Likewise, should we consider adding extensions for LMS and XMSS? We do have XMSS (but not LMS) listed in the Cryptographic Algorithm Enumeration table (Table 543, p 202), but we don’t have the LMS/XMSS parameter
sets listed in the “Digital Signature Algorithm Enumeration” table (Table 549, p 204).
--Tim
From:
kmip@lists.oasis-open.org <kmip@lists.oasis-open.org> on behalf of Mark Joseph <mark@p6r.com>
Date: Saturday, September 16, 2023 at 00:41
To: Tim Hudson <tjh@cryptsoft.com>, OASIS KMIP Technical Committee <kmip@lists.oasis-open.org>
Subject: Re: [kmip] NIST PQC identifiers
|
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and
know the content is safe.
|
Having gone through the drafts for FIPS-203, FIPS-204, and FIPS-205 I'd like to propose that we add corresponding Cryptographic Algorithm Identifiers for these into KMIP-3.0.
FIPS-203
========
ML-KEM-512 0x00000039
ML-KEM-768 0x0000003A
ML-KEM-1024 0x0000003B
FIPS-204
========
ML-DSA-44 0x0000003C
ML-DSA-65 0x0000003D
ML-DSA-87 0x0000003E
FIPS-205
========
SLH-DSA-SHA2-128s 0x0000003F
SLH-DSA-SHA2-128f 0x00000040
SLH-DSA-SHA2-192s 0x00000041
SLH-DSA-SHA2-192f 0x00000042
SLH-DSA-SHA2-256s 0x00000043
SLH-DSA-SHA2-256f 0x00000044
SLH-DSA-SHAKE-128s 0x00000045
SLH-DSA-SHAKE-128f 0x00000046
SLH-DSA-SHAKE-192s 0x00000047
SLH-DSA-SHAKE-192f 0x00000048
SLH-DSA-SHAKE-256s 0x00000049
SLH-DSA-SHAKE-256f 0x0000004A
I like this idea. I would be happy to add it to P6R KMIP products.
|