%% You should probably cite draft-ounsworth-pq-composite-keys-05 instead of this revision.
@techreport{ounsworth-pq-composite-keys-02,
    number =    {draft-ounsworth-pq-composite-keys-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-keys/02/},
    author =    {Mike Ounsworth and Massimiliano Pala and Jan Klaußner},
    title =     {{Composite Public and Private Keys For Use In Internet PKI}},
    pagetotal = 30,
    year =      2022,
    month =     jun,
    day =       8,
    abstract =  {The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for the required data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptalanysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics as well as hardware and software implementations that have not had sufficient maturing time to rule out classical cryptanalytic attacks and implementation bugs. Cautious implementors may wish to layer cryptographic algorithms such that an attacker would need to break all of them in order to compromise the data being protected. For digital signatures, this is referred to as "dual", and for encryption key establishment this as reffered to as "hybrid". This document, and its companions, defines a specific instantiation of the dual and hybrid paradigm called "composite" where multiple cryptographic algorithms are combined to form a single key, signature, or key encapsulation mechanism (KEM) such that they can be treated as a single atomic object at the protocol level. EDNOTE: the terms "dual" and "hybrid" are currently in flux. We anticipate an Informational draft to normalize terminology, and will update this draft accordingly. This document defines the structures CompositePublicKey and CompositePrivateKey, which are sequences of the respective structure for each component algorithm. The generic composite variant is defined which allows arbitrary combinations of key types to be placed in the CompositePublicKey and CompositePrivateKey structures without needing the combination to be pre-registered or pre-agreed. The explicit variant is also defined which allows for a set of algorithm identifier OIDs to be registered together as an explicit composite algorithm and assigned an OID. This document is intended to be coupled with corresponding documents that define the structure and semantics of composite signatures and encryption, such as {[}draft-ounsworth-pq-composite-sigs-05{]} and draft- ounsworth-pq-composite-kem (yet to be published).},
}