Markdown Version | Session Recording

Session Date/Time: 06 Nov 2024 09:30

CFRG Meeting Minutes

Summary

The CFRG meeting in Dublin covered several topics, including errata updates for existing RFCs, updates on various draft documents, and presentations on new cryptographic schemes. The discussion focused on the readiness of drafts for last call, security considerations for ML-KEM, extensions to BBA signature schemes, Frodochem standardization, challenges and solutions for ED25519 implementations in web browsers, and chameleon encodings for ML-KEM keys and ciphertexts.

Key Discussion Points

• Errata Updates: Review of open errata for several RFCs (7748, EDDSA, 8391, Cha-cha Polly, Leighton-Micali Hash-Based Signatures, HPKE), with requests for group assistance in verification and recommendations.
• C-PACE Draft: The C-PACE draft is nearly ready for research group last call after incorporating feedback from crypto review panels.
• E(d)GES Draft: The E(d)GES draft is also nearly ready for RGLC with demonstrated performance benefits over AES-GCM.
• ML-KEM Security Considerations: Discussion of a new draft providing guidance on the safe use of ML-KEM in protocols, covering various usage scenarios and potential implementation pitfalls.
• BBA Signature Scheme Extensions: Presentation of two new work items that are extensions to BBA signatures scheme involving blind signatures and pseudonyms for privacy-preserving applications.
• Frodochem Standardization: Overview of the Frodochem key encapsulation mechanism and its ongoing standardization effort within ISO, addressing its design principles, security profile, and performance characteristics.
• Web Crypto API and ED25519: Discussion of challenges in ED25519 implementations within web browsers, including divergences in signature schemes, small order point handling, and verification equations. The need for a BIS document for ED25519 was discussed.
• CFRG Web Crypto Algorithms Draft: Discussion on a very old draft and whether to revive and update it to reflect current recommendations for algorithms in the Web Cryptography API.
• Chameleon Encodings for ML-KEM: Presentation on a new construction called chameleon encodings for encoding ML-KEM public keys and ciphertexts to be indistinguishable from random.

Decisions and Action Items

• Errata Verification: The chairs requested the group to review the open errata and provide feedback on the mailing list.
• C-PACE and E(d)GES Drafts: The authors will continue working towards RGLC.
• ML-KEM Security Considerations Draft: Continue refining the draft based on feedback, including side channel considerations.
• ED25519 BIS Document: Bring the discussion on a ED25519 BIS to the mailing list to see if somebody is willing to write one.
• CFRG Web Crypto Algorithms Draft: Bring the discussion on reviving the draft to the mailing list.
• Chameleon Encodings for ML-KEM Specification: Authors will consider writing a full specification for the chameleon encodings construction.

Next Steps

• Authors to address feedback on drafts and prepare for last call.
• Discussions on errata, ML-KEM security considerations, ED25519 BIS, and CFRG Web Crypto Algorithms to continue on the mailing list.