Mode with Secure Short Tags (GCM-SST)9794372024-03-16T07:14:30-07002024-03-16T07:14:30-0700John Preuß MattssonUploaded new revisionnew_submissionnoneactiveidexists