Skip to content

Commit

Permalink
Merge pull request #4 from cose-wg/registries
Browse files Browse the repository at this point in the history 
Fix iana registries
  • Loading branch information
@mprorock
mprorock authored Oct 20, 2024
2 parents e031eed + 564dc75 commit d850d17
Showing 1 changed file with 46 additions and 107 deletions.
153 changes: 46 additions & 107 deletions draft-ietf-cose-sphincs-plus.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,12 @@ author:
normative:
IANA.jose: IANA.jose
IANA.cose: IANA.cose
I-D.draft-ietf-cose-dilithium: ML-DSA

informative:
FIPS-205:
title: "Stateless Hash-Based Digital Signature Standard"
target: https://csrc.nist.gov/pubs/fips/205/ipd
target: https://doi.org/10.6028/NIST.FIPS.205
NIST-PQC-2022:
title: "Selected Algorithms 2022"
target: https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Expand All @@ -64,9 +65,7 @@ informative:
--- abstract

This document describes JOSE and COSE serializations for SLH-DSA, which was derived from SPHINCS+, a Post-Quantum Cryptography (PQC) based digital signature scheme.

This document does not define any new cryptography, only seralizations of existing cryptographic systems described in {{FIPS-205}}.

Note to RFC Editor: This document should not proceed to AUTH48 until NIST completes paramater tuning and selection as a part of the [PQC](https://csrc.nist.gov/projects/post-quantum-cryptography) standardization process.


Expand All @@ -80,7 +79,6 @@ SPHINCS+ is one of the post quantum cryptography algorithms selected in {{NIST-P

TODO: Add complete examples for `SLH-DSA-SHA2-128s`, `SLH-DSA-SHAKE-128s`, `SLH-DSA-SHA2-128f`... ( all of them? really?)


# Terminology

{::boilerplate bcp14-tagged}
Expand All @@ -107,24 +105,11 @@ This document requests the registration of the following algorithms in {{-IANA.c
| SLH-DSA-SHA2-128f | TBD (requested assignment -53) | CBOR Object Signing Algorithm for SLH-DSA-SHA2-128f
{: #cose-algorithms align="left" title="COSE algorithms for SLH-DSA"}

# The SLH-DSA Key Type

Private and Public Keys are produced to enable the sign and verify opertaions for each of the SLH-DSA Algorithms.

This document requests the registration of the following key types in {{-IANA.jose}}:
# SLH-DSA Keys

| Name | kty | Description
|---
| SLH-DSA | SLH-DSA | JSON Web Key Type for the SLH-DSA Algorithm Family.
{: #jose-key-type align="left" title="JSON Web Key Type for SLH-DSA"}

This document requests the registration of the following algorithms in {{-IANA.cose}}:

| Name | kty | Description
|---
| SLH-DSA | TBD (requested assignment 8) | COSE Key Type for the SLH-DSA Algorithm Family.
{: #cose-key-type align="left" title="COSE Key Type for SLH-DSA"}
Like ML-DSA keys, SLH-DSA keys use the AKP Key Type.

The thumbprints for SLH-DSA keys are also computed according to the process described in {{-ML-DSA}}

# Security Considerations

Expand Down Expand Up @@ -171,115 +156,76 @@ randomness.

### New COSE Algorithms

IANA is requested to add the following entries to the COSE Algorithms Registry.
The following completed registration templates are provided as described in RFC9053 and RFC9054.

#### SLH-DSA-SHA2-128s

* Name: SLH-DSA-SHA2-128s
* Label: TBD (requested assignment -51)
* Value type: int
* Value registry: {{-IANA.cose}}
* Value: TBD (requested assignment -51)
* Description: CBOR Object Signing Algorithm for SLH-DSA-SHA2-128s
* Capabilities: `[kty]`
* Reference: RFC XXXX
* Recommended: Yes

#### SLH-DSA-SHAKE-128s

* Name: SLH-DSA-SHAKE-128s
* Label: TBD (requested assignment -52)
* Value type: int
* Value registry: {{-IANA.cose}}
* Value: TBD (requested assignment -52)
* Description: CBOR Object Signing Algorithm for SLH-DSA-SHAKE-128s
* Capabilities: `[kty]`
* Reference: RFC XXXX
* Recommended: Yes

#### SLH-DSA-SHA2-128f

* Name: SLH-DSA-SHA2-128f
* Label: TBD (requested assignment -53)
* Value type: int
* Value registry: {{-IANA.cose}}
* Value: TBD (requested assignment -53)
* Description: CBOR Object Signing Algorithm for SLH-DSA-SHA2-128f

### New COSE Key Types

#### SLH-DSA

* Name: SLH-DSA
* Label: TBD (requested assignment 8)
* Value type: int
* Value registry: {{-IANA.cose}}
* Description: COSE Key Type for the SLH-DSA Algorithm Family
* Capabilities: `[kty]`
* Reference: RFC XXXX
* Recommended: Yes

### New JOSE Algorithms

IANA is requested to add the following entries to the JSON Web Signature and Encryption Algorithms Registry. The following completed registration templates are provided as described in RFC7518.
IANA is requested to add the following entries to the JSON Web Signature and Encryption Algorithms Registry.
The following completed registration templates are provided as described in RFC7518.

#### SLH-DSA-SHA2-128s

* Algorithm Name: SLH-DSA-SHA2-128s
* Description: JSON Web Signature Algorithm for SLH-DSA-SHA2-128s as described in FIPS 205.
* Algorithm Description: SLH-DSA-SHA2-128s as described in FIPS 205.
* Algorithm Usage Location(s): alg
* JOSE Implementation Requirements: Optional
* Change Controller: IETF
* Value registry: {{-IANA.jose}} Algorithms
* Specification Document(s): RFC XXXX
* Algorithm Analysis Documents(s):
[https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf)
* Algorithm Analysis Documents(s): {{FIPS-205}}

#### SLH-DSA-SHAKE-128s

* Algorithm Name: SLH-DSA-SHAKE-128s
* Description: JSON Web Signature Algorithm for SLH-DSA-SHAKE-128s as described in FIPS 205.
* Algorithm Description: SLH-DSA-SHAKE-128s as described in FIPS 205.
* Algorithm Usage Location(s): alg
* JOSE Implementation Requirements: Optional
* Change Controller: IETF
* Value registry: {{-IANA.jose}} Algorithms
* Specification Document(s): RFC XXXX
* Algorithm Analysis Documents(s):
[https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf)
* Algorithm Analysis Documents(s): {{FIPS-205}}

#### SLH-DSA-SHA2-128f

* Algorithm Name: SLH-DSA-SHA2-128f
* Description: JSON Web Signature Algorithm for SLH-DSA-SHA2-128f as described in FIPS 205.
* Algorithm Description: SLH-DSA-SHA2-128f as described in FIPS 205.
* Algorithm Usage Location(s): alg
* JOSE Implementation Requirements: Optional
* Change Controller: IETF
* Value registry: {{-IANA.jose}} Algorithms
* Specification Document(s): RFC XXXX
* Algorithm Analysis Documents(s):
[https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf)

### New JOSE Key Types

IANA is requested to add the following entries to the JSON Web Key Types Registry. The following completed registration templates are provided as described in RFC7518 RFC7638.

#### SLH-DSA

* "kty" Parameter Value: SLH-DSA
* Key Type Description: JSON Web Key Type for the SLH-DSA Algorithm Family.
* JOSE Implementation Requirements: Optional
* Change Controller: IETF
* Specification Document(s): RFC XXXX

### New JSON Web Key Parameters
IANA is requested to add the following entries to the JSON Web Key Parameters Registry. The following completed registration templates are provided as described in RFC7517, and RFC7638.

#### ML-DSA Public Key
* Parameter Name: pub
* Parameter Description: Public or verification key
* Used with "kty" Value(s): SLH-DSA
* Parameter Information Class: Public
* Change Controller: IETF
* Specification Document(s): RFC XXXX

#### ML-DSA Secret Key
* Parameter Name: priv
* Parameter Description: Secret, private or signing key
* Used with "kty" Value(s): SLH-DSA
* Parameter Information Class: Private
* Change Controller: IETF
* Specification Document(s): RFC XXXX

* Algorithm Analysis Documents(s): {{FIPS-205}}

--- back


# Examples

## JOSE
Expand All @@ -288,7 +234,7 @@ IANA is requested to add the following entries to the JSON Web Key Parameters Re

~~~json
{
"kty": "SLH-DSA",
"kty": "AKP",
"alg": "SLH-DSA-SHA2-128s",
"pub": "V53SIdVF...uvw2nuCQ",
"priv": "V53SIdVF...cDKLbsBY"
Expand All @@ -298,16 +244,16 @@ IANA is requested to add the following entries to the JSON Web Key Parameters Re

~~~json
{
"kty": "SLH-DSA",
"kty": "AKP",
"alg": "SLH-DSA-SHA2-128s",
"pub": "V53SIdVF...uvw2nuCQ"
}
~~~
{: #SLH-DSA-SHA2-128s-public-jwk title="Example SLH-DSA-SHA2-128s Public JSON Web Key"}

### Thumbprint URI
### Thumbprint

TODO
The thumbprint is computed as described in

### JSON Web Signature

Expand All @@ -334,19 +280,19 @@ eyJpc3MiOiJ1cm46d...XVpZDo0NTYifQ\

~~~~ cbor-diag
{ / COSE Key /
1: 8, / SLH-DSA Key Type /
1: 7, / AKP Key Type /
3: -51, / SLH-DSA-SHA2-128s Algorithm /
-13: h'7803c0f9...3f6e2c70', / SLH-DSA Private Key /
-14: h'7803c0f9...3bba7abd', / SLH-DSA Public Key /
-1: h'7803c0f9...3f6e2c70', / AKP Private Key /
-2: h'7803c0f9...3bba7abd', / AKP Public Key /
}
~~~~
{: #SLH-DSA-SHA2-128s-private-cose-key title="Example SLH-DSA-SHA2-128s Private COSE Key"}

~~~~ cbor-diag
{ / COSE Key /
1: 8, / SLH-DSA Key Type /
1: 7, / AKP Key Type /
3: -51, / SLH-DSA-SHA2-128s Algorithm /
-13: h'7803c0f9...3f6e2c70' / SLH-DSA Private Key /
-2: h'7803c0f9...3bba7abd', / AKP Public Key /
}
~~~~
{: #SLH-DSA-SHA2-128s-public-cose-key title="Example SLH-DSA-SHA2-128s Public COSE Key"}
Expand All @@ -357,23 +303,16 @@ TODO

### COSE Sign 1


~~~~ cbor-diag
{ / Protected /
1: -51 / SLH-DSA-SHA2-128s Algorithm /
}
~~~~
{: #SLH-DSA-SHA2-128s-cose-protected-header-diagnostic title="Example SLH-DSA-SHA2-128s COSE Protected Header"}


~~~~ cbor-diag
18( / COSE Sign 1 /
[
h'a10139d902', / Protected /
{}, / Unprotected /
h'66616b65', / Payload /
h'53e855e8...0f263549' / Signature /
]
/ cose-sign1 / 18(
[
/ protected / <<{
/ algorithm / 1 : -51 / SLH-DSA-SHA2-128s /
}>>
/ unprotected / {},
/ payload / h'66616b65',
/ signature / h'53e855e8...0f263549'
]
)
~~~~
{: #SLH-DSA-SHA2-128s-cose-sign-1-diagnostic title="Example SLH-DSA-SHA2-128s COSE Sign 1"}
Expand Down

0 comments on commit d850d17

Please sign in to comment.