Merge pull request #5 from cose-wg/feature/akp

AKP updates
cose-wg · Oct 20, 2024 · 8fcb14c · 8fcb14c
2 parents d850d17 + 9ef2696
commit 8fcb14c
Showing 1 changed file with 15 additions and 14 deletions.
diff --git a/draft-ietf-cose-sphincs-plus.md b/draft-ietf-cose-sphincs-plus.md
@@ -4,7 +4,7 @@ abbrev: "jose-cose-sphincs-plus"
 category: std
 
 docname: draft-ietf-cose-sphincs-plus-latest
-submissiontype: IETF  # also: "independent", "editorial", "IAB", or "IRTF"
+submissiontype: IETF  
 number:
 date:
 consensus: true
@@ -73,19 +73,19 @@ Note to RFC Editor: This document should not proceed to AUTH48 until NIST comple
 
 # Introduction
 
-SLH-DSA is derived from Version 3.1 of SPHINCS+, as noted in {{FIPS-205}}.
+This document describes JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) serializations for the Stateless Hash-Based Digital Signature Standard (SLH-DSA), which was derived from Version 3.1 of SPHINCS+, a Post-Quantum Cryptography (PQC) based digital signature scheme.
 
-SPHINCS+ is one of the post quantum cryptography algorithms selected in {{NIST-PQC-2022}}.
+This document does not define any new cryptography, only serializations of existing cryptographic systems described in {{FIPS-205}}.
 
-TODO: Add complete examples for `SLH-DSA-SHA2-128s`, `SLH-DSA-SHAKE-128s`, `SLH-DSA-SHA2-128f`... ( all of them? really?)
+This document builds on the Algorithm Key Pair (AKP) type as defined in {{-ML-DSA}}. The AKP type enables flexible representation of keys used across different post-quantum cryptographic algorithms, including SLH-DSA.
 
 # Terminology
 
 {::boilerplate bcp14-tagged}
 
 # The SLH-DSA Algorithm Family
 
-The SLH-DSA Signature Scheme is paramaterized to support different security level.
+The SLH-DSA Signature Scheme is parameterized to support different security levels.
 
 This document requests the registration of the following algorithms in {{-IANA.jose}}:
 
@@ -107,19 +107,20 @@ This document requests the registration of the following algorithms in {{-IANA.c
 
 # SLH-DSA Keys
 
+Private and Public Keys are produced to enable the sign and verify operations for each of the SLH-DSA Algorithms. The SLH-DSA Algorithm Family uses the Algorithm Key Pair (AKP) key type, as defined in {{-ML-DSA}}. This ensures compatibility across different cryptographic algorithms that use AKP for key representation.
+
+The specific algorithms for SLH-DSA, such as SLH-DSA-SHA2-128s, SLH-DSA-SHAKE-128s, and SLH-DSA-SHA2-128f, are defined in this document and are used in the alg value of an AKP key representation to specify the algorithm that corresponds to the key.
 Like ML-DSA keys, SLH-DSA keys use the AKP Key Type.
 
 The thumbprints for SLH-DSA keys are also computed according to the process described in {{-ML-DSA}}
 
 # Security Considerations
 
-The following considerations SHOULD apply to all parmeter sets described
-in this specification, unless otherwise noted.
+The security considerations of {{-JWS}}, {{-JWK}} and {{-COSE}} applies to this specification as well.
+
+A detailed security analysis of SLH-DSA is beyond the scope of this specification, see {{FIPS-205}} for additional details.
 
-Care should be taken to ensure "kty" and intended use match, the
-algorithms described in this document share many properties with other
-cryptographic approaches from related families that are used for
-purposes other than digital signatures.
+The following considerations apply to all parameter sets described in this specification.
 
 ## Validating public keys
 
@@ -131,13 +132,13 @@ KeyValidate is REQUIRED.
 
 Implementations of the signing algorithm SHOULD protect the secret key
 from side-channel attacks. Multiple best practices exist to protect
-against side-channel attacks. Any implementation of the the Sphincs+
+against side-channel attacks. Any implementation of the SLH-DSA
 signing algorithms SHOULD utilize the following best practices at a
 minimum:
 
 - Constant timing - the implementation should ensure that constant time
   is utilized in operations
-- Sequence and memory access persistance - the implemention SHOULD
+- Sequence and memory access persistance - the implementation SHOULD
   execute the exact same sequence of instructions (at a machine level)
   with the exact same memory access independent of which polynomial is
   being operated on.
@@ -285,7 +286,7 @@ eyJpc3MiOiJ1cm46d...XVpZDo0NTYifQ\
   -1: h'7803c0f9...3f6e2c70',       / AKP Private Key             /
   -2: h'7803c0f9...3bba7abd',       / AKP Public Key              /
 }
-~~~~
+~~~
 {: #SLH-DSA-SHA2-128s-private-cose-key title="Example SLH-DSA-SHA2-128s Private COSE Key"}
 
 ~~~~ cbor-diag