idnits 2.17.1 draft-hallambaker-mesh-quantum-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Authors' Addresses Section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (27 July 2020) is 1368 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. M. Hallam-Baker 3 Internet-Draft 27 July 2020 4 Intended status: Informational 5 Expires: 28 January 2021 7 Mathematical Mesh 3.0 Part X: Considerations for Quantum Cryptanalysis 8 Resistance 9 draft-hallambaker-mesh-quantum-02 11 Abstract 13 The Mathematical Mesh 'The Mesh' is an infrastructure that 14 facilitates the exchange of configuration and credential data between 15 multiple user devices and provides end-to-end security. This 16 document describes. 18 [Note to Readers] 20 Discussion of this draft takes place on the MATHMESH mailing list 21 (mathmesh@ietf.org), which is archived at 22 https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. 24 This document is also available online at 25 http://mathmesh.com/Documents/draft-hallambaker-mesh-quantum.html. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on 28 January 2021. 44 Copyright Notice 46 Copyright (c) 2020 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 60 2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 3 61 2.3. Related Specifications . . . . . . . . . . . . . . . . . 3 62 2.4. Implementation Status . . . . . . . . . . . . . . . . . . 3 63 3. Recommended and Required Algorithms . . . . . . . . . . . . . 3 64 4. Quantum Resistant Signatures. . . . . . . . . . . . . . . . . 3 65 4.1. Example: Creating a Quantum Resistant Signature 66 Fingerprint . . . . . . . . . . . . . . . . . . . . . . . 4 67 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 68 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 69 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 70 8. Normative References . . . . . . . . . . . . . . . . . . . . 5 71 9. Informative References . . . . . . . . . . . . . . . . . . . 5 73 1. Introduction 75 One of the core goals of the Mesh is to move the state of the art in 76 commercial cryptography beyond that achieved in the 1990s when PKIX, 77 S/MIME and OpenPGP were first developed. While each of these 78 infrastructures and protocols has been subject to incremental 79 improvement, none has seen widespread adoption of new cryptographic 80 approaches. 82 * Quantum Resistant Signatures. 84 2. Definitions 86 This section presents the related specifications and standard, the 87 terms that are used as terms of art within the documents and the 88 terms used as requirements language. 90 2.1. Requirements Language 92 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 93 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 94 document are to be interpreted as described in [RFC2119]. 96 2.2. Defined Terms 98 The terms of art used in this document are described in the _Mesh 99 Architecture Guide_ [draft-hallambaker-mesh-architecture]. 101 2.3. Related Specifications 103 The architecture of the Mathematical Mesh is described in the _Mesh 104 Architecture Guide_ [draft-hallambaker-mesh-architecture]. The Mesh 105 documentation set and related specifications are described in this 106 document. 108 2.4. Implementation Status 110 The implementation status of the reference code base is described in 111 the companion document [draft-hallambaker-mesh-developer]. 113 3. Recommended and Required Algorithms 115 4. Quantum Resistant Signatures. 117 Quantum computing has made considerable advances over the past decade 118 and the field has now reached the point where a machine weighing many 119 tons can apply Shor's algorithm to factor numbers as large as 35 120 before decoherence occurs. 122 Should construction of a large-scale device prove practical, it will 123 in principle be possible to break all of the public key cryptosystems 124 currently in use. While public key cryptosystems that resist quantum 125 cryptanalysis are currently in development, none has yet reached a 126 sufficient state of maturity for the field to reach consensus that 127 they are resistant to ordinary cryptanalysis, let alone offer a 128 replacement. 130 The consequence of successful quantum cryptanalysis for encryption 131 systems is that all material encrypted under existing public key 132 systems could be decrypted by a quantum capable attacker. Nor is 133 mitigation of this consequence practical since it is not the adoption 134 of new cryptographic algorithms that make a system more secure, it is 135 the elimination of weak options that provides improvement. 137 The Mesh does not currently provide an infrastructure that is Quantum 138 Resistant but could in principle be used as the basis for deploying a 139 Needham-Schroeder style symmetric key infrastructure or a future PKI 140 based on an as yet undecided quantum cryptanalysis resistant public 141 key algorithm. 143 Mesh profiles MAY include a Quantum Resistant Signature Fingerprint 144 (QRSF). This contains the UDF fingerprint of an XMSS signature 145 public key [RFC8391] together with the parameters used to derive the 146 private key set for the public key from a 256 bit master secret. 148 Should it ever become necessary to make use of the QRSF, the user 149 first recovers the master secret from whatever archival mechanism was 150 used to protect it. The use of secret sharing to protect the secret 151 is RECOMMENDED. The master secret is then used to reconstruct the 152 set of private keys from which the public key set is reconstructed. 153 The profile owner can now authenticate themselves by means of their 154 XMSS public key. 156 4.1. Example: Creating a Quantum Resistant Signature Fingerprint 158 Alice decides to add a QRSF to her Mesh Profile. She creates a 256 159 bit master secret. 161 TBS: 163 To enable recovery of the master key, Alice creates five keyshares 164 with a quorum of three: 166 TBS: 168 Alice uses the master secret to derrive her private key values: 170 TBS: 172 These values are used to generate the public key value: 174 TBS: 176 The QRSF contains the UDF fingerprint of the public key value plus 177 the XMSS parameters: 179 TBS: 181 Alice adds the QRSF to her profile and publishes it to a Mesh Service 182 that is enrolled in at least one multi-party notary scheme. 184 5. Security Considerations 186 The security considerations for use and implementation of Mesh 187 services and applications are described in the Mesh Security 188 Considerations guide [draft-hallambaker-mesh-security]. 190 6. IANA Considerations 192 All the IANA considerations for the Mesh documents are specified in 193 this document 195 7. Acknowledgements 197 A list of people who have contributed to the design of the Mesh is 198 presented in [draft-hallambaker-mesh-architecture]. 200 8. Normative References 202 [draft-hallambaker-mesh-architecture] 203 Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: 204 Architecture Guide", Work in Progress, Internet-Draft, 205 draft-hallambaker-mesh-architecture-13, 9 March 2020, 206 . 209 [draft-hallambaker-mesh-security] 210 Hallam-Baker, P., "Mathematical Mesh 3.0 Part VII: 211 Security Considerations", Work in Progress, Internet- 212 Draft, draft-hallambaker-mesh-security-04, 9 March 2020, 213 . 216 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 217 Requirement Levels", BCP 14, RFC 2119, 218 DOI 10.17487/RFC2119, March 1997, 219 . 221 9. Informative References 223 [draft-hallambaker-mesh-developer] 224 Hallam-Baker, P., "Mathematical Mesh: Reference 225 Implementation", Work in Progress, Internet-Draft, draft- 226 hallambaker-mesh-developer-09, 23 October 2019, 227 . 230 [RFC8391] Huelsing, A., Butin, D., Gazdag, S., Rijneveld, J., and A. 231 Mohaisen, "XMSS: eXtended Merkle Signature Scheme", 232 RFC 8391, DOI 10.17487/RFC8391, May 2018, 233 .