lamps-wg / draft-composite-sigs

IETF Internet-Draft about X.509 certificates with composite keys and signatures.
Other
3 stars 1 forks source link

Add table of PK, Sig sizes #65

Open ounsworth opened 1 week ago

ounsworth commented 1 week ago

https://mailarchive.ietf.org/arch/msg/spasm/zfWx5fYjvuvohTOI7asQG4m-NDI/

Hi Mike,

Your draft: https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem/ could do with table on Npk, Nsk, and NSig sizes. Such tables greatly help in implementation.

The idea is from RFC 9180, Section 7.1 https://datatracker.ietf.org/doc/rfc9180/

[image: image.png]

The details of the calculations can be found here:

https://github.com/codespree/quantcrypt/blob/main/additional_info_keysize.md

All the best, Varun

In my opinion, we should get sample keys, signatures, and ciphertexts for all algorithms, and then measure them. This sounds like a hackathon project.

ZPDSSAI commented 1 week ago

Hi Mike,

I am Peiduo and I am from Varun(@codespree)'s team. We have computed the public key, secrete key and signature lengths for ML-DSA and its composite variations, and the public key, secrete key, shared secret, and cipher text lengths for ML-KEM and its composite variations. The full table documentation, together with notes on overhead computation, can be found in our project repo here.

Please check if the tables meet the requirement of this issue :)

Best regards, Zhao Peiduo

johngray-dev commented 1 week ago

Thanks for doing these computations. I had done some computations on a handful of them before IETF 120 and it looks like they align (which is always a good thing). I think we should be able to add these tables to an Appendix.