[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00

Network Working Group                                    P. Hallam-Baker
Internet-Draft                                             April 4, 2019
Intended status: Informational
Expires: October 6, 2019


   Mathematical Mesh Part X: Considerations for Quantum Cryptanalysis
                   draft-hallambaker-mesh-quantum-00

Abstract

   The Mathematical Mesh 'The Mesh' is an infrastructure that
   facilitates the exchange of configuration and credential data between
   multiple user devices and provides end-to-end security.  This
   document describes.

   This document is also available online at
   http://mathmesh.com/Documents/draft-hallambaker-mesh-quantum.html [1]
   .

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 6, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Hallam-Baker             Expires October 6, 2019                [Page 1]


Internet-Draft         Mathematical Mesh Reference            April 2019


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   2
     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
     2.2.  Defined Terms . . . . . . . . . . . . . . . . . . . . . .   3
     2.3.  Related Specifications  . . . . . . . . . . . . . . . . .   3
     2.4.  Implementation Status . . . . . . . . . . . . . . . . . .   3
   3.  Recommended and Required Algorithms . . . . . . . . . . . . .   3
   4.  Quantum Resistant Signatures. . . . . . . . . . . . . . . . .   3
     4.1.  Example: Creating a Quantum Resistant Signature
           Fingerprint . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   5
     8.3.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   One of the core goals of the Mesh is to move the state of the art in
   commercial cryptography beyond that achieved in the 1990s when PKIX,
   S/MIME and OpenPGP were first developed.  While each of these
   infrastructures and protocols has been subject to incremental
   improvement, none has seen widespread adoption of new cryptographic
   approaches.

   o  Quantum Resistant Signatures.

2.  Definitions

   This section presents the related specifications and standard, the
   terms that are used as terms of art within the documents and the
   terms used as requirements language.

2.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119] .




Hallam-Baker             Expires October 6, 2019                [Page 2]


Internet-Draft         Mathematical Mesh Reference            April 2019


2.2.  Defined Terms

   The terms of art used in this document are described in the Mesh
   Architecture Guide [draft-hallambaker-mesh-architecture] .

2.3.  Related Specifications

   The architecture of the Mathematical Mesh is described in the Mesh
   Architecture Guide [draft-hallambaker-mesh-architecture] . The Mesh
   documentation set and related specifications are described in this
   document.

2.4.  Implementation Status

   The implementation status of the reference code base is described in
   the companion document [draft-hallambaker-mesh-developer] .

3.  Recommended and Required Algorithms

4.  Quantum Resistant Signatures.

   Quantum computing has made considerable advances over the past decade
   and the field has now reached the point where a machine weighing many
   tons can apply Shor's algorithm to factor numbers as large as 35
   before decoherence occurs.

   Should construction of a large-scale device prove practical, it will
   in principle be possible to break all of the public key cryptosystems
   currently in use.  While public key cryptosystems that resist quantum
   cryptanalysis are currently in development, none has yet reached a
   sufficient state of maturity for the field to reach consensus that
   they are resistant to ordinary cryptanalysis, let alone offer a
   replacement.

   The consequence of successful quantum cryptanalysis for encryption
   systems is that all material encrypted under existing public key
   systems could be decrypted by a quantum capable attacker.  Nor is
   mitigation of this consequence practical since it is not the adoption
   of new cryptographic algorithms that make a system more secure, it is
   the elimination of weak options that provides improvement.

   The Mesh does not currently provide an infrastructure that is Quantum
   Resistant but could in principle be used as the basis for deploying a
   Needham-Schroeder style symmetric key infrastructure or a future PKI
   based on an as yet undecided quantum cryptanalysis resistant public
   key algorithm.





Hallam-Baker             Expires October 6, 2019                [Page 3]


Internet-Draft         Mathematical Mesh Reference            April 2019


   Mesh profiles MAY include a Quantum Resistant Signature Fingerprint
   (QRSF).  This contains the UDF fingerprint of an XMSS signature
   public key [RFC8391] together with the parameters used to derive the
   private key set for the public key from a 256 bit master secret.

   Should it ever become necessary to make use of the QRSF, the user
   first recovers the master secret from whatever archival mechanism was
   used to protect it.  The use of secret sharing to protect the secret
   is RECOMMENDED.  The master secret is then used to reconstruct the
   set of private keys from which the public key set is reconstructed.
   The profile owner can now authenticate themselves by means of their
   XMSS public key.

4.1.  Example: Creating a Quantum Resistant Signature Fingerprint

   Alice decides to add a QRSF to her Mesh Profile.  She creates a 256
   bit master secret.

   TBS:

   To enable recovery of the master key, Alice creates five keyshares
   with a quorum of three:

   TBS:

   Alice uses the master secret to derrive her private key values:

   TBS:

   These values are used to generate the public key value:

   TBS:

   The QRSF contains the UDF fingerprint of the public key value plus
   the XMSS parameters:

   TBS:

   Alice adds the QRSF to her profile and publishes it to a Mesh Service
   that is enrolled in at least one multi-party notary scheme.

5.  Security Considerations

   The security considerations for use and implementation of Mesh
   services and applications are described in the Mesh Security
   Considerations guide [draft-hallambaker-mesh-security] .





Hallam-Baker             Expires October 6, 2019                [Page 4]


Internet-Draft         Mathematical Mesh Reference            April 2019


6.  IANA Considerations

   All the IANA considerations for the Mesh documents are specified in
   this document

7.  Acknowledgements

   Thanks are due to Viktor Dukhovni, Damian Weber and an anonymous
   member of the cryptography@metzdowd.com list for assisting in the
   compilation of the table of prime values.

8.  References

8.1.  Normative References

   [draft-hallambaker-mesh-security]
              "[Reference Not Found!]".

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997.

8.2.  Informative References

   [draft-hallambaker-mesh-architecture]
              Hallam-Baker, P., "Mathematical Mesh Part I: Architecture
              Guide", draft-hallambaker-mesh-architecture-06 (work in
              progress), August 2018.

   [draft-hallambaker-mesh-developer]
              Hallam-Baker, P., "Mathematical Mesh: Reference
              Implementation", draft-hallambaker-mesh-developer-07 (work
              in progress), April 2018.

   [RFC8391]  Huelsing, A., Butin, D., Gazdag, S., Rijneveld, J., and A.
              Mohaisen, "XMSS: eXtended Merkle Signature Scheme",
              RFC 8391, DOI 10.17487/RFC8391, May 2018.

8.3.  URIs

   [1] http://mathmesh.com/Documents/draft-hallambaker-mesh-quantum.html

Author's Address

   Phillip Hallam-Baker

   Email: phill@hallambaker.com




Hallam-Baker             Expires October 6, 2019                [Page 5]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/