CFRG (Crypto Forum Research Group)

IETF 115 in London

RG Chairs:

RG Secretary:

Note taker:

Minutes for CFRG at IETF 115

Chairs' update

https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-cfrg-chairs-document-status-update

Alexey gave the status for the CFRG documents (see slides).

Tobias Looker, "BBS Signatures" (draft-irtf-cfrg-bbs-signatures) (10+5 mins)

https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-bbs

There are not many implementations of hash-to-curve with the
ciphersuites that were in the previous version of the I-D. One that
makes use SHA-256 was added.

Looking a ways to improve the proof fixtures in the test vectors.

The use of hash-to-curve put a limit on the number of
messages for which the prover can create commitments and hide. Depending
on the option picked, the limit might be 2^48 messages.

Andrey Bozhko, "Classification of properties of AEAD modes" (draft-bozhko-cfrg-aead-properties) (5+5 mins)

https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-aead-properties

Andrey proposed some changes for the next version of the document, and
he asks for review and feedbck.

Some AEAD properties require a non-RFC5116
interface.

The literature does not agree on the terminology for AEAD properties.
There is interest in using this document to help converge on terms
across the community.
Paul Wouters (the Security AD) supported the document.

After some further discussion, the author should request a call for
adoption.

Yuto Nakano, "Encryption algorithm Rocca-S" (draft-nakano-rocca-s) (10+5 mins)

https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-rocca-s

The algorithm provides strong encryption with 100+ Gbps throughput.
Sponge-based construction. 256-bit key. 256-bit authentication tag. AES
round function 𝐴 and XOR.

The authors do not claim any intellectual property rights and
restrictions to use the algorithm.

An attack on this new algorithm does not necessarily mean there is an
attack against AES.

Scott Fluhrer, "The use of NTRU" (draft-fluhrer-cfrg-ntru) (10+5 mins)

https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-ntru

Kyber has some plausible patent claims. NIST is working with the patent
holders to allow free access, but we do not know the final agreement.
Until we see the licensing agreement, just saying ‘Kyber is the
solution’ is not sufficient. On the other hand, all the NTRU patents
have expired.

NIST announced that the agreements have been signed with the two patent
holders, and the terms will be announced in the next month or so.