]> Entrust Limited

2500 Solandt Road -- Suite 100 Ottawa, Ontario K2K 3G5 Canada mike.ounsworth@entrust.com

Entrust Limited

2500 Solandt Road -- Suite 100 Ottawa, Ontario K2K 3G5 Canada john.gray@entrust.com

Security LAMPS X.509 CMS Post-Quantum KEM This document defines Post-Quantum / Traditional composite Key Encapsulation Mechanism (KEM) algorithms suitable for use within X.509 and PKIX and CMS protocols. Composite algorithms are provided which combine ML-KEM with RSA-KEM and ECDH-KEM. The provided set of composite algorithms should meet most Internet needs. This document assumes that all component algorithms are KEMs, and therefore it depends on and in order to promote RSA and ECDH respectively into KEMs. For the purpose of combining KEMs, the combiner function from is used. For use within CMS, this document is intended to be coupled with the CMS KEMRecipientInfo mechanism in . About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the LAMPS Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Changes in version -01 and -02 Changes affecting interoperability:

• Re-worked wire format and ASN.1 to remove vestiges of Generics.
  • Changed all SEQUENCE OF SIZE (2..MAX) to SEQUENCE OF SIZE (2).
  • Changed the definition of CompositeKEMPublicKey from SEQUENCE OF SubjectPublicKeyInfo to SEQUENCE OF BIT STRING since with complete removal of Generic Composites, there is no longer any need to carry the component AlgorithmIdentifiers.
  • Removed CompositeKEMParams since all params are now explicit in the OID.
• Defined KeyGen(), Encaps(), and Decaps() for a composite KEM algorithm.
• Removed the discussion of KeyTrans -> KEM and KeyAgree -> KEM promotions, and instead simply referenced and .
• Made RSA keys fixed-length at 2048 and 3072, both at the NIST Level 1 / AES-128 security level.
• Re-worked section 4.1 (id-MLKEM768-RSA3072-KMAC256) to Reference 5990bis and its updated structures.
• Removed RSA-KEM KDF params and make them implied by the OID; ie provide a profile of 5990bis.
• Aligned combiner with draft-ounsworth-cfrg-kem-combiners-04.
• Added id-MLKEM512-RSA2048-KMAC128 so that we have an RSA 2048 option.

Editorial changes:

• Refactored to use MartinThomson github template.
• Made this document standalone by folding in the minimum necessary content from composite-keys and dropping the cross-reference to composite-sigs.
• Added a paragraph describing how to reconstitute component SPKIs.
• Added an Implementation Consideration about FIPS validation where only one component algorithm is FIPS-approved.
• Shortened the abstract (moved some content into Intro).
• Brushed up the Security Considerations.
• Made a proper IANA Considerations section.
• Rename "Kyber" to "ML-KEM".

Still to do in a future version: [ ] We need PEM samples ... 118 hackathon? OQS friends? David @ BC? The right format for samples is probably to follow the hackathon ... a Dilithium or ECDSA trust anchor certificate, a composite KEM end entity certificate, and a CMS EnvolepedData sample encrypted for that composite KEM certificate.

Introduction The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for long data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptalanysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics falling to classical algorithmic attacks as well as hardware and software implementations that have not had sufficient maturing time to rule out catestrophic implementation bugs. Unlike previous cryptographic algorithm migrations, the choice of when to migrate and which algorithms to migrate to, is not so clear. Cautious implementers may wish to combine cryptographic algorithms such that an attacker would need to break all of them in order to compromise the data being protected. Such mechanisms are referred to as Post-Quantum / Traditional Hybrids . PQ/T Hybrid cryptography can, in general, provide solutions to two migration problems:

• Algorithm strength uncertainty: During the transition period, some post-quantum signature and encryption algorithms will not be fully trusted, while also the trust in legacy public key algorithms will start to erode. A relying party may learn some time after deployment that a public key algorithm has become untrustworthy, but in the interim, they may not know which algorithm an adversary has compromised.
• Ease-of-migration: During the transition period, systems will require mechanisms that allow for staged migrations from fully classical to fully post-quantum-aware cryptography.

This document defines a specific instantiation of the PQ/T Hybrid paradigm called "composite" where multiple cryptographic algorithms are combined to form a single key encapsulation mechanism (KEM) key and ciphertext such that they can be treated as a single atomic algorithm at the protocol level. Composite algorithms address algorithm strength uncertainty because the composite algorithm remains strong so long as one of its components remains strong. Concrete instantiations of composite KEM algorithms are provided based on ML-KEM, RSA-KEM and ECDH-KEM. Backwards compatibility is not directly covered in this document, but is the subject of . This document is intended for general applicability anywhere that key establishment or enveloped content encryption is used within PKIX or CMS structures.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document is consistent with all terminology from . In addition, the following terms are used in this document: COMBINER: A combiner specifies how multiple shared secrets are combined into a single shared secret. DER: Distinguished Encoding Rules as defined in . KEM: A key encapsulation mechanism as defined in . PKI: Public Key Infrastructure, as defined in . SHARED SECRET: A value established between two communicating parties for use as cryptographic key material, but which cannot be learned by an active or passive adversary. This document is concerned with shared secrets established via public key cryptagraphic operations.

Composite Design Philosophy defines composites as:

• Composite Cryptographic Element: A cryptographic element that incorporates multiple component cryptographic elements of the same type in a multi-algorithm scheme.

Composite keys as defined here follow this definition and should be regarded as a single key that performs a single cryptographic operation such key generation, signing, verifying, encapsulating, or decapsulating -- using its internal sequence of component keys as if they form a single key. This generally means that the complexity of combining algorithms can and should be handled by the cryptographic library or cryptographic module, and the single composite public key, private key, and ciphertext can be carried in existing fields in protocols such as PKCS#10 , CMP , X.509 , CMS , and the Trust Anchor Format . In this way, composites achieve "protocol backwards-compatibility" in that they will drop cleanly into any protocol that accepts KEM algorithms without requiring any modification of the protocol to handle multiple keys.

Composite Key Encapsulation Mechanisms (KEMs) We borrow here the definition of a key encapsulation mechanism (KEM) from , in which a KEM is a cryptographic primitive that consists of three algorithms:

• KeyGen() -> (pk, sk): A probabilistic key generation algorithm, which generates a public key pk and a secret key sk.
• Encaps(pk) -> (ct, ss): A probabilistic encapsulation algorithm, which takes as input a public key pk and outputs a ciphertext ct and shared secret ss.
• Decaps(sk, ct) -> ss: A decapsulation algorithm, which takes as input a secret key sk and ciphertext ct and outputs a shared secret ss, or in some cases a distinguished error value.

The KEM interface defined above differs from both traditional key transport mechanism (for example for use with KeyTransRecipientInfo defined in ), and key agreement (for example for use with KeyAgreeRecipientInfo defined in ). The KEM interface was chosen as the interface for a composite key establishment because it allows for arbitrary combinations of component algorithm types since both key transport and key agreement mechanisms can be promoted into KEMs. This specification uses the Post-Quantum KEM ML-KEM as specified in and . For Traditional KEMs, this document relies on the RSA-KEM construction defined in and the Elliptic Curve DHKEM defined in . A composite KEM allows two or more underlying key transport, key agreement, or KEM algorithms to be combined into a single cryptographic operation by performing each operation, transformed to a KEM as outline above, and using a specified combiner function to combine the two or more component shared secrets into a single shared secret.

Composite KeyGen The KeyGen() -> (pk, sk) of a composite KEM algorithm will perform the KeyGen() of the respective component KEM algorithms and it produces a composite public key pk as per and a composite secret key sk is per .

Composite Encaps The Encaps(pk) -> (ct, ss) of a composite KEM algorithm is defined as:

Composite Encaps(pk)

where Combiner(ct1, ss1, ct2, ss2, fixedInfo) is defined in and CompositeCiphertextValue is defined in .

Composite Decaps The Decaps(sk, ct) -> ss of a composite KEM algorithm is defined as:

Composite Decaps(sk, ct)

where Combiner(ct1, ss1, ct2, ss2, fixedInfo) is defined in {sec-kem-combiner}.

Component Algorithm Selection Criteria The composite algorithm combinations defined in this document were chosen according to the following guidelines:

1. RSA combinations are provided at key sizes of 2048 and 3072 bits. Since RSA 2048 and 3072 are considered to have 112 and 128 bits of classical security respectively, they are both matched with NIST PQC Level 1 algorithms and 128-bit symmetric algorithms.
2. Elliptic curve algorithms are provided with combinations on each of the NIST , Brainpool , and Edwards curves. NIST PQC Levels 1 - 3 algorithms are matched with 256-bit curves, while NIST levels 4 - 5 are matched with 384-bit elliptic curves. This provides a balance between matching classical security levels of post-quantum and traditional algorithms, and also selecting elliptic curves which already have wide adoption.
3. NIST level 1 candidates are provided, matched with 256-bit elliptic curves, intended for constrained use cases.

If other combinations are needed, a separate specification should be submitted to the IETF LAMPS working group. To ease implementation, these specifications are encouraged to follow the construction pattern of the algorithms specified in this document. The composite structures defined in this specification allow only for pairs of algorithms. This also does not preclude future specification from extending these structures to define combinations with three or more components.

Composite Key Structures

pk-CompositeKEM The following ASN.1 Information Object Class is a template to be used in defining all composite KEM public key types. As an example, the public key type pk-MLKEM512-ECDH-P256-KMAC128 is defined as: The full set of key types defined by this specification can be found in the ASN.1 Module in .

CompositeKEMPublicKey Composite public key data is represented by the following structure: A composite key MUST contain two component public keys. The order of the component keys is determined by the definition of the corresponding algorithm identifier as defined in section . Some applications may need to reconstruct the SubjectPublicKeyInfo objects corresponding to each component public key. in provides the necessary mapping between composite and their component algorithms for doing this reconstruction. This also motivates the design choice of SEQUENCE OF BIT STRING instead of SEQUENCE OF OCTET STRING; using BIT STRING allows for easier transcription between CompositeKEMPublicKey and SubjectPublicKeyInfo. When the CompositeKEMPublicKey must be provided in octet string or bit string format, the data structure is encoded as specified in .

CompositeKEMPrivateKey Usecases that require an interoperable encoding for composite private keys, such as when private keys are carried in PKCS #12 , CMP or CRMF MUST use the following structure. Each element is a OneAsymmetricKey` object for a component private key. The parameters field MUST be absent. The order of the component keys is the same as the order defined in for the components of CompositeKEMPublicKey. When a CompositePrivateKey is conveyed inside a OneAsymmetricKey structure (version 1 of which is also known as PrivateKeyInfo) , the privateKeyAlgorithm field SHALL be set to the corresponding composite algorithm identifier defined according to , the privateKey field SHALL contain the CompositeKEMPrivateKey, and the publicKey field MUST NOT be present. Associated public key material MAY be present in the CompositeKEMPrivateKey. In some usecases the private keys that comprise a composite key may not be represented in a single structure or even be contained in a single cryptographic module; for example if one component is within the FIPS boundary of a cryptographic module and the other is not; see {sec-fips} for more discussion. The establishment of correspondence between public keys in a CompositeKEMPublicKey and private keys not represented in a single composite structure is beyond the scope of this document.

Encoding Rules Many protocol specifications will require that the composite public key and composite private key data structures be represented by an octet string or bit string. When an octet string is required, the DER encoding of the composite data structure SHALL be used directly. When a bit string is required, the octets of the DER encoded composite data structure SHALL be used as the bits of the bit string, with the most significant bit of the first octet becoming the first bit, and so on, ending with the least significant bit of the last octet becoming the last bit of the bit string.

Composite KEM Structures

kema-CompositeKEM The ASN.1 algorithm object for a composite KEM is:

CompositeCiphertextValue The compositeCipherTextValue is a concatenation of the ciphertexts of the underlying component algorithms. It is represented in ASN.1 as follows: A composite KEM and CompositeCipherTextValue MAY be associated with a composite KEM public key, but MAY also be associated with multiple public keys from different sources, for example multiple X.509 certificates, or multiple cryptographic modules. In the latter case, composite KEMs MAY be used as the mechanism for carrying multiple ciphertexts, for example, in a non-composite hybrid encryption equivalent of those described for digital signatures in .

KEM Combiner TODO: as per https://www.enisa.europa.eu/publications/post-quantum-cryptography-integration-study section 4.2, might need to specify behaviour in light of KEMs with a non-zero failure probility. This document follows the construction of , which is repeated here for clarity and simplified to take two imput shared secrets:

Generic KEM combiner construction

where:

• KDF(message, outputBits) represents a hash function suitable to the chosen KEMs according to {tab-kem-combiners}.
• fixedInfo SHALL be the ASCII-encoded string name of the composite KEM algorithm as listed in .
• counter SHALL be the fixed 32-bit value 0x00000001 which is placed here soly for the purposes of easy compliance with .
• || represents concatenation.

Each registered composite KEM algorithm must specify the choice of KDF, fixedInfo, and outputBits to be used. See for further discussion of the security coniserations of this KEM combiner.

Named KEM Combiner parameter sets This specification references KEM combiner instantiations according to the following names: KEM Combiners

KEM Combiner Name	KDF	outputBits
KMAC128/256	KMAC128	256
KMAC256/384	KMAC256	384
KMAC256/512	KMAC256	512

KMAC is defined in NIST SP 800-185 . The KMAC(K, X, L, S) parameters are instantiated as follows:

• K: the ASCI value of the name of the Kem Type OID.
• X: the message input to KDF(), as defined above.
• L: integer representation of outputBits.
• S: empty string.

BEGIN EDNOTE these choices are somewhat arbitrary but aiming to match security level of the input KEMs. Feedback welcome.

• ML-KEM-512: KMAC128/256
• ML-KEM-768: KMAC256/384
• ML-KEM-1024 KMAC256/512

END EDNOTE

Example KEM Combiner instantiation For example, the KEM combiner used with the first entry of , id-MLKEM512-ECDH-P256-KMAC128 would be:

Algorithm Identifiers This table summarizes the list of composite KEM algorithms and lists the OID, two component algorithms, and the combiner function. EDNOTE: The OID referenced are TBD and MUST be used only for prototyping and replaced with the final IANA-assigned OIDS. The following prefix is used for each: replace <CompKEM> with the String "2.16.840.1.114027.80.5.2". TODO: OIDs to be replaced by IANA. Therefore <CompKEM>.1 is equal to 2.16.840.1.114027.80.5.2.1 Composite KEM key types

KEM Type OID	OID	First Algorithm	Second Algorithm	KEM Combiner
id-MLKEM512-ECDH-P256-KMAC128	<CompKEM>.1	MLKEM512	ECDH-P256	KMAC128/256
id-MLKEM512-ECDH-brainpoolP256r1-KMAC128	<CompKEM>.2	MLKEM512	ECDH-brainpoolp256r1	KMAC128/256
id-MLKEM512-X25519-KMAC128	<CompKEM>.3	MLKEM512	X25519	KMAC128/256
id-MLKEM512-RSA2048-KMAC128	<CompKEM>.13	MLKEM512	RSA-KEM 2048	KMAC128/256
id-MLKEM512-RSA3072-KMAC128	<CompKEM>.4	MLKEM512	RSA-KEM 3072	KMAC128/256
id-MLKEM768-ECDH-P256-KMAC256	<CompKEM>.5	MLKEM768	ECDH-P256	KMAC256/384
id-MLKEM768-ECDH-brainpoolP256r1-KMAC256	<CompKEM>.6	MLKEM768	ECDH-brainpoolp256r1	KMAC256/384
id-MLKEM768-X25519-KMAC256	<CompKEM>.7	MLKEM768	X25519	KMAC256/384
id-MLKEM1024-ECDH-P384-KMAC256	<CompKEM>.8	MLKEM1024	ECDH-P384	KMAC256/512
id-MLKEM1024-ECDH-brainpoolP384r1-KMAC256	<CompKEM>.9	MLKEM1024	ECDH-brainpoolP384r1	KMAC256/512
id-MLKEM1024-X448-KMAC256	<CompKEM>.10	MLKEM1024	X448	KMAC256/512

The table above contains everything needed to implement the listed explicit composite algorithms, with the exception of some special notes found below in this section. See the ASN.1 module in section for the explicit definitions of the above Composite signature algorithms. Full specifications for the referenced algorithms can be found as follows:

• ECDH: There does not appear to be a single IETF definition of ECDH, so we refer to the following:
  • ECDH NIST: SHALL be Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECC CDH) as defined in section 5.7.1.2 of .
  • ECDH BSI / brainpool: SHALL be Elliptic Curve Key Agreement algorithm (ECKA) as defined in section 4.3.1 of
• ML-KEM: and
• RSA-KEM:
• X25519 / X448:

Note that all ECDH as well as X25519 and X448 algorithms MUST be promoted into KEMs according to . EDNOTE: I believe that and give equivalent and interoperable algorithms, so maybe this is extranuous detail to include? The "KEM Combiner" column refers to the definitions in .

RSA-KEM Parameters Use of RSA-KEM within id-MLKEM512-RSA2048-KMAC128 and id-MLKEM512-RSA3072-KMAC128 requires additional specification. The RSA component keys MUST be generated at the 2048-bit and 3072-bit security level respectively. As with the other composite KEM algorithms, when id-MLKEM512-RSA2048-KMAC128 or id-MLKEM512-RSA3072-KMAC128 is used in an AlgorithmIdentifier, the parameters MUST be absent. The RSA-KEM SHALL be instantiated with the following parameters: RSA-KEM 2048 Parameters

RSA-KEM Parameter	Value
keyDerivationFunction	kda-kdf3 with id-sha3-256
keyLength	128

where:

• kda-kdf3 is defined in which references it from .
• mda-shake256 is defined in .

ASN.1 Module Composite-KEM-2023 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-composite-kems(TBDMOD) } DEFINITIONS IMPLICIT TAGS ::= BEGIN EXPORTS ALL; IMPORTS PUBLIC-KEY, AlgorithmIdentifier{} FROM AlgorithmInformation-2009 -- RFC 5912 [X509ASN1] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } KEM-ALGORITHM, KEMAlgSet FROM KEMAlgorithmInformation-2023 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-kemAlgorithmInformation-2023(99) } SubjectPublicKeyInfo FROM PKIX1Explicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } OneAsymmetricKey FROM AsymmetricKeyPackageModuleV1 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-asymmetricKeyPkgV1(50) } RSAPublicKey, ECPoint FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-algorithms2008-02(56) } ; -- -- Object Identifiers -- -- Defined in ITU-T X.690 der OBJECT IDENTIFIER ::= {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)} -- -- Composite KEM basic structures -- CompositeKEMPublicKey ::= SEQUENCE SIZE (2) OF BIT STRING CompositeKEMPublicKeyOs ::= OCTET STRING (CONTAINING CompositeKEMPublicKey ENCODED BY der) CompositeKEMPublicKeyBs ::= BIT STRING (CONTAINING CompositeKEMPublicKey ENCODED BY der) CompositeKEMPrivateKey ::= SEQUENCE SIZE (2) OF OneAsymmetricKey CompositeCiphertextValue ::= SEQUENCE SIZE (2) OF OCTET STRING -- -- Information Object Classes -- pk-CompositeKEM { OBJECT IDENTIFIER:id, FirstPublicKeyType, SecondPublicKeyType} PUBLIC-KEY ::= { IDENTIFIER id KEY SEQUENCE { BIT STRING (CONTAINING FirstPublicKeyType) BIT STRING (CONTAINING SecondPublicKeyType) } PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } } kema-CompositeKEM { OBJECT IDENTIFIER:id, PUBLIC-KEY:publicKeyType } KEM-ALGORITHM ::= { IDENTIFIER id VALUE CompositeCiphertextValue PARAMS ARE absent PUBLIC-KEYS { publicKeyType } } -- -- Composite KEM Algorithms -- -- TODO: OID to be replaced by IANA id-MLKEM512-ECDH-P256-KMAC128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 1 } pk-MLKEM512-ECDH-P256-KMAC128 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-ECDH-P256-KMAC128, OCTET STRING, ECPoint } kema-MLKEM512-ECDH-P256-KMAC128 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM512-ECDH-P256-KMAC128, pk-MLKEM512-ECDH-P256-KMAC128 } -- TODO: OID to be replaced by IANA id-MLKEM512-ECDH-brainpoolP256r1-KMAC128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 2 } pk-MLKEM512-ECDH-brainpoolP256r1-KMAC128 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-ECDH-brainpoolP256r1-KMAC128, OCTET STRING, ECPoint } kema-MLKEM512-ECDH-brainpoolP256r1-KMAC128 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM512-ECDH-brainpoolP256r1-KMAC128, pk-MLKEM512-ECDH-brainpoolP256r1-KMAC128 } -- TODO: OID to be replaced by IANA id-MLKEM512-X25519-KMAC128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 3 } pk-MLKEM512-X25519-KMAC128 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-X25519-KMAC128, OCTET STRING, OCTET STRING } kema-MLKEM512-X25519-KMAC128 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM512-X25519-KMAC128, pk-MLKEM512-X25519-KMAC128 } -- TODO: OID to be replaced by IANA id-MLKEM512-RSA2048-KMAC128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 13 } pk-MLKEM512-RSA2048-KMAC128 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-RSA2048-KMAC128, OCTET STRING, RSAPublicKey } kema-MLKEM512-RSA2048-KMAC128 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM512-RSA2048-KMAC128, pk-MLKEM512-RSA2048-KMAC128 } -- TODO: OID to be replaced by IANA id-MLKEM512-RSA3072-KMAC128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 4 } pk-MLKEM512-RSA3072-KMAC128 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-RSA3072-KMAC128, OCTET STRING, RSAPublicKey } kema-MLKEM512-RSA3072-KMAC128 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM512-RSA3072-KMAC128, pk-MLKEM512-RSA3072-KMAC128 } -- TODO: OID to be replaced by IANA id-MLKEM768-ECDH-P256-KMAC256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 5 } pk-MLKEM768-ECDH-P256-KMAC256 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM768-ECDH-P256-KMAC256, OCTET STRING, ECPoint } kema-MLKEM768-ECDH-P256-KMAC256 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM768-ECDH-P256-KMAC256, pk-MLKEM768-ECDH-P256-KMAC256 } -- TODO: OID to be replaced by IANA id-MLKEM768-ECDH-brainpoolP256r1-KMAC256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 6 } pk-MLKEM768-ECDH-brainpoolP256r1-KMAC256 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM768-ECDH-brainpoolP256r1-KMAC256, OCTET STRING, ECPoint } kema-MLKEM768-ECDH-brainpoolP256r1-KMAC256 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM768-ECDH-brainpoolP256r1-KMAC256, pk-MLKEM768-ECDH-brainpoolP256r1-KMAC256 } -- TODO: OID to be replaced by IANA id-MLKEM768-X25519-KMAC256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 7 } pk-MLKEM768-X25519-KMAC256 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM768-X25519-KMAC256, OCTET STRING, OCTET STRING } kema-MLKEM768-X25519-KMAC256 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM768-X25519-KMAC256, pk-MLKEM768-X25519-KMAC256 } -- TODO: OID to be replaced by IANA id-MLKEM1024-ECDH-P384-KMAC256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 8 } pk-MLKEM1024-ECDH-P384-KMAC256 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM1024-ECDH-P384-KMAC256, OCTET STRING, ECPoint } kema-MLKEM1024-ECDH-P384-KMAC256 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM1024-ECDH-P384-KMAC256, pk-MLKEM1024-ECDH-P384-KMAC256 } -- TODO: OID to be replaced by IANA id-MLKEM1024-ECDH-brainpoolP384r1-KMAC256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 9 } pk-MLKEM1024-ECDH-brainpoolP384r1-KMAC256 PUBLIC-KEY ::= pk-CompositeKEM{ id-MLKEM1024-ECDH-brainpoolP384r1-KMAC256, OCTET STRING, ECPoint } kema-MLKEM1024-ECDH-brainpoolP384r1-KMAC256 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM1024-ECDH-brainpoolP384r1-KMAC256, pk-MLKEM1024-ECDH-brainpoolP384r1-KMAC256 } -- TODO: OID to be replaced by IANA id-MLKEM1024-X448-KMAC256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 10 } pk-MLKEM1024-X448-KMAC256 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM1024-X448-KMAC256, OCTET STRING, OCTET STRING } kema-MLKEM1024-X448-KMAC256 KEM-ALGORITHM ::= kema-CompositeKEM{ id-MLKEM1024-X448-KMAC256, pk-MLKEM1024-X448-KMAC256 } END ]]>

IANA Considerations

Object Identifier Allocations EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in .

Module Registration - SMI Security for PKIX Module Identifier

• Decimal: IANA Assigned - Replace TBDMOD
• Description: Composite-KEM-2023 - id-mod-composite-kems
• References: This Document

Object Identifier Registrations - SMI Security for PKIX Algorithms

• id-MLKEM512-ECDH-P256-KMAC128
  • Decimal: IANA Assigned
  • Description: id-MLKEM512-ECDH-P256-KMAC128
  • References: This Document
• id-MLKEM512-ECDH-brainpoolP256r1-KMAC128
  • Decimal: IANA Assigned
  • Description: id-MLKEM512-ECDH-brainpoolP256r1-KMAC128
  • References: This Document
• id-MLKEM512-X25519-KMAC128
  • Decimal: IANA Assigned
  • Description: id-MLKEM512-X25519-KMAC128
  • References: This Document
• id-MLKEM768-RSA3072-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM768-3072-KMAC256
  • References: This Document
• id-MLKEM768-ECDH-P256-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM768-ECDH-P256-KMAC256
  • References: This Document
• id-MLKEM768-ECDH-brainpoolP256r1-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM768-ECDH-brainpoolP256r1-KMAC256
  • References: This Document
• id-MLKEM768-X25519-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM768-X25519-KMAC256
  • References: This Document
• id-MLKEM1024-ECDH-P384-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM1024-ECDH-P384-KMAC256
  • References: This Document
• id-MLKEM1024-ECDH-brainpoolP384r1-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM1024-ECDH-brainpoolP384r1-KMAC256
  • References: This Document
• id-MLKEM1024-X448-KMAC256
  • Decimal: IANA Assigned
  • Description: id-MLKEM1024-X448-KMAC256
  • References: This Document

Security Considerations

Policy for Deprecated and Acceptable Algorithms Traditionally, a public key or certificate contains a single cryptographic algorithm. If and when an algorithm becomes deprecated (for example, RSA-512, or SHA1), it is obvious that the public keys or certificates using that algorithm are to be considered revoked. In the composite model this is less obvious since implementers may decide that certain cryptographic algorithms have complementary security properties and are acceptable in combination even though one or both algorithms are deprecated for individual use. As such, a single composite public key or certificate may contain a mixture of deprecated and non-deprecated algorithms. Since composite algorithms are registered independently of their component algorithms, their deprecation can be handled indpendently from that of their component algorithms. For example a cryptographic policy might continue to allow id-MLKEM512-ECDH-P256-KMAC128 even after ECDH-P256 is deprecated. The composite KEM design specified in this document, and especially that of the KEM combiner specified in means that the overall composite KEM algorithm should be considered to have the security strength of the strongest of its component algorithms; ie as long as one component algorithm remains strong, then the overall composite algorithm remains strong.

KEM Combiner This document uses directly the KEM Combiner defined in and therefore IND-CCA2 of any of its ingredient KEMs, i.e. the newly formed combined KEM is IND-CCA2 secure as long as at least one of the ingredient KEMs is provides two different constructions depending on the properties of the component KEMs:

• If both the secret share ss_i and the ciphertext ct_i are constant length, then k_i MAY be constructed concatenating the two values. If ss_i or ct_i are not guaranteed to have constant length, it is REQUIRED to append the rlen encoded length when concatenating, prior to inclusion in the overall construction.

The component KEMs used in this specification are RSA-KEM , ECDH KEM and ML-KEM all of which meet the criteria of having constant-length shared secrets and ciphertexts and therefore we justify using the simpler construction that omits the length tag.

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK] This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK] This document defines the syntax for private-key information and a content type for it. Private-key information includes a private key for a specified public-key algorithm and a set of attributes. The Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be used to digitally sign, digest, authenticate, or encrypt the asymmetric key format content type. This document obsoletes RFC 5208. [STANDARDS-TRACK] The RSA-KEM Key Transport Algorithm is a one-pass (store-and-forward) mechanism for transporting keying data to a recipient using the recipient's RSA public key. ("KEM" stands for "key encapsulation mechanism".) This document specifies the conventions for using the RSA-KEM Key Transport Algorithm with the Cryptographic Message Syntax (CMS). The ASN.1 syntax is aligned with an expected forthcoming change to American National Standard (ANS) X9.44. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document specifies algorithm identifiers and ASN.1 encoding formats for elliptic curve constructs using the curve25519 and curve448 curves. The signature algorithms covered are Ed25519 and Ed448. The key agreement algorithms covered are X25519 and X448. The encoding for public key, private key, and Edwards-curve Digital Signature Algorithm (EdDSA) structures is provided. When the Curdle Security Working Group was chartered, a range of object identifiers was donated by DigiCert, Inc. for the purpose of registering the Edwards Elliptic Curve key agreement and signature algorithms. This donated set of OIDs allowed for shorter values than would be possible using the existing S/MIME or PKIX arcs. This document describes the donated range and the identifiers that were assigned from that range, transfers control of that range to IANA, and establishes IANA allocation policies for any future assignments within that range. Vigil Security sn3rd The RSA Key Encapsulation Mechanism (RSA-KEM) Algorithm is a one-pass (store-and-forward) cryptographic mechanism for an originator to securely send keying material to a recipient using the recipient's RSA public key. The RSA-KEM Algorithm is specified in Clause 11.5 of ISO/IEC: 18033-2:2006. This document specifies the conventions for using the RSA-KEM Algorithm with the Cryptographic Message Syntax (CMS) using KEMRecipientInfo as specified in draft-ietf-lamps-cms- kemri. Entrust Limited Entrust Limited Vigil Security, LLC The DHKEM Algorithm is a one-pass (store-and-forward) mechanism for establishing keying data to a recipient using the recipient's Diffie- Hellman or elliptic curve Diffie-Hellman public key. This document defines a mechanism to wrap Ephemeral-Static (E-S) Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) such that it can be used in KEM interfaces within the Cryptographic Message Syntax (CMS). This is a sister document to RSA-KEM [RFC5990] and simplifies future cryptographic protocol design by only needing to handle KEMs at the protocol level. Vigil Security, LLC This document describes the conventions for using the four one-way hash functions in the SHA3 family with the Cryptographic Message Syntax (CMS). American National Standards Institute National Institute of Standards and Technology (NIST) ITU-T Federal Office for Information Security (BSI) National Institute of Standards and Technology (NIST) National Institute of Standards and Technology (NIST) National Institute of Standards and Technology (NIST) Informative References This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community. This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides on-line interactions between PKI components, including an exchange between a Certification Authority (CA) and a client system. [STANDARDS-TRACK] This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol. [STANDARDS-TRACK] This memo proposes several elliptic curve domain parameters over finite prime fields for use in cryptographic applications. The domain parameters are consistent with the relevant international standards, and can be used in X.509 certificates and certificate revocation lists (CRLs), for Internet Key Exchange (IKE), Transport Layer Security (TLS), XML signatures, and all applications or protocols based on the cryptographic message syntax (CMS). This document is not an Internet Standards Track specification; it is published for informational purposes. This document describes a structure for representing trust anchor information. A trust anchor is an authoritative entity represented by a public key and associated data. The public key is used to verify digital signatures, and the associated data is used to constrain the types of information or actions for which the trust anchor is authoritative. The structures defined in this document are intended to satisfy the format-related requirements defined in Trust Anchor Management Requirements. [STANDARDS-TRACK] This note describes the fundamental algorithms of Elliptic Curve Cryptography (ECC) as they were defined in some seminal references from 1994 and earlier. These descriptions may be useful for implementing the fundamental algorithms without using any of the specialized methods that were developed in following years. Only elliptic curves defined over fields of characteristic greater than three are in scope; these curves are those used in Suite B. This document is not an Internet Standards Track specification; it is published for informational purposes. PKCS #12 v1.1 describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions. Machines, applications, browsers, Internet kiosks, and so on, that support this standard will allow a user to import, export, and exercise a single set of personal identity information. This standard supports direct transfer of personal information under several privacy and integrity modes. This document represents a republication of PKCS #12 v1.1 from RSA Laboratories' Public Key Cryptography Standard (PKCS) series. By publishing this RFC, change control is transferred to the IETF. This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard. This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties. This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 5751. University of Waterloo Cisco Systems University of Haifa and Amazon Web Services Hybrid key exchange refers to using multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if all but one of the component algorithms is broken. It is motivated by transition to post-quantum cryptography. This document provides a construction for hybrid key exchange in the Transport Layer Security (TLS) protocol version 1.3. Discussion of this work is encouraged to happen on the TLS IETF mailing list tls@ietf.org or on the GitHub repository which contains the draft: https://github.com/dstebila/draft-ietf-tls-hybrid-design. UK National Cyber Security Centre One aspect of the transition to post-quantum algorithms in cryptographic protocols is the development of hybrid schemes that incorporate both post-quantum and traditional asymmetric algorithms. This document defines terminology for such schemes. It is intended to ensure consistency and clarity across different protocols, standards, and organisations. Entrust Limited Proton AG BSI The migration to post-quantum cryptography often calls for performing multiple key encapsulations in parallel and then combining their outputs to derive a single shared secret. This document defines a comprehensible and easy to implement Keccak- based KEM combiner to join an arbitrary number of key shares, that is compatible with NIST SP 800-56Cr2 [SP800-56C] when viewed as a key derivation function. The combiners defined here are practical split- key PRFs and are CCA-secure as long as at least one of the ingredient KEMs is. sn3rd AWS AWS Cloudflare Kyber is a key-encapsulation mechanism (KEM). This document specifies algorithm identifiers and ASN.1 encoding format for Kyber in public key certificates. The encoding for public and private keys are also provided. [EDNOTE: This document is not expected to be finalized before the NIST PQC Project has standardized PQ algorithms. This specification will use object identifiers for the new algorithms that are assigned by NIST, and will use placeholders until these are released.] National Security Agency National Security Agency National Security Agency The advent of cryptographically relevant quantum computers (CRQC) will threaten the public key cryptography that is currently in use in today's secure internet protocol infrastructure. To address this, organizations such as the National Institute of Standards and Technology (NIST) will standardize new post-quantum cryptography (PQC) that is resistant to attacks by both classical and quantum computers. After PQC algorithms are standardized, the widespread implementation of this cryptography will be contingent upon adapting current protocols to accommodate PQC. Hybrid solutions are one way to facilitate the transition between traditional and PQ algorithms: they use both a traditional and a PQ algorithm in order to perform encryption or authentication, with the guarantee that the given security property will still hold in the case that one algorithm fails. Hybrid solutions can be constructed in many ways, and the cryptographic community has already begun to explore this space. This document introduces non-composite hybrid authentication, which requires updates at the protocol level and limits impact to the certificate-issuing infrastructure. Vigil Security, LLC Entrust DigiCert, Inc. The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms. In recent years, cryptographers have been specifying Key Encapsulation Mechanism (KEM) algorithms, including quantum-secure KEM algorithms. This document defines conventions for the use of KEM algorithms by the originator and recipients to encrypt CMS content.

Samples TBD

Implementation Considerations

FIPS certification One of the primary design goals of this specification is for the overall composite algorithm to be able to be considered FIPS-approved even when one of the component algorithms is not. The combiner presented in was chosen to align with for this reason. Implementors seeking FIPS certification of a composite KEM algorithm where only one of the component algorithms has been FIPS-validated or FIPS-approved should credit the FIPS-validated component algorithm with full security strength, the non-FIPS-validated component algorith with zero security, and the overall composite should be considered full strength and thus FIPS-approved. The authors wish to note that this gives composite algorithms great future utility both for future cryptographic migrations as well as bridging across jurisdictions; for example defining composite algorithms which combine FIPS cryptography with cryptography from a different national standards body.

Backwards Compatibility As noted in the introduction, the post-quantum cryptographic migration will face challenges in both ensuring cryptographic strength against adversaries of unknown capabilities, as well as providing ease of migration. The composite mechanisms defined in this document primarily address cryptographic strength, however this section contains notes on how backwards compatibility may be obtained. The term "ease of migration" is used here to mean that existing systems can be gracefully transitioned to the new technology without requiring large service disruptions or expensive upgrades. The term "backwards compatibility" is used here to mean something more specific; that existing systems as they are deployed today can interoperate with the upgraded systems of the future. These migration and interoperability concerns need to be thought about in the context of various types of protocols that make use of X.509 and PKIX with relation to key establishment and content encryption, from online negotiated protocols such as TLS 1.3 and IKEv2 , to non-negotiated asynchronous protocols such as S/MIME signed email , as well as myriad other standardized and proprietary protocols and applications that leverage CMS encrypted structures.

Parallel PKIs EDNOTE: remove this section? We present the term "Parallel PKI" to refer to the setup where a PKI end entity possesses two or more distinct public keys or certificates for the same identity (name), but containing keys for different cryptographic algorithms. One could imagine a set of parallel PKIs where an existing PKI using legacy algorithms (RSA, ECC) is left operational during the post-quantum migration but is shadowed by one or more parallel PKIs using pure post quantum algorithms or composite algorithms (legacy and post-quantum). Equipped with a set of parallel public keys in this way, a client would have the flexibility to choose which public key(s) or certificate(s) to use in a given signature operation. For negotiated protocols, the client could choose which public key(s) or certificate(s) to use based on the negotiated algorithms. For non-negotiated protocols, the details for obtaining backwards compatibility will vary by protocol, but for example in CMS . EDNOTE: I copied and pruned this text from I-D.ounsworth-pq-composite-sigs. It probably needs to be fleshed out more as we better understand the implementation concerns around composite encryption.

Intellectual Property Considerations The following IPR Disclosure relates to this draft: https://datatracker.ietf.org/ipr/3588/ EDNOTE TODO: Check with Max Pala whether this IPR actually applies to this draft.

Contributors and Acknowledgements This document incorporates contributions and comments from a large group of experts. The Editors would especially like to acknowledge the expertise and tireless dedication of the following people, who attended many long meetings and generated millions of bytes of electronic mail and VOIP traffic over the past year in pursuit of this document: Serge Mister (Entrust), Ali Noman (Entrust), Scott Fluhrer (Cisco), Jan Klaussner (D-Trust), Max Pala (CableLabs), and Douglas Stebila (University of Waterloo). We are grateful to all, including any contributors who may have been inadvertently omitted from this list. This document borrows text from similar documents, including those referenced below. Thanks go to the authors of those documents. "Copying always makes things easier and less error prone" - .