]> CryptoNext Security

16, Boulevard Saint-Germain Paris 75005 France julien.prat@cryptonext-security.com

Entrust Limited

2500 Solandt Road -- Suite 100 Ottawa, Ontario K2K 3G5 Canada mike.ounsworth@entrust.com

CryptoNext Security

16, Boulevard Saint-Germain Paris 75005 France daniel.vangeest.ietf@gmail.com

Security LAMPS Key Encapsulation Mechanism (KEM) KEMRecipientInfo ML-KEM Kyber The Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM) Algorithm is a one-pass (store-and-forward) cryptographic mechanism for an originator to securely send keying material to a recipient using the recipient's ML-KEM public key. Three parameters sets for the ML-KEM Algorithm are specified by NIST in [EDNOTE: Change to when it is published]. In order of increasing security strength (and decreasing performance), these parameter sets are ML-KEM-512, ML-KEM-768, and ML-KEM-1024. This document specifies the conventions for using ML-KEM with the Cryptographic Message Syntax (CMS) using KEMRecipientInfo as specified in . About This Document Status information for this document may be found at . Discussion of this document takes place on the Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction ML-KEM is an IND-CCA2-secure key-encapsulation mechanism (KEM) standardized in by the US NIST PQC Project . Native support for Key Encapsulation Mechanisms (KEMs) was added to CMS in , which defines the KEMRecipientInfo structure for the use of KEM algorithms for the CMS enveloped-data content type, the CMS authenticated-data content type, and the CMS authenticated-enveloped-data content type. This document specifies the direct use of ML-KEM in the KEMRecipientInfo structure in CMS using each of the three parameter sets from , namely MK-KEM-512, ML-KEM-768, and ML-KEM-1024. It does not address or preclude the use of ML-KEM as part of any hybrid scheme.

Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 when, and only when, they appear in all capitals, as shown here.

KEMs All KEM algorithms provides three functions: KeyGen(), Encapsulate(), and Decapsulate(): KeyGen() -> (pk, sk):

• Generate the public key (pk) and a private key (sk).

Encapsulate(pk) -> (ct, ss):

• Given the recipient's public key (pk), produce a ciphertext (ct) to be passed to the recipient and a shared secret (ss) for use by the originator.

Decapsulate(sk, ct) -> ss:

• Given the private key (sk) and the ciphertext (ct), produce the shared secret (ss) for the recipient.

The main security property for KEMs standardized in the NIST Post-Quantum Cryptography Standardization Project is indistinguishability under adaptive chosen ciphertext attacks (IND-CCA2), which means that shared secret values should be indistinguishable from random strings even given the ability to have arbitrary ciphertexts decapsulated. IND-CCA2 corresponds to security against an active attacker, and the public key / secret key pair can be treated as a long-term key or reused. A weaker security notion is indistinguishability under chosen plaintext attacks (IND-CPA), which means that the shared secret values should be indistinguishable from random strings given a copy of the public key. IND-CPA roughly corresponds to security against a passive attacker, and sometimes corresponds to one-time key exchange. IND-CCA2 is a desirable property of encryption mechanisms for CMS since encryption public keys are often long-term -- for example contained within X.509 certificates -- and certain uses of CMS could allow for the type of decryption oracle that forms the basis of an adaptive ciphertext attack.

ML-KEM ML-KEM is a lattice-based key encapsulation mechanism defined in . [EDNOTE: Not actually standardized yet, but will be by publication] ML-KEM is using Module Learning with Errors as its underlying primitive which is a structured lattices variant that offers good performance and relatively small and balanced key and ciphertext sizes. ML-KEM was standardized with three parameter sets: ML-KEM-512, ML-KEM-768, and ML-KEM-1024. These were mapped by NIST to the three security levels defined in the NIST PQC Project, Level 1, 3, and 5. These levels correspond to the hardness of breaking AES-128, AES-192 and AES-256 respectively. The KEM functions defined above correspond to the following functions in :

• KeyGen(): ML-KEM.KeyGen() from section 6.1.

• Encapsulate(): ML-KEM.Encaps() from section 6.2.

• Decapsulate(): ML-KEM.Decaps() from section 6.3.

All security levels of ML-KEM use SHA3-256, SHA3-512, SHAKE256, and SHAKE512 internally. This informs the choice of KDF within this document.

CMS KEMRecipientInfo Processing Summary Processing ML-KEM with KEMRecipientInfo follows the same steps as Section 2 of . To support the ML-KEM algorithm, the CMS originator MUST implement Encapsulate(). Given a content-encryption key CEK, the ML-KEM Algorithm processing by the originator to produce the values that are carried in the CMS KEMRecipientInfo can be summarized as:

• 1. Obtain the shared secret and ciphertext using the Encapsulate() function of the ML-KEM algorithm and the recipient's ML-KEM public key:

• 2. Derive a key-encryption key KEK from the shared secret:

• 3. Wrap the CEK with the KEK to obtain wrapped keying material WK:

• 4. The originator sends the ciphertext and WK to the recipient in the CMS KEMRecipientInfo structure.

To support the ML-KEM algorithm, the CMS recipient MUST implement Decapsulate(). The ML-KEM algorithm recipient processing of the values obtained from the KEMRecipientInfo structure can be summarized as:

• 1. Obtain the shared secret using the Decapsulate() function of the ML-KEM algorithm and the recipient's ML-KEM private key:

• 2. Derive a key-encryption key KEK from the shared secret:

• 3. Unwrap the WK with the KEK to obtain content-encryption key CEK:

Note that the KDF used to process the KEMRecipientInfo structure MAY be different from the KDF used in the ML-KEM algorithm.

Use of the ML-KEM Algorithm in CMS The ML-KEM Algorithm MAY be employed for one or more recipients in the CMS enveloped-data content type , the CMS authenticated-data content type , or the CMS authenticated-enveloped-data content type . In each case, the KEMRecipientInfo is used with with the ML-KEM Algorithm to securely transfer the content-encryption key from the originator to the recipient.

RecipientInfo Conventions When the ML-KEM Algorithm is employed for a recipient, the RecipientInfo alternative for that recipient MUST be OtherRecipientInfo using the KEMRecipientInfo structure as defined in . The fields of the KEMRecipientInfo MUST have the following values:

• version is the syntax version number; it MUST be 0.

• rid identifies the recipient's certificate or public key.

• kem identifies the KEM algorithm ; it MUST contain one of id-ML-KEM-512, id-ML-KEM-768, or id-ML-KEM-1024. These identifiers are reproduced in .

• kemct is the ciphertext produced for this recipient.

• kdf identifies the key-derivation algorithm. Note that the KDF used for CMS RecipientInfo process MAY be different than the KDF used within the ML-KEM Algorithm.

• kekLength is the size of the key-encryption key in octets.

• ukm is an optional random input to the key-derivation function. ML-KEM doesn't place any requirements on the ukm contents.

• wrap identifies a key wrapping algorithm used to encrypt the content-encryption key.

Underlying Components When ML-KEM is employed in CMS, the security levels of the different underlying components used within the KEMRecipientInfo structure should be consistent. [EDNOTE: if we get OIDs for KMAC-based KDFs, use those. If we don't, do we want to use KDF3 with SHA3 instead?] For ML-KEM-512, the following underlying components MUST be supported:

• KDF: id-alg-hkdf-with-sha3-256

• Key wrapping: id-aes128-wrap

For ML-KEM-768, the following underlying components MUST be supported:

• KDF: id-alg-hkdf-with-sha3-384

• Key wrapping: id-aes256-wrap

For ML-KEM-1024, the following underlying components MUST be supported:

• KDF: id-alg-hkdf-with-sha3-512

• Key wrapping: id-aes256-wrap

The above object identifiers are reproduced for convenience in . An implementation MAY also support other key-derivation functions and other key-encryption algorithms as well. If underlying components other than those specified above are used, then the following KDF requirements are in effect in addition to those asserted in :

• ML-KEM-512 SHOULD be used with a KDF capable of outputting a key with at least 128 bits of security and with a key wrapping algorithm with a key length of at least 128 bits.

• ML-KEM-768 SHOULD be used with a KDF capable of outputting a key with at least 192 bits of security and with a key wrapping algorithm with a key length of at least 192 bits.

• ML-KEM-1024 SHOULD be used with a KDF capable of outputting a key with at least 256 bits of security and with a key wrapping algorithm with a key length of at least 256 bits.

Certificate Conventions The conventions specified in this section augment . A recipient who employs the ML-KEM Algorithm with a certificate MUST identify the public key in the certificate using the id-ML-KEM-512, id-ML-KEM-768, or id-ML-KEM-1024 object identifiers following the conventions specified in and reproduced in . In particular, the key usage certificate extension MUST only contain keyEncipherment (Section 4.2.1.3 of ).

SMIME Capabilities Attribute Conventions Section 2.5.2 of defines the SMIMECapabilities attribute to announce a partial list of algorithms that an S/MIME implementation can support. When constructing a CMS signed-data content type , a compliant implementation MAY include the SMIMECapabilities attribute that announces support for one or more of the ML-KEM Algorithm identifiers. The SMIMECapability SEQUENCE representing the ML-KEM Algorithm MUST include one of the ML-KEM object identifiers in the capabilityID field. When the one of the ML-KEM object identifiers appears in the capabilityID field, the parameters MUST NOT be present.

Identifiers All identifiers used by ML-KEM in CMS are defined elsewhere but reproduced here for convenience:

Security Considerations [EDNOTE: many of the security considerations below apply to ML-KEM in general and are not specific to ML-KEM within CMS. As this document and draft-ietf-lamps-kyber-certificates approach WGLC, the two Security Consideration sections should be harmonized and duplicate text removed.] The Security Considerations section of applies to this specification as well. The ML-KEM variant and the underlying components need to be selected consistent with the desired security level. Several security levels have been identified in the NIST SP 800-57 Part 1 . To achieve 128-bit security, ML-KEM-512 SHOULD be used, the key-derivation function SHOULD make use of SHA3-256, and the symmetric key-encryption algorithm SHOULD be AES Key Wrap with a 128-bit key. To achieve 192-bit security, ML-KEM-768 SHOULD be used, the key-derivation function SHOULD make use of SHA3-384, and the symmetric key-encryption algorithm SHOULD be AES Key Wrap with a 192-bit key or larger. In this case AES Key Wrap with a 256-bit key is typically used because AES-192 is not as commonly deployed. To achieve 256-bit security, ML-KEM-1024 SHOULD be used, the key-derivation function SHOULD make use of SHA3-512, and the symmetric key-encryption algorithm SHOULD be AES Key Wrap with a 256-bit key. Provided all inputs are well-formed, the key establishment procedure of ML-KEM will never explicitly fail. Specifically, the ML-KEM.Encaps and ML-KEM.Decaps algorithms from will always output a value with the same data type as a shared secret key, and will never output an error or failure symbol. However, it is possible (though extremely unlikely) that the process will fail in the sense that ML-KEM.Encaps and ML-KEM.Decaps will produce different outputs, even though both of them are behaving honestly and no adversarial interference is present. In this case, the sender and recipient clearly did not succeed in producing a shared secret key. This event is called a decapsulation failure. Estimates for the decapsulation failure probability (or rate) for each of the ML-KEM parameter sets are provided in Table 1 [EDNOTE: make sure this doesn't change] of and reproduced here in . ML-KEM decapsulation failures rates

Parameter set	Decapsulation failure rate
ML-KEM-512	2^(-139)
ML-KEM-768	2^(-164)
ML-KEM-1024	2^(-174)

Implementations MUST protect the ML-KEM private key, the key-encryption key, the content-encryption key, message-authentication key, and the content-authenticated-encryption key. Disclosure of the ML-KEM private key could result in the compromise of all messages protected with that key. Disclosure of the key-encryption key, the content- encryption key, or the content-authenticated-encryption key could result in compromise of the associated encrypted content. Disclosure of the key-encryption key, the message-authentication key, or the content-authenticated-encryption key could allow modification of the associated authenticated content. Additional considerations related to key management may be found in . The security of the ML-KEM Algorithm depends on a quality random number generator. For further discussion on random number generation, see . ML-KEM encapsulation and decapsulation only outputs a shared secret and ciphertext. Implementations SHOULD NOT use intermediate values directly for any purpose. Implementations SHOULD NOT reveal information about intermediate values or calculations, whether by timing or other "side channels", otherwise an opponent may be able to determine information about the keying data and/or the recipient's private key. Although not all intermediate information may be useful to an opponent, it is preferable to conceal as much information as is practical, unless analysis specifically indicates that the information would not be useful to an opponent. Generally, good cryptographic practice employs a given ML-KEM key pair in only one scheme. This practice avoids the risk that vulnerability in one scheme may compromise the security of the other, and may be essential to maintain provable security. Parties MAY gain assurance that implementations are correct through formal implementation validation, such as the NIST Cryptographic Module Validation Program (CMVP) .

IANA Considerations None. Within the CMS, algorithms are identified by object identifiers (OIDs). All of the OIDs used in this document were assigned in other IETF documents, in ISO/IEC standards documents, by the National Institute of Standards and Technology (NIST).

Acknowledgements This document borrows heavily from , , and . Thanks go to the authors of those documents. "Copying always makes things easier and less error prone" - RFC8411. Thanks to Carl Wallace for the detailed review and interoperability testing.

References Normative References n.d. National Institute of Standards and Technology (NIST) Vigil Security, LLC Entrust DigiCert, Inc. The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms. In recent years, cryptographers have been specifying Key Encapsulation Mechanism (KEM) algorithms, including quantum-secure KEM algorithms. This document defines conventions for the use of KEM algorithms by the originator and recipients to encrypt and decrypt CMS content. This document updates RFC 5652. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK] This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK] This document describes an additional content type for the Cryptographic Message Syntax (CMS). The authenticated-enveloped-data content type is intended for use with authenticated encryption modes. All of the various key management techniques that are supported in the CMS enveloped-data content type are also supported by the CMS authenticated-enveloped-data content type. [STANDARDS-TRACK] American National Standards Institute Vigil Security, LLC This document describes the conventions for using the four one-way hash functions in the SHA3 family with the Cryptographic Message Syntax (CMS). This document specifies the conventions for using the Advanced Encryption Standard (AES) algorithm for encryption with the Cryptographic Message Syntax (CMS). [STANDARDS-TRACK] sn3rd AWS AWS Cloudflare Kyber is a key-encapsulation mechanism (KEM). This document specifies algorithm identifiers and ASN.1 encoding format for Kyber in public key certificates. The encoding for public and private keys are also provided. \ [EDNOTE: This document is not expected to be finalized before the NIST PQC Project has standardized PQ algorithms. This specification will use object identifiers for the new algorithms that are assigned by NIST, and will use placeholders until these are released. This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 5751. Informative References National Institute of Standards and Technology National Institute of Standards and Technology Information Technology Laboratory National Institute of Standards and Technology

US Gaithersburg

Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space. Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Vigil Security, LLC sn3rd The RSA Key Encapsulation Mechanism (RSA-KEM) Algorithm is a one-pass (store-and-forward) cryptographic mechanism for an originator to securely send keying material to a recipient using the recipient's RSA public key. The RSA-KEM Algorithm is specified in Clause 11.5 of ISO/IEC: 18033-2:2006. This document specifies the conventions for using the RSA-KEM Algorithm as a standalone KEM algorithm and the conventions for using the RSA-KEM Algorithm with the Cryptographic Message Syntax (CMS) using KEMRecipientInfo as specified in draft- ietf-lamps-cms-kemri. Amazon Web Services Amazon Web Services [EDNOTE: The intention of this draft is to get IANA KE codepoints for ML-KEM. It could be a standards track draft given that ML-KEM will see a lot of adoption, an AD sponsored draft, or even an individual stable draft which gets codepoints from Expert Review. The approach is to be decided by the IPSECME WG. ] NIST recently standardized ML-KEM, a new key encapsulation mechanism, which can be used for quantum-resistant key establishment. This draft specifies how to use ML-KEM as an additional key exchange in IKEv2 along with traditional key exchanges. This Post-Quantum Traditional Hybrid Key Encapsulation Mechanism approach allows for negotiating IKE and Child SA keys which are safe against cryptanalytically-relevant quantum computers and theoretical weaknesses in ML-KEM.

ASN.1 Module [EDNOTE: Do we need an ASN.1 module? We haven't defined any new ASN.1]

Examples

Revision History [EDNOTE: remove before publishing]

• draft-ietf-lamps-cms-kyber-02:
  • Rearrange and rewrite to align with rfc5990bis and I-D.ietf-lamps-cms-kemri
  • Move Revision History to end to avoid renumbering later
  • Add Security Considerations
• draft-ietf-lamps-cms-kyber-01:
  • Details of the KEMRecipientInfo content when using Kyber;
  • Editorial changes.
• draft-ietf-lamps-cms-kyber-00:
  • Use of KEMRecipientInfo to communicate algorithm info;
  • Editorial changes.