chore: organize encodings, types by tiers

[rjzak]

Is what you were thinking @npmccallum @jedisct1? Which algorithms should be in which section?

Signed-off-by: Richard Zak richard@profian.com

[jedisct1]

We eventually proposed 4 different sections in the list of algorithms

required (rsa_*_2048_sha256, rsa_*_3072_sha384, rsa_*_4096_sha512, *sha*, *aes*)

recommended (chachapoly, other rsa options, secp256k1, p256, p384, x25519 & ed25519 should be there, they are all required by TLS 1.3)

optional (curve448, xoodyak, kyber)

reserved (xchachapoly, aegis, aes-cbc, aes-gcm-siv, aes-siv, cshake, kmac, whatever we think people may need)

[jedisct1]

Isn't Ed25519 FIPS compliant now?

https://csrc.nist.gov/CSRC/media/Presentations/NIST-Status-Update-on-Elliptic-Curves-and-Post-Qua/images-media/moody-dustin-threshold-crypto-workshop-March-2019.pdf

In addition, we are adding new elliptic curve signature algorithms (deterministic
ECDSA and EdDSA) and new elliptic curves (Edwards25519 and Edwards448).

(and: https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes )

Also, what document mentions that elliptic curves have been removed from FIPS?

https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf still refers to ECDSA and https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf (which documents p256, p384, p521).

[npmccallum]

@jedisct1 It was added in the FIPS 186-5 draft. However, it remains to be seen if it will be added in the released edition.

[npmccallum]

@jedisct1 Further, numerous organizations will be governed by 186-4 for years to come. Not all institutions adopt the new standards immediately.

[rjzak]

• Which Kyber to list? https://pq-crystals.org/kyber/ And how is it stored?

NSA Suite 2 says that Level V parameters should be used for all classification levels, so it should be Kyber-1024.

Encoding should only be raw for now until the specification is finalized.

• Could some of the blanks be filled in? I don't know how a lot of these algorithms work or how the data is represented.

Most of these are symmetric algorithms, not signature algorithms, so this is irrelevant.

The main table I was suggesting to update with the different tiers is this one, not the one with encodings for signature systems.

[jedisct1]

Gimme a sec, I'm going to suggest a change to your PR