Post Quantum and Related from Mike Prorock on 2022-07-06 (public-credentials@w3.org from July 2022)

From: Mike Prorock <mprorock@mesur.io>
Date: Wed, 6 Jul 2022 09:55:47 -0400
To: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAGJKSNS5uAJ0FkGtpkEdbEFjkZS2VKJ4YcH3EjEg_SGiC+ehFA@mail.gmail.com>

All,
Please do be tracking the upcoming changes around crypto primitives,
especially signature methods.  See the recent NIST announcement for more
details, but effectively, be planning on future support for CRYSTALS-KYBER,
and on the signature side of things CRYSTALS-Dilithium, FALCON, and SPHINCS+

NIST Announcement here:
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4

And a pretty good game plan from CISA with some timing implications here:
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum

The TLDR is to assume that we need hard answers as a community, and at the
standards level, on crypto agility by 2024, as well as support for the key
algorithms as listed above.

I would also think that any new specs being drafted should reference these
coming changes and start to work them in.  I would also be proactive on
adding in references as appropriate to specs you might be an editor or
author for (or just a contributor).

A draft spec that relates to the signature side of things (esp for JOSE /
COSE) use is here (shameless plug - but do note there will be some not
insignificant changes going into and out of IETF 114):
https://datatracker.ietf.org/doc/draft-prorock-cose-post-quantum-signatures/

And one that relates to underlying key storage and representation is here:
https://datatracker.ietf.org/doc/draft-uni-qsckeys/

The above specs are likely a good starting place if you need to reference
key representations and have links out to the cryptography approaches
themselves.

If the community is interested, I am happy to talk to some of the impacts
on a main meeting, and / or bring in some of the folks that really know
this stuff well to talk to the community about what is different and why.
Lattices are a bit different than the cryptography that you are likely used
to, and it is work understanding how this stuff will get deployed in
practice, as well as to open some discussion around pros / cons of HSMs,
potential FIPS implications, etc.


Mike Prorock
CTO, Founder
https://mesur.io/

Received on Wednesday, 6 July 2022 13:56:12 UTC