**Session Date/Time:** 23 Jul 2024 22:30 # pquip ## Summary The pquip working group meeting covered several documents related to post-quantum cryptography (PQC). Discussions included the "PQC for Engineers" draft, hybrid terminology, hybrid signature spectrums, NIST's post-quantum standardization efforts, migration use cases, and hash-based signature schemes. The meeting addressed potential last calls for some drafts and future directions for the working group. ## Key Discussion Points * **PQC for Engineers Draft:** * Authors believe the draft is nearly complete and proposed a working group last call after IETF 120. * The draft serves as an IETF-focused PQC primer. * Participants were encouraged to review the draft and provide feedback, specifically identifying any missing topics or areas for improvement. * **Hybrid Terminology Draft:** * The draft standardizes terminology for post-quantum/traditional hybrids. * A working group last call was conducted in February, resulting in updates to the draft. * There was a discussion of the scope of the document and where to address more complex aspects of hybrid security, potentially in another draft. * A second working group last call is likely. * **Hybrid Signature Spectrums Draft:** * This document describes different security properties and spectrums related to hybrid signature construction. * Discussions were held around separability, generality, and artifact locations within hybrid signatures. * The draft includes language on why one would use a hybrid signature, a hybrid PQ traditional signature, versus not going PQ at all, or going directly to PQ and not doing hybrid at all. * Consensus on these additions may be challenging. * Discussion regarding strong non-separable (fused) hybrid signatures, including potential use cases. * A working group last call may flush out any further issues. * **NIST Post-Quantum Cryptography Standardization Update:** * NIST provided an update on its post-quantum cryptography standardization process. * Four algorithms are in the standardization track: ML-KEM (Kyber), ML-DSA (Dilithium), Falcon, and SPHINCS+. * Round 4 candidates are being evaluated, with a focus on Classically Enhanced McEliece (Classic McEliece), BIKE, and HQC. * On-ramp signature candidates are also being evaluated. * Relaxation of restrictions around state copying in SP 800-208 is planned. * A special-purpose publication discussing ML-KEM deployment scenarios is forthcoming. * **Migration Use Cases Taxonomy Draft:** * This document aims to guide engineers in choosing appropriate algorithms and parameters for post-quantum migration based on factors like duration, backwards compatibility, and protocol negotiation capabilities. * The draft was revised to address previous feedback. * The decision tree was updated to rely on objective measurements rather than subjective opinions. * Exploration of a "pessimistic migration" approach is under consideration. * **Hash-Based Signature Schemes Draft:** * Document on how to manage the stateful part of hash-based signature schemes like XMSS and LMS. * Feedback was received to add when stateful schemes are appropriate in the first place. * The authors propose adopting the draft. * **PQC Hackathon:** * Positive work being done at the PQC Hackathon with new GitHub actions enabling interoperability testing. ## Decisions and Action Items * **Action Item:** Participants to review "PQC for Engineers" draft and provide feedback on missing topics or areas for improvement. * **Action Item:** Authors of the "Hybrid Terminology" draft to proceed with a second working group last call. * **Action Item:** Authors of the "Hybrid Signature Spectrums" draft to prepare for a working group last call. * **Action Item:** Britta Hale to push to CFRG a few strong, non-separable construction which use P-56 and MLDSA. * **Action Item:** Alexander to include information about PQC Hackathon to the mailing list. ## Next Steps * Continue discussions on the mailing list for all documents. * Begin working group last calls for drafts where consensus is reached. * Consider adoption of drafts when appropriate. * Monitor progress of NIST's post-quantum cryptography standardization efforts.