**Session Date/Time:** 08 Nov 2024 13:00

# cose

## Summary

This meeting covered several COSE-related drafts, including post-quantum cryptography algorithms, the hash envelope, HPKE security considerations, Merkle mountain range proofs, and a CCF profile for COSE receipts. Key discussions revolved around algorithm agility, the inclusion of context information in key derivation functions, and the interplay between COSE and existing systems.

## Key Discussion Points

*   **Dilithium:** Discussion on pre-hashing and separate algorithm identifiers for pre-hashed versions. Working group last call initiated.
*   **Sphincs:** Implementations and test vectors needed.
*   **Falcon:** Waiting for NIST updates.
*   **Hash Envelope:** Presentation on its purpose, the request for IANA allocation of the new labels, and discussion on its use cases compared to other approaches such as EAT and SUIT.
*   **HPKE:** Focus on the "info" parameter, key derivation, and inclusion of algorithm information. A wide variety of options for the construction of the information required as part of key generation were discussed. Concerns were raised about potential attacks due to manipulation of header information.
*   **Hybrid HPKE:** Discussion of combining post-quantum algorithms with established elliptic curve cryptography.
*   **Merkle Mountain Range Proofs:** Presentation on the data structure and its application in COSE receipts. Need to align on profile/individual draft strategy with the CCF profile.
*   **CCF Profile:** Integration of COSE receipts with the Confidential Consortium Framework (CCF).

## Decisions and Action Items

*   **Action Item:** Mike ProRock to provide drafts for pre-hashed algorithms for Dilithium.
*   **Action Item:** Steve Lasker to request IANA allocation of tags for the cozy hash envelope.
*   **Action Item:** Gary to suggest text on the list regarding other solutions such as EAT.
*   **Action Item:** Hannes to check and make sure the hash of the payload is not hashed again when it contains a hash-algorithm that already uses hashes.
*   **Action Item:** Reviewers to read and provide feedback on the list:

    *   Dilithium
    *   Sphincs
    *   COSE HPKE KDF draft
    *   Merkle mountain range draft (Yogesh, Desh Pandey, Cedric, Peter)
    *   CCF profile draft (John, Cetrick)
*   **Decision:** Working group last call initiated for dilithium draft.
*   **Decision:** The implementation of the recommendations made for HPKE should follow a general approach and not a per algorithm approach.

## Next Steps

*   Authors to update drafts based on feedback.
*   Encourage implementations and testing, especially for Sphincs.
*   Address open issues and potential security considerations identified in the HPKE discussion.
*   Alignment of approach with receipts drafts.