| Internet-Draft | +jose-cose-sphincs-plus | +January 2024 | +
| Prorock, et al. | +Expires 15 July 2024 | +[Page] | +
This document describes JOSE and COSE serializations for SLH-DSA, which was derived from SPHINCS+, a Post-Quantum Cryptography (PQC) based digital signature scheme.¶
+This document does not define any new cryptography, only seralizations of existing cryptographic systems described in [FIPS-205].¶
+Note to RFC Editor: This document should not proceed to AUTH48 until NIST completes paramater tuning and selection as a part of the PQC standardization process.¶
+This note is to be removed before publishing as an RFC.¶
++ The latest revision of this draft can be found at https://cose-wg.github.io/draft-ietf-cose-sphincs-plus/draft-ietf-cose-sphincs-plus.html. + Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-cose-sphincs-plus/.¶
++ Discussion of this document takes place on the + CBOR Object Signing and Encryption Working Group mailing list (mailto:cose@ietf.org), + which is archived at https://mailarchive.ietf.org/arch/browse/cose/. + Subscribe at https://www.ietf.org/mailman/listinfo/cose/.¶
+Source for this draft and an issue tracker can be found at + https://github.com/cose-wg/draft-ietf-cose-sphincs-plus.¶
++ This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79.¶
++ Internet-Drafts are working documents of the Internet Engineering Task + Force (IETF). Note that other groups may also distribute working + documents as Internet-Drafts. The list of current Internet-Drafts is + at https://datatracker.ietf.org/drafts/current/.¶
++ Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress."¶
++ This Internet-Draft will expire on 15 July 2024.¶
++ Copyright (c) 2024 IETF Trust and the persons identified as the + document authors. All rights reserved.¶
++ This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with + respect to this document. Code Components extracted from this + document must include Revised BSD License text as described in + Section 4.e of the Trust Legal Provisions and are provided without + warranty as described in the Revised BSD License.¶
+SLH-DSA is derived from Version 3.1 of SPHINCS+, as noted in [FIPS-205].¶
+SPHINCS+ is one of the post quantum cryptography algorithms selected in [NIST-PQC-2022].¶
+TODO: Add complete examples for SLH-DSA-SHA2-128s, SLH-DSA-SHAKE-128s, SLH-DSA-SHA2-128f... ( all of them? really?)¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", +"MAY", and "OPTIONAL" in this document are to be interpreted as +described in BCP 14 [RFC2119] [RFC8174] when, and only when, they +appear in all capitals, as shown here.¶
+The SLH-DSA Signature Scheme is paramaterized to support different security level.¶
+This document requests the registration of the following algorithms in [IANA.jose]:¶
+| Name | +alg | +Description | +
|---|---|---|
| SLH-DSA-SHA2-128s | +SLH-DSA-SHA2-128s | +JSON Web Signature Algorithm for SLH-DSA-SHA2-128s | +
| SLH-DSA-SHAKE-128s | +SLH-DSA-SHAKE-128s | +JSON Web Signature Algorithm for SLH-DSA-SHAKE-128s | +
| SLH-DSA-SHA2-128f | +SLH-DSA-SHA2-128f | +JSON Web Signature Algorithm for SLH-DSA-SHA2-128f | +
This document requests the registration of the following algorithms in [IANA.cose]:¶
+| Name | +alg | +Description | +
|---|---|---|
| SLH-DSA-SHA2-128s | +TBD (requested assignment -51) | +CBOR Object Signing Algorithm for SLH-DSA-SHA2-128s | +
| SLH-DSA-SHAKE-128s | +TBD (requested assignment -52) | +CBOR Object Signing Algorithm for SLH-DSA-SHAKE-128s | +
| SLH-DSA-SHA2-128f | +TBD (requested assignment -53) | +CBOR Object Signing Algorithm for SLH-DSA-SHA2-128f | +
Private and Public Keys are produced to enable the sign and verify opertaions for each of the SLH-DSA Algorithms.¶
+This document requests the registration of the following key types in [IANA.jose]:¶
+| Name | +kty | +Description | +
|---|---|---|
| SLH-DSA | +SLH-DSA | +JSON Web Key Type for the SLH-DSA Algorithm Family. | +
This document requests the registration of the following algorithms in [IANA.cose]:¶
+| Name | +kty | +Description | +
|---|---|---|
| SLH-DSA | +TBD (requested assignment 8) | +COSE Key Type for the SLH-DSA Algorithm Family. | +
TODO Security¶
+
+{
+ "kty": "SLH-DSA",
+ "alg": "SLH-DSA-SHA2-128s",
+ "pub": "V53SIdVF...uvw2nuCQ",
+ "priv": "V53SIdVF...cDKLbsBY"
+}
+
+
+{
+ "kty": "SLH-DSA",
+ "alg": "SLH-DSA-SHA2-128s",
+ "pub": "V53SIdVF...uvw2nuCQ"
+}
+
+TODO¶
+
+{
+ "alg": "SLH-DSA-SHA2-128s"
+}
+
++eyJhbGciOiJ...LCJraWQiOiI0MiJ9\ +.\ +eyJpc3MiOiJ1cm46d...XVpZDo0NTYifQ\ +.\ +5MSEgQ0dZB4SeLC...AAAAAABIhMUE ++
+{ / COSE Key /
+ 1: 8, / SLH-DSA Key Type /
+ 3: -51, / SLH-DSA-SHA2-128s Algorithm /
+ -13: h'7803c0f9...3f6e2c70', / SLH-DSA Private Key /
+ -14: h'7803c0f9...3bba7abd', / SLH-DSA Public Key /
+}
+
+
+{ / COSE Key /
+ 1: 8, / SLH-DSA Key Type /
+ 3: -51, / SLH-DSA-SHA2-128s Algorithm /
+ -13: h'7803c0f9...3f6e2c70' / SLH-DSA Private Key /
+}
+
+TODO¶
+
+{ / Protected /
+ 1: -51 / SLH-DSA-SHA2-128s Algorithm /
+}
+
+
+18( / COSE Sign 1 /
+ [
+ h'a10139d902', / Protected /
+ {}, / Unprotected /
+ h'66616b65', / Payload /
+ h'53e855e8...0f263549' / Signature /
+ ]
+)
+
+TODO acknowledge.¶
+| jose-cose-sphincs-plus | +plain text | +same as main | +
| jose-cose-sphincs-plus | +plain text | +same as main | +