Hello, Brian Campbell and I have published a draft which proposes to register Post-Quantum (PQ) and PQ/T hybrid algorithm identifiers for use with JWE using HPKE.
https://datatracker.ietf.org/doc/draft-skokan-jose-hpke-pq-pqt/ This draft builds on top of draft-ietf-jose-hpke-encrypt <https://datatracker.ietf.org/doc/draft-ietf-jose-hpke-encrypt/> (rather than expanding its scope and delaying it) and draft-ietf-hpke-pq <https://datatracker.ietf.org/doc/draft-ietf-hpke-pq/> (where PQ[/T] work for HPKE is getting defined), thus capitalizing on the work this working group spent refining JWE HPKE as the vessel for delivering both pure PQ and PQ/T capabilities to JWE. This approach has been suggested in this thread <https://mailarchive.ietf.org/arch/msg/jose/gtRE1H8ZxbxylzTjBL5Qr6O46Ns/> and then again here <https://mailarchive.ietf.org/arch/msg/jose/OQmm_AuksgLcW-eTPE60tqau_j0/>. The document is intentionally focused only on algorithm registration, it does not re-introduce JWE HPKE concepts already covered in draft-ietf-jose-hpke-encrypt, uses public and private key serialization which build on top of HPKE's, and it defers algorithm analysis to the underlying documents. Test keys and vectors for all algorithms are included. The defined algorithms cover: - PQ/T hybrids: MLKEM768-P256, MLKEM768-X25519, and MLKEM1024-P384 - Pure PQ: ML-KEM-768 and ML-KEM-1024 - Each available in both integrated encryption and key encryption modes, paired with either AES-256-GCM or ChaCha20Poly1305 We would like to present this draft at IETF 125 in Shenzhen. Reviews and feedback (either on list or in the github issue tracker <https://github.com/panva/jose-hpke-pq-pqt>) prior to that meeting are very much welcome. Best, *Filip Skokan*
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
