%% You should probably cite draft-ietf-lamps-pq-composite-sigs instead of this I-D.
@techreport{ounsworth-pq-composite-sigs-08,
    number =    {draft-ounsworth-pq-composite-sigs-08},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/08/},
    author =    {Mike Ounsworth and John Gray and Massimiliano Pala},
    title =     {{Composite Signatures For Use In Internet PKI}},
    pagetotal = 32,
    year =      2023,
    month =     mar,
    day =       13,
    abstract =  {The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for the required data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptanalysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics as well as hardware and software implementations that have not had sufficient maturing time to rule out classical cryptanalytic attacks and implementation bugs. Cautious implementers may wish to layer cryptographic algorithms such that an attacker would need to break all of them in order to compromise the data being protected using either a Post-Quantum / Traditional Hybrid, Post-Quantum / Post-Quantum Hybrid, or combinations thereof. This document, and its companions, defines a specific instantiation of hybrid paradigm called "composite" where multiple cryptographic algorithms are combined to form a single key, signature, or key encapsulation mechanism (KEM) such that they can be treated as a single atomic object at the protocol level. This document defines the structures CompositeSignatureValue, and CompositeSignatureParams, which are sequences of the respective structure for each component algorithm. The explicit variant is defined which allows for a set of signature algorithm identifier OIDs to be registered together as an explicit composite signature algorithm and assigned an OID. The generic composite variant is also defined which allows arbitrary combinations of signature algorithms to be used in the CompositeSignatureValue and CompositeSignatureParams structures without needing the combination to be pre-registered or pre-agreed. This document is intended to be coupled with corresponding documents that define the structure and semantics of composite public and private keys and encryption {[}I-D.ounsworth-pq-composite-keys{]}, however may also be used with non-composite keys, such as when a protocol combines multiple certificates into a single cryptographic operation.},
}