From 86b9c39dcecc715b0207dcb25af859652d7e0616 Mon Sep 17 00:00:00 2001 From: John Gray <55205977+johngray-dev@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:10:12 -0500 Subject: [PATCH] Update draft-ietf-lamps-pq-composite-sigs.md Updated prototype OIDs since we broke backwards compatibility --- draft-ietf-lamps-pq-composite-sigs.md | 112 +++++++++++++------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index 67d5b74..34050cc 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1049,20 +1049,20 @@ Pure Composite-ML-DSA Signature public key types: | Composite Signature AlgorithmID | OID | First AlgorithmID | Second AlgorithmID | | ----------- | ----------- | ----------- | ----------- | -| id-MLDSA44-RSA2048-PSS | <CompSig>.21 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | -| id-MLDSA44-RSA2048-PKCS15 | <CompSig>.22 | id-ML-DSA-44 | sha256WithRSAEncryption | -| id-MLDSA44-Ed25519 | <CompSig>.23 | id-ML-DSA-44 | id-Ed25519 | -| id-MLDSA44-ECDSA-P256 | <CompSig>.24 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | -| id-MLDSA65-RSA3072-PSS | <CompSig>.26 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | -| id-MLDSA65-RSA3072-PKCS15 | <CompSig>.27 | id-ML-DSA-65 | sha256WithRSAEncryption | -| id-MLDSA65-RSA4096-PSS | <CompSig>.34 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | -| id-MLDSA65-RSA4096-PKCS15 | <CompSig>.35 | id-ML-DSA-65 | sha384WithRSAEncryption | -| id-MLDSA65-ECDSA-P384 | <CompSig>.28 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | -| id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.29 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | -| id-MLDSA65-Ed25519 | <CompSig>.30 | id-ML-DSA-65 | id-Ed25519 | -| id-MLDSA87-ECDSA-P384 | <CompSig>.31 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | -| id-MLDSA87-ECDSA-brainpoolP384r1 | <CompSig>.32 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | -| id-MLDSA87-Ed448 | <CompSig>.33 | id-ML-DSA-87 | id-Ed448 | +| id-MLDSA44-RSA2048-PSS | <CompSig>.60 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | +| id-MLDSA44-RSA2048-PKCS15 | <CompSig>.61 | id-ML-DSA-44 | sha256WithRSAEncryption | +| id-MLDSA44-Ed25519 | <CompSig>.62 | id-ML-DSA-44 | id-Ed25519 | +| id-MLDSA44-ECDSA-P256 | <CompSig>.63 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | +| id-MLDSA65-RSA3072-PSS | <CompSig>.64 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | +| id-MLDSA65-RSA3072-PKCS15 | <CompSig>.65 | id-ML-DSA-65 | sha256WithRSAEncryption | +| id-MLDSA65-RSA4096-PSS | <CompSig>.66 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | +| id-MLDSA65-RSA4096-PKCS15 | <CompSig>.67 | id-ML-DSA-65 | sha384WithRSAEncryption | +| id-MLDSA65-ECDSA-P384 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | +| id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | +| id-MLDSA65-Ed25519 | <CompSig>.70 | id-ML-DSA-65 | id-Ed25519 | +| id-MLDSA87-ECDSA-P384 | <CompSig>.71 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | +| id-MLDSA87-ECDSA-brainpoolP384r1 | <CompSig>.72 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | +| id-MLDSA87-Ed448 | <CompSig>.73 | id-ML-DSA-87 | id-Ed448 | {: #tab-sig-algs title="Pure ML-DSA Composite Signature Algorithms"} See the ASN.1 module in section {{sec-asn1-module}} for the explicit definitions of the above Composite ML-DSA algorithms. @@ -1075,20 +1075,20 @@ HashComposite-ML-DSA Signature public key types: | Composite Signature AlgorithmID | OID | First AlgorithmID | Second AlgorithmID | Pre-Hash | | ----------- | ----------- | ----------- | ----------- | ----------- | -| id-HashMLDSA44-RSA2048-PSS-SHA256 | <CompSig>.40 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | id-sha256 | -| id-HashMLDSA44-RSA2048-PKCS15-SHA256 | <CompSig>.41 | id-ML-DSA-44 | sha256WithRSAEncryption | id-sha256 | -| id-HashMLDSA44-Ed25519-SHA512 | <CompSig>.42 | id-ML-DSA-44 | id-Ed25519 | id-sha512 | -| id-HashMLDSA44-ECDSA-P256-SHA256 | <CompSig>.43 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | id-sha256 | -| id-HashMLDSA65-RSA3072-PSS-SHA512 | <CompSig>.44 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | id-sha512 | -| id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.45 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.46 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | -| id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.47 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.48 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | -| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.49 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | -| id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.50 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | -| id-HashMLDSA87-ECDSA-P384-SHA512 | <CompSig>.51 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | id-sha512| -| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 | <CompSig>.52 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | id-sha512 | -| id-HashMLDSA87-Ed448-SHA512 | <CompSig>.53 | id-ML-DSA-87 | id-Ed448 | id-sha512 | +| id-HashMLDSA44-RSA2048-PSS-SHA256 | <CompSig>.74 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | id-sha256 | +| id-HashMLDSA44-RSA2048-PKCS15-SHA256 | <CompSig>.75 | id-ML-DSA-44 | sha256WithRSAEncryption | id-sha256 | +| id-HashMLDSA44-Ed25519-SHA512 | <CompSig>.76 | id-ML-DSA-44 | id-Ed25519 | id-sha512 | +| id-HashMLDSA44-ECDSA-P256-SHA256 | <CompSig>.77 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | id-sha256 | +| id-HashMLDSA65-RSA3072-PSS-SHA512 | <CompSig>.78 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | id-sha512 | +| id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | +| id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | +| id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | +| id-HashMLDSA87-ECDSA-P384-SHA512 | <CompSig>.85 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | id-sha512| +| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 | <CompSig>.86 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | id-sha512 | +| id-HashMLDSA87-Ed448-SHA512 | <CompSig>.87 | id-ML-DSA-87 | id-Ed448 | id-sha512 | {: #tab-hash-sig-algs title="Hash ML-DSA Composite Signature Algorithms"} @@ -1104,38 +1104,38 @@ As mentioned above, the OID input value is used as a domain separator for the Co | Composite Signature AlgorithmID | Domain Separator (in Hex encoding)| | ----------- | ----------- | -| id-MLDSA44-RSA2048-PSS | 060B6086480186FA6B50080115| -| id-MLDSA44-RSA2048-PKCS15 |060B6086480186FA6B50080116| -| id-MLDSA44-Ed25519 |060B6086480186FA6B50080117| -| id-MLDSA44-ECDSA-P256 |060B6086480186FA6B50080118| -| id-MLDSA65-RSA3072-PSS |060B6086480186FA6B5008011A| -| id-MLDSA65-RSA3072-PKCS15 |060B6086480186FA6B5008011B| -| id-MLDSA65-RSA4096-PSS |060B6086480186FA6B50080122| -| id-MLDSA65-RSA4096-PKCS15 |060B6086480186FA6B50080123| -| id-MLDSA65-ECDSA-P384 |060B6086480186FA6B5008011C| -| id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B5008011D| -| id-MLDSA65-Ed25519 |060B6086480186FA6B5008011E| -| id-MLDSA87-ECDSA-P384 |060B6086480186FA6B5008011F| -| id-MLDSA87-ECDSA-brainpoolP384r1 |060B6086480186FA6B50080120| -| id-MLDSA87-Ed448 |060B6086480186FA6B50080121| +| id-MLDSA44-RSA2048-PSS | 060B6086480186FA6B5008013C| +| id-MLDSA44-RSA2048-PKCS15 |060B6086480186FA6B5008013D| +| id-MLDSA44-Ed25519 |060B6086480186FA6B5008013E| +| id-MLDSA44-ECDSA-P256 |060B6086480186FA6B5008013F| +| id-MLDSA65-RSA3072-PSS |060B6086480186FA6B50080140| +| id-MLDSA65-RSA3072-PKCS15 |060B6086480186FA6B50080141| +| id-MLDSA65-RSA4096-PSS |060B6086480186FA6B50080142| +| id-MLDSA65-RSA4096-PKCS15 |060B6086480186FA6B50080143| +| id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080144| +| id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080145| +| id-MLDSA65-Ed25519 |060B6086480186FA6B50080146| +| id-MLDSA87-ECDSA-P384 |060B6086480186FA6B50080147| +| id-MLDSA87-ECDSA-brainpoolP384r1 |060B6086480186FA6B50080148| +| id-MLDSA87-Ed448 |060B6086480186FA6B50080149| {: #tab-sig-alg-oids title="Pure ML-DSA Composite Signature Domain Separators"} | Composite Signature AlgorithmID | Domain Separator (in Hex encoding)| | ----------- | ----------- | -| id-HashMLDSA44-RSA2048-PSS-SHA256 | 060B6086480186FA6B50080128| -| id-HashMLDSA44-RSA2048-PKCS15-SHA256 |060B6086480186FA6B50080129| -| id-HashMLDSA44-Ed25519-SHA512 |060B6086480186FA6B5008012A| -| id-HashMLDSA44-ECDSA-P256-SHA256 |060B6086480186FA6B5008012B| -| id-HashMLDSA65-RSA3072-PSS-SHA512 |060B6086480186FA6B5008012C| -| id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B5008012D| -| id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B5008012E| -| id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B5008012F| -| id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080130| -| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B50080131| -| id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B50080132| -| id-HashMLDSA87-ECDSA-P384-SHA512 |060B6086480186FA6B50080133| -| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 |060B6086480186FA6B50080134| -| id-HashMLDSA87-Ed448-SHA512 |060B6086480186FA6B50080135| +| id-HashMLDSA44-RSA2048-PSS-SHA256 | 060B6086480186FA6B5008014A| +| id-HashMLDSA44-RSA2048-PKCS15-SHA256 |060B6086480186FA6B5008014B| +| id-HashMLDSA44-Ed25519-SHA512 |060B6086480186FA6B5008014C| +| id-HashMLDSA44-ECDSA-P256-SHA256 |060B6086480186FA6B5008014D| +| id-HashMLDSA65-RSA3072-PSS-SHA512 |060B6086480186FA6B5008014E| +| id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B5008014F| +| id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080150| +| id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080151| +| id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080152| +| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B50080153| +| id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B50080154| +| id-HashMLDSA87-ECDSA-P384-SHA512 |060B6086480186FA6B50080155| +| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 |060B6086480186FA6B50080156| +| id-HashMLDSA87-Ed448-SHA512 |060B6086480186FA6B50080157| {: #tab-hash-sig-alg-oids title="Hash ML-DSA Composite Signature Domain Separators"} ## Rationale for choices