[pqc-forum] China has just released "Announcement on Launching the Next-generation Commercial Cryptographic Algorithms Program (NGCC)"
Guilin Wang
China has just released "Announcement on Launching the Next-generation Commercial Cryptographic Algorithms Program (NGCC)"
English Version: https://niccs.org.cn/en/notice/
Chinese Version: https://niccs.org.cn/tzgg/
Detailed call for comments on submission and evaluation criteria are available in two categories: Public-Key Cryptographic Algorithms (mainly PQC) and Cryptographic Hash Algorithms.
“In response to the threat of quantum computing and to promote the standardization of the next-generation commercial cryptographic algorithms, the Institute of Commercial Cryptography Standards (ICCS) is launching a global program to call for proposals for next-generation public-key cryptographic algorithms (NGCC-PK), cryptographic hash algorithms (NGCC-CH) and block cipher algorithms (NGCC-BC), according to the arrangement of Chinese Cryptography Standardization Technical Committee. The candidate algorithms will be evaluated in terms of security, performance and other features, and the finalists will be considered for standardization. ICCS looks forward to global algorithm submissions and comments, and encourages international cooperations in algorithm design.
Further notifications of the program will be released on www.niccs.org.cn”
Cheers,
Guilin
bruno
Hey Wang,
Thanks for the information.
Would you mind to confirm if you are related to https://niccs.org.cn and if that
is an official email or if it is a researcher's message and you
have no conflict of interest in this message?
--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
To view this discussion visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/a46v8b1el5hj-r76h237gsa97vopfem91n0mi-yd5poppi2rd6drvb96sy2hsktpub9rud6iw6-acgy2d5wdynpwblg8n88ofigmnk3bzusloev-hdy9xhyhx1c3-dursjo-8grg5wq14jy0ipqbeh.1738891418826%40email.android.com.
John Mattsson
Hi Guilin,
Thanks for the information.
Will the ICCS program have public email lists for discussion, workshops with public recordings, public evaluation reports, and public comment periods on all specifications similar to NIST projects?
Some quick thoughts on the requirements and evaluation criteria:
- The requirements are focused on fixed-length hash functions. I think it would be better to focus on variable-length hash functions/ XOFs and see fixed-length as a special case. You can do everything with cSHAKE.
- Requiring twice as much security against preimage attacks compared to collision attacks and tying security strength to output length is what NIST did in the SHA-3 competition. This is now seen as a mistake. I would recommend requiring n-bit security against all attacks for variable length outputs.
- I think it would be better to ask for a KDF than a MAC. A KDF should be secure even when the input secret is non-uniformly distributed, allow variable-length output, and offer collision and pre-image resistance even when the input secret is known. A KDF has stronger security properties than a PRF, which in turn has stronger security properties than a DRBG or MAC. A single well-designed KDF like KMAC should be enough for all use cases.
- The complexity requirements only mention time complexity and does not talk about memory. Memory complexity and the cost of memory access has been a hot discussion topic in the NIST PQC project. For a new project, I think it would make sense to adopt the more realistic AT model [1].
- One thing that is missing from NIST’s project is a KEM with small sizes and an algorithm suitable for static-static key exchange [2]. Would be good to put more focus on this. Maybe ICCS could ask specifically for this?
Cheers,
John
[1] Nice Attacks - but What is the Cost? Computational Models for Cryptanalysis
https://hal.science/hal-02306912v2/document
[2] ML-KEM is Great! What’s Missing?
https://emanjon.github.io/Publications/ML-KEM%20is%20Great!%20What's%20Missing.pdf
From:
pqc-...@list.nist.gov <pqc-...@list.nist.gov> on behalf of Guilin Wang <wang.gu...@gmail.com>
Date: Friday, 7 February 2025 at 02:25
To: pqc-...@list.nist.gov <pqc-...@list.nist.gov>
Subject: [pqc-forum] China has just released "Announcement on Launching the Next-generation Commercial Cryptographic Algorithms Program (NGCC)"
|
You don't often get email from wang.gu...@gmail.com. Learn why this is important |
--
Guilin Wang
B P
Wrenna Robson
be a simple matter of fact - I certainly find it useful to know about
this, whatever my feelings on the matter.
Best,
Wrenna
Daniel Apon
B P
John Mattsson
Hi Guilin,
>The official email addresses for comments on the NGCC program are available >on https://niccs.org.cn/en/notice/:
Do you know if the received comments will be made public similarly to how the cryptographic technology group at NIST is publishing comment? I typically only provide public comments.
- As pointed out by Simon Hoerder, the current NIST PQC algorithms are constant time. Maybe ICCS could ask specifically for this?
Cheers,
John Preuß Mattsson
From:
pqc-...@list.nist.gov <pqc-...@list.nist.gov> on behalf of Guilin Wang <wang.gu...@gmail.com>
Date: Tuesday, 11 February 2025 at 11:24
To: pqc-...@list.nist.gov <pqc-...@list.nist.gov>, bruno <bruno.p...@gmail.com>
Cc: Guilin Wang <wang.gu...@gmail.com>
Subject: Re:[pqc-forum] China has just released "Announcement on Launching the Next-generation Commercial Cryptographic Algorithms Program (NGCC)"
|
You don't often get email from wang.gu...@gmail.com. Learn why this is important |
Hi, Bruno,