RE: [pqc-forum] Digest for pqc-forum@list.nist.gov - 8 updates in 3 topics

114 views
Skip to first unread message

Angelos, Peter J

unread,
Sep 13, 2024, 11:04:46 AM9/13/24
to pqc-...@list.nist.gov
like Angelos, Peter J reacted to your message:

From: pqc-...@list.nist.gov <pqc-...@list.nist.gov>
Sent: Friday, September 13, 2024 12:25:56 PM
To: Digest recipients <pqc-...@list.nist.gov>
Subject: [pqc-forum] Digest for pqc-...@list.nist.gov - 8 updates in 3 topics
 

CAUTION: This e-mail originated from outside the Minnesota State System. Only click links or open attachments from trusted sources. Please report suspicious messages using the "Report Message Button".

Garvit Shah <garvit...@gmail.com>: Sep 13 09:29AM +0530

Hello people!
 
Today I was try to access the links to drafts of NIST SP 1800-38 A/B/C from the links provided on - https://csrc.nist.gov/pubs/sp/1800/38/iprd-(1) <https://csrc.nist.gov/pubs/sp/1800/38/iprd-(1)> but I was unable to open them. Yesterday they were working fine. I don’t think it's the internet issue. Anyone any idea if it has been withdrawn temporarily or what is the current state ?
 
Thanks!
 

Regards
Garvit Shah
Roy <r...@bouncycastle.org>: Sep 12 03:52PM -0400

Roy <r...@bouncycastle.org>: Sep 12 04:12PM -0400

Hello Kris,
 
I tested the provided KATS with the BouncyCastle implementation, I
think you might not be using the listed bytes "xi" and "rnd". The
following tests fail:

"kat_MLDSA_44_det_hashed.rsp", // KeyGen FAILS
"kat_MLDSA_65_det_hashed.rsp", // KeyGen FAILS
"kat_MLDSA_87_det_hashed.rsp", // KeyGen FAILS
"kat_MLDSA_44_det_normal.rsp", // KeyGen FAILS
"kat_MLDSA_65_det_normal.rsp", // KeyGen FAILS
"kat_MLDSA_87_det_normal.rsp", // KeyGen FAILS
"kat_MLDSA_44_det_raw.rsp", // KeyGen FAILS
"kat_MLDSA_65_det_raw.rsp", // KeyGen FAILS
"kat_MLDSA_87_det_raw.rsp", // KeyGen FAILS

"kat_MLDSA_44_hedged_hashed.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_65_hedged_hashed.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_87_hedged_hashed.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_44_hedged_normal.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_65_hedged_normal.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_87_hedged_normal.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_44_hedged_raw.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_65_hedged_raw.rsp", // KeyGen FAILS, Sign FAILS
"kat_MLDSA_87_hedged_raw.rsp" // KeyGen FAILS, Sign FAILS
 
~ Roy Basmacier
Kris Kwiatkowski <kr...@amongbytes.com>: Sep 12 09:14PM +0100

Thank you Roy,
 
Indeed seems I maybe have a problem with xi and rnd. Let me double check.
Can you confirm that verification works OK?
 
Kind regards,
Kris
 
On 12/09/2024 21:12, Roy wrote:
Roy <r...@bouncycastle.org>: Sep 12 04:27PM -0400

Hey Kris,
 
For the deterministic KATS signature generation and verification works.
For the hedged KATS only the verification works.
 
~ Roy Basmacier
Stephan Mueller <smue...@chronox.de>: Sep 12 09:05PM -0500

Am Donnerstag, 12. September 2024, 15:27:28 GMT-5 schrieb Roy:
 
Hi Roy,
 
 
> For the deterministic KATS signature generation and verification works.
> For the hedged KATS only the verification works.
 
> ~ Roy Basmacier
 
ML-DSA 87 and 65 prehash: I cannot verify those with my unmodified
implementation as the used SHA-256 hash is not allowed to be used with 87 and
65 (the digest size is not 2 * lambda). When lifting the restriction, I can
validate the data.
 
For the hedged and det, I can successfully perform sigver for all types (when
disabling the aforementioned limitation).
 
Siggen fails, because I cannot generate the keys from xi.
 
When I use the provided SK, siggen will still fail with the hedged, but pass
with the deterministic.
 
 
Ciao
Stephan
Stephan Mueller <smue...@chronox.de>: Sep 12 09:12PM -0500

Am Donnerstag, 12. September 2024, 21:05:58 GMT-5 schrieb Stephan Mueller:
 
Hi Kris,
 
> implementation as the used SHA-256 hash is not allowed to be used with 87
> and 65 (the digest size is not 2 * lambda). When lifting the restriction, I
> can validate the data.
 
To clarify the check the code applies, see:
 
https://github.com/smuellerDD/leancrypto/blob/master/ml-dsa/src/
dilithium_domain_separation.c#L77
 
Ciao
Stephan
Maxime Bros <maxim...@nist.gov>: Sep 12 11:35AM -0700

Dear Community,
 

 
I hope you're all doing well and that you’ve had an amazing summer ☀️ 😎 🏖️
.
 

 
I'm delighted to announce that the NIST PQC Seminars will have a second
Series of three talks 😀, this time about the 4th Round of the NIST PQC
Standardization Project.
 

 
Namely, there will be one talk per code-based candidate (see the dates
below), more information will be published on the website of the NIST PQC
Seminars soon:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
 
Please note that all talks below will happen at *10am US EDT (Eastern
Daylight Time, Washington D.C.), UTC-4.*
 

 
*#18 - [Classic McEliece] Tuesday, September, 17, 2024*
 

 
*#19 - [HQC] Friday, September, 20, 2024*
 

 
*#21 - [BIKE] Friday, September, 27, 2024*
 

 
Last but not least, I would like to take advantage of this post to announce
the 20th NIST PQC Seminar which will be about multivariate candidates for
the Additional Call for Signatures (also called "onramp"):
 

 
*#20 - [MAYO - UOV] Tuesday, September, 24, 2024*
 

 
As usual, instructions to connect to the seminars can be found on the
website, as well as information to subscribe to the mailing list of the
NIST PQC Seminars.
 

 
Thanks,
 

 
Dr. Maxime Bros
 
NIST PQC
 

 
On Friday, August 2, 2024 at 5:31:55 PM UTC-4 Maxime Bros wrote:
 
You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.
To unsubscribe from this group and stop receiving emails from it send an email to pqc-forum+...@list.nist.gov.
Reply all
Reply to author
Forward
0 new messages