IETF 115 in London
RG Chairs:
RG Secretary:
Note taker:
Alexey gave the status for the CFRG documents (see slides).
https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-bbs
There are not many implementations of hash-to-curve with the
ciphersuites that were in the previous version of the I-D. One that
makes use SHA-256 was added.
Looking a ways to improve the proof fixtures in the test vectors.
The use of hash-to-curve put a limit on the number of
messages for which the prover can create commitments and hide. Depending
on the option picked, the limit might be 2^48 messages.
https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-aead-properties
Andrey proposed some changes for the next version of the document, and
he asks for review and feedbck.
Some AEAD properties require a non-RFC5116
interface.
The literature does not agree on the terminology for AEAD properties.
There is interest in using this document to help converge on terms
across the community.
Paul Wouters (the Security AD) supported the document.
After some further discussion, the author should request a call for
adoption.
https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-rocca-s
The algorithm provides strong encryption with 100+ Gbps throughput.
Sponge-based construction. 256-bit key. 256-bit authentication tag. AES
round function 𝐴 and XOR.
The authors do not claim any intellectual property rights and
restrictions to use the algorithm.
An attack on this new algorithm does not necessarily mean there is an
attack against AES.
https://datatracker.ietf.org/meeting/115/materials/slides-115-cfrg-ntru
Kyber has some plausible patent claims. NIST is working with the patent
holders to allow free access, but we do not know the final agreement.
Until we see the licensing agreement, just saying ‘Kyber is the
solution’ is not sufficient. On the other hand, all the NTRU patents
have expired.
NIST announced that the agreements have been signed with the two patent
holders, and the terms will be announced in the next month or so.