Timeline reminder from NIST

466 views
Skip to first unread message

Moody, Dustin (Fed)

unread,
Mar 26, 2020, 3:58:39 PM3/26/20
to pqc-forum

Everybody,
      NIST is continuing to work towards standardization of PQC algorithms.   We are currently in the 2nd round, and are working to identify the most promising candidates to move forward.  Obviously the current situation has necessitated to postpone important events and opportunities to talk face-to-face, but we must continue to work towards our goal.  NIST still anticipates beginning the 3rd round sometime around June of this year.  For the 3rd round, we will be focusing on a smaller number of the candidates with the goal of some of them being standardized.  NIST might ask submission teams to reduce the number of parameter sets for some of the selected algorithms.



For some of the 2nd round candidates which are not selected to advance into the 3rd round, NIST might keep some of these involved in the process as candidates to be further studied.  At some future point they might be considered for standardization, but not in the initial documents we will produce at the end of the 3rd round.  This will similarly apply to candidates in the 3rd round which are not selected for the first standards.  

 

As a reminder, in order to give NIST time to finalize our evaluation and analysis for the candidate algorithms in the 2nd round, NIST kindly requests that we be notified of new implementations, benchmarks, research papers, cryptanalysis, etc. by April 15th.  After that, factoring any of that information into our decision-making process may overly tax our resources.  We especially encourage results which may have been scheduled to be presented at events which have now been postponed.  

Please use the pqc-forum to announce results, discuss relevant topics, ask questions, etc.  Please remember to be polite, civil, and constructive in these discussions.  As always you can contact us directly at pqc-co...@nist.gov.

Thank you,

Dustin Moody
NIST


D. J. Bernstein

unread,
Apr 2, 2020, 6:15:44 PM4/2/20
to pqc-...@list.nist.gov
My impression is that many people who don't know any COVID-19 victims
are nevertheless losing large fractions of their previously expected
work time as a result of actions taken to slow the spread of COVID-19.
It's not realistic to ask for full work days from, e.g., parents
suddenly taking care of kids at home all day.

I'm probably close to the low end of involuntary COVID-19 disruption but
this low end certainly isn't zero; also, I've been volunteering some of
my own research time to COVID-19 modeling (including scripts online and
already a paper a few days ago). I still hope to make the 15 April
target date for posting updated NISTPQC benchmarks and the results of
some other NISTPQC experiments I've been running, but the big picture
makes me think that shifting the timeline would be a good idea.

As https://www.nsf.gov/bfa/dias/policy/covid19/covid19_deadlines.pdf
illustrates, other U.S. government agencies are also recognizing the
general disruption by adjusting timelines for online filings.

---Dan
signature.asc

Roberta Faux

unread,
Apr 3, 2020, 11:13:52 AM4/3/20
to pqc-...@list.nist.gov
Dustin,

In the wake of COVID-19, many companies are dealing with a host of issues and challenges around the current situation. During a time when so many important problems need to be addressed, many of us have had to dramatically refocus. There are many roles that demand contributions from cryptographers and mathematicians during this global crisis. With the uncertainty of the next few months, a small pause in the timeline certainly seems appropriate so NIST can ultimately bring to bear everyone's full focus that this standardization effort deserves.

Respectfully,
Roberta



--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/20200402221535.23444.qmail%40cr.yp.to.

Gaborit

unread,
Apr 3, 2020, 11:22:21 AM4/3/20
to pqc-...@list.nist.gov
Hi,

We are in the same position than Dan, we should hold the 15th april
deadline, but as mentioned the context is relatively uneasy and one more
week could only benefit to the simulations and small modifications we
are doing, I guess.

best,

philippe

Moody, Dustin (Fed)

unread,
Apr 3, 2020, 12:01:48 PM4/3/20
to D. J. Bernstein, pqc-forum
Dan (and others),

We understand your concern.  If you or anyone else in the community has something important in the works, but don't think it will be done by April 15, please notify us (by the 15th) with a brief description of the expected results and an estimate of how much longer might be needed.  If we get a lot of feedback that indicates to us a delay will help our process we will adjust the timeline accordingly.  

We thank everybody for your cooperation and hard work, especially during these times.

the NIST PQC team


From: pqc-...@list.nist.gov on behalf of D. J. Bernstein
Sent: Thursday, April 2, 2020 6:15 PM
To: pqc-forum
Subject: Re: [pqc-forum] Timeline reminder from NIST

My impression is that many people who don't know any COVID-19 victims
are nevertheless losing large fractions of their previously expected
work time as a result of actions taken to slow the spread of COVID-19.
It's not realistic to ask for full work days from, e.g., parents
suddenly taking care of kids at home all day.

I'm probably close to the low end of involuntary COVID-19 disruption but
this low end certainly isn't zero; also, I've been volunteering some of
my own research time to COVID-19 modeling (including scripts online and
already a paper a few days ago). I still hope to make the 15 April
target date for posting updated NISTPQC benchmarks and the results of
some other NISTPQC experiments I've been running, but the big picture
makes me think that shifting the timeline would be a good idea.

As https://www.nsf.gov/bfa/dias/policy/covid19/covid19_deadlines.pdf
illustrates, other U.S. government agencies are also recognizing the
general disruption by adjusting timelines for online filings.

---Dan

Serge Vaudenay

unread,
Apr 13, 2020, 1:37:29 PM4/13/20
to pqc-...@list.nist.gov
Dear Colleagues,

To follow up on the request to report new research results, we are
pleased to announce our recent work.

We have been continuing to study key recovery attacks using a plaintext
checking oracle which we presented at Eurocrypt 2019.

(The attack scenario is as follows: the adversary encrypts anything,
adds some noise to the ciphertext, sends the result to a TLS-like
server, and observes if he can continue to talk to the server because
the decryption is correct.)

In our new results, we focused on CRYSTALS-Kyber, HQC, LAC, RQC, and
SABER. Other Round-2 candidates are already analyzed in the literature.
One of our conclusions is that candidates based on rank distance resist
better than others to this attack model.

Our paper is available on https://eprint.iacr.org/2020/409

Disclaimer: Our attacks applies to the weak variants of the candidates
(i.e. not the ones proven to be IND-CCA secure).

Best regards

Loïs Huguenin-Dumittan and Serge Vaudenay
Reply all
Reply to author
Forward
0 new messages