Internet X.509 Public Key Infrastructure: Algorithm Identifiers for SLH-DSA

Internet X.509 Public Key Infrastructure: Algorithm Identifiers for SLH-DSA BSI

kaveh.bashiri.ietf@gmail.com

Cisco Systems

sfluhrer@cisco.com

genua GmbH

ietf@gazdag.de

CryptoNext Security

daniel.vangeest@cryptonext-security.com

BSI

kousidis.ietf@gmail.com

sec LAMPS - Limited Additional Mechanisms for PKIX and SMIME SLH-DSA SPHINCS+ PQ Signatures post-quantum X.509 Digital signatures are used within X.509 certificates, Certificate Revocation Lists (CRLs), and to sign messages. This document describes the conventions for using the Stateless Hash-Based Digital Signature Standard (SLH-DSA) in Internet X.509 certificates and certificate revocation lists. The conventions for the associated signatures, subject public keys, and private key are also described. [EDNOTE: This draft is not expected to be finalized before the NIST PQC Project has standardized FIPS 205 Stateless Hash-Based Digital Signature Standard. The current FIPS draft was published August 24, 2023 for public review. Final versions are expected by April 2024. This specification will use object identifiers for the new algorithms that are assigned by NIST, and will use placeholders until these are released.] About This Document Status information for this document may be found at . Discussion of this document takes place on the LAMPS Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction Stateless Hash-Based Digital Signatures (SLH-DSA) is a quantum-resistant digital signature scheme standardized in [EDNOTE: until officially published] by the US National Institute of Standards and Technology (NIST) PQC project . This document specifies the use of the SLH-DSA algorithm in Public Key Infrastructure X.509 (PKIX) certificates and Certificate Revocation Lists (CRLs). SLH-DSA offers three security levels. The parameters for each of the security levels were chosen to provide 128 bits of security, 192 bits of security, and 256 bits of security. A separate algorithm identifier has been assigned for SLH-DSA at each of these security levels. [EDNOTE: TODO: sha2 vs shake, fast vs small] This specification includes conventions for the signatureAlgorithm, signatureValue, signature, and subjectPublicKeyInfo fields within Internet X.509 certificates and CRLs , like did for classic cryptography and did for elliptic curve cryptography. It describes the encoding of digital signatures and public keys generated with quantum-resistant signature algorithm SLH-DSA.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Algorithm Identifiers This specification uses placeholders for object identifiers until the identifiers for the new algorithms are assigned by NIST. The AlgorithmIdentifier type, which is included herein for convenience, is defined as follows: The fields in AlgorithmIdentifier have the following meanings:

algorithm identifies the cryptographic algorithm with an object identifier.
parameters, which are optional, are the associated parameters for the algorithm identifier in the algorithm field.

The OIDs are: The contents of the parameters component for each algorithm are absent.

SLH-DSA Signatures in PKIX SLH-DSA is a digital signature scheme built upon hash functions. The security of SLH-DSA relies on the presumed diffculty of finding preimages for hash functions as well as several related properties of the same hash functions. Signatures are used in a number of different ASN.1 structures. As shown in the ASN.1 representation from below, in an X.509 certificate, a signature is encoded with an algorithm identifier in the signatureAlgorithm attribute and a signatureValue attribute that contains the actual signature. Signatures are also used in the CRL list ASN.1 representation from below. In a X.509 CRL, a signature is encoded with an algorithm identifier in the signatureAlgorithm attribute and a signatureValue attribute that contains the actual signature. The identifiers defined in can be used as the AlgorithmIdentifier in the signatureAlgorithm field in the sequence Certificate/CertificateList and the signature field in the sequence TBSCertificate/TBSCertList in certificates CRLs, respectively, . The parameters of these signature algorithms are absent, as explained in . The signatureValue field contains the corresponding SLH-DSA signature computed upon the ASN.1 DER encoded tbsCertificate . Conforming Certification Authority (CA) implementations MUST specify the algorithms explicitly by using the OIDs specified in when encoding SLH-DSA signatures in certificates and CRLs. Conforming client implementations that process certificates and CRLs using SLH-DSA MUST recognize the corresponding OIDs. Encoding rules for SLH-DSA signature values are specified . When any of the id-alg-slh-dsa-* identifiers appear in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, the id-alg-slh-dsa-* OID.

SLH-DSA Public Keys in PKIX In the X.509 certificate, the subjectPublicKeyInfo field has the SubjectPublicKeyInfo type, which has the following ASN.1 syntax: The fields in SubjectPublicKeyInfo have the following meanings:

algorithm is the algorithm identifier and parameters for the public key (see above).
subjectPublicKey contains the byte stream of the public key.

The SLH--DSA public key MUST be encoded using the ASN.1 type SLH-DSA-PublicKey: where SLH-DSA-PublicKey is a concatenation of the PK.seed and PK.root values as defined in Section 9.1 of . These parameters MUST be encoded as a single OCTET STRING. The size required to hold a SLH-DSA-PublicKey public key element is therefore 2*n bytes, where n is 16, 24, or 32, depending on the parameter set. The id-alg-slh-dsa-* identifiers defined in MUST be used as the algorithm field in the SubjectPublicKeyInfo sequence to identify a SLH-DSA public key. The SLH-DSA public key (a concatenation of seed and root that is an OCTET STRING) is mapped to a subjectPublicKey (a value of type BIT STRING) as follows: the most significant bit of the OCTET STRING value becomes the most significant bit of the BIT STRING value, and so on; the least significant bit of the OCTET STRING becomes the least significant bit of the BIT STRING. The following is an example of a [TODO: pick an OID] public key encoded using the textual encoding defined in . Conforming CA implementations MUST specify the X.509 public key algorithm explicitly by using the OIDs specified in when using SLH-DSA public keys in certificates and CRLs. Conforming client implementations that process SLH-DSA public keys when processing certificates and CRLs MUST recognize the corresponding OIDs.

Key Usage Bits The intended application for the key is indicated in the keyUsage certificate extension; see Section 4.2.1.3 of . If the keyUsage extension is present in a certificate that indicates an id-alg-slh-dsa-* identifier in the SubjectPublicKeyInfo, then the at least one of following MUST be present: Requirements about the keyUsage extension bits defined in still apply.

SLH-DSA Private Keys "Asymmetric Key Packages" describes how to encode a private key in a structure that both identifies what algorithm the private key is for and allows for the public key and additional attributes about the key to be included as well. For illustration, the ASN.1 structure OneAsymmetricKey is replicated below. The algorithm-specific details of how a private key is encoded are left for the document describing the algorithm itself. An SLH-DSA private key consists of the concatenation of 4 n-byte elements, SK.seed, SK.prf, PK.seed and PK.root as defined in Section 9.1 of . The size required to hold an SLH-DSA-PrivateKey private key is therefore 4*n bytes, where n is 16, 24, or 32, depending on the parameter set. For the keys defined in this document, the private key is always an opaque byte sequence. The ASN.1 type SLH-DSA-PrivateKey is defined in this document to hold the byte sequence. Thus, when encoding a OneAsymmetricKey object, the private key is wrapped in a SLH-DSA-PrivateKey object and wrapped by the OCTET STRING of the "privateKey" field. [EDNOTE: the above paragraph is from RFC8410, and it reads to me like there's a double wrapping, i.e. OCTET STRING { OCTET STRING { private key bytes} }, however that's not the case. Am I reading it wrong, or is the text unclear?] To encode an SLH-DSA private key, the "privateKey" field will hold the encoded private key. The "privateKeyAlgorithm" field uses the AlgorithmIdentifier structure. The structure is encoded as defined above. If present, the "publicKey" field will hold the encoded key as defined in . The following is an example of a private key encoded using the textual encoding defined in . NOTE: There exist some private key import functions that have not picked up the new ASN.1 structure OneAsymmetricKey that is defined in . This means that they will not accept a private key structure that contains the public key field. This means a balancing act needs to be done between being able to do a consistency check on the key pair and widest ability to import the key.

ASN.1 Module TODO: This is mostly copied from draft-ietf-lamps-cms-sphincs-plus; coordinate with those authors what goes in which draft. TODO: Also do the proper module stuff. Again this is just here until we figure out how to do it right.

Security Considerations The security considerations of applies accordingly. TODO Security

IANA Considerations TODO

References Normative References TBD n.d. Stateless Hash-Based Digital Signature Standard National Institute of Standards and Technology (NIST) Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK] Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Textual Encodings of PKIX, PKCS, and CMS Structures This document describes and discusses the textual encodings of the Public-Key Infrastructure X.509 (PKIX), Public-Key Cryptography Standards (PKCS), and Cryptographic Message Syntax (CMS). The textual encodings are well-known, are implemented by several applications and libraries, and are widely deployed. This document articulates the de facto rules by which existing implementations operate and defines them so that future implementations can interoperate. Asymmetric Key Packages This document defines the syntax for private-key information and a content type for it. Private-key information includes a private key for a specified public-key algorithm and a set of attributes. The Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be used to digitally sign, digest, authenticate, or encrypt the asymmetric key format content type. This document obsoletes RFC 5208. [STANDARDS-TRACK] Elliptic Curves for Security This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties. Informative References Post-Quantum Cryptography Project National Institute of Standards and Technology Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile This document specifies algorithm identifiers and ASN.1 encoding formats for digital signatures and subject public keys used in the Internet X.509 Public Key Infrastructure (PKI). Digital signatures are used to sign certificates and certificate revocation list (CRLs). Certificates include the public key of the named subject. [STANDARDS-TRACK] Elliptic Curve Cryptography Subject Public Key Information This document specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography. This document updates Sections 2.3.5 and 5, and the ASN.1 module of "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279. [STANDARDS-TRACK] Internet X.509 Public Key Infrastructure: Algorithm Identifiers for ML-DSA AWS AWS sn3rd Cloudflare Digital signatures are used within X.509 certificates, Certificate Revocation Lists (CRLs), and to sign messages. This document describes the conventions for using the Module-Lattice-Based Digital Signatures (ML-DSA) in Internet X.509 certificates and certificate revocation lists. The conventions for the associated signatures, subject public keys, and private key are also described. Use of the SLH-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS) Vigil Security, LLC Cisco Systems Amazon Web Services Cloudflare SLH-DSA is a stateless hash-based signature scheme. This document specifies the conventions for using the SLH-DSA signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. IANA Registration for the Cryptographic Algorithm Object Identifier Range When the Curdle Security Working Group was chartered, a range of object identifiers was donated by DigiCert, Inc. for the purpose of registering the Edwards Elliptic Curve key agreement and signature algorithms. This donated set of OIDs allowed for shorter values than would be possible using the existing S/MIME or PKIX arcs. This document describes the donated range and the identifiers that were assigned from that range, transfers control of that range to IANA, and establishes IANA allocation policies for any future assignments within that range.

Security Strengths Instead of defining the strength of a quantum algorithm in a traditional manner using precise estimates of the number of bits of security, NIST has instead elected to define a collection of broad security strength categories. Each category is defined by a comparatively easy-to-analyze reference primitive that cover a range of security strengths offered by existing NIST standards in symmetric cryptography, which NIST expects to offer significant resistance to quantum cryptanalysis. These categories describe any attack that breaks the relevant security definition that must require computational resources comparable to or greater than those required for: Level 1 - key search on a block cipher with a 128-bit key (e.g., AES128), Level 2 - collision search on a 256-bit hash function (e.g., SHA256/ SHA3-256), Level 3 - key search on a block cipher with a 192-bit key (e.g., AES192), Level 4 - collision search on a 384-bit hash function (e.g. SHA384/SHA3-384), Level 5 - key search on a block cipher with a 256-bit key (e.g., AES 256). The parameter sets defined for NIST security levels 1, 3 and 5 are listed in , along with the resulting signature size, public key, and private key sizes in bytes. SLH-DSA security strengths

OID	NIST Level	Sig. (B)	Public Key (B)	Private Key (B)
id-alg-slh-dsa-128s-shake	1	TODO	TODO	TODO
id-alg-slh-dsa-128f-shake	1	TODO	TODO	TODO
id-alg-slh-dsa-128s-sha2	1	TODO	TODO	TODO
id-alg-slh-dsa-128f-sha2	1	TODO	TODO	TODO
id-alg-slh-dsa-192s-shake	3	TODO	TODO	TODO
id-alg-slh-dsa-192f-shake	3	TODO	TODO	TODO
id-alg-slh-dsa-256s-shake	5	TODO	TODO	TODO
id-alg-slh-dsa-256f-shake	5	TODO	TODO	TODO

Acknowledgments Much of the structure and text of this document is based on . The remainder comes from . Thanks to those authors, and the ones they based their work on, for making our work earier. "Copying always makes things easier and less error prone" - . TODO: Hopefully others will help out. They will be acknowledged here. And if you've read this far...