From bec55381ffb36e47fc8b3c0c21f95700baf83b07 Mon Sep 17 00:00:00 2001 From: Mike Ounsworth Date: Sun, 5 Jan 2025 14:08:52 +1000 Subject: [PATCH 1/7] Added a P256 variant --- Composite-MLDSA-2024.asn | 35 +++++++++++++++- draft-ietf-lamps-pq-composite-sigs.md | 59 +++++++++++++++++---------- 2 files changed, 71 insertions(+), 23 deletions(-) diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn index d42ac42..b57b18a 100644 --- a/Composite-MLDSA-2024.asn +++ b/Composite-MLDSA-2024.asn @@ -253,6 +253,21 @@ sa-MLDSA65-Ed25519 SIGNATURE-ALGORITHM ::= pk-MLDSA65-Ed25519 } +-- TODO: OID to be replaced by IANA +id-MLDSA87-ECDSA-P256 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) 71 } + +pk-MLDSA87-ECDSA-P256 PUBLIC-KEY ::= + pk-CompositeSignature{ id-MLDSA87-ECDSA-P384, + CompositeMLDSAPublicKey} + +sa-MLDSA87-ECDSA-P256 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-MLDSA87-ECDSA-P256, + pk-MLDSA87-ECDSA-P256 } + + -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) @@ -417,6 +432,24 @@ sa-HashMLDSA65-RSA4096-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= id-HashMLDSA65-RSA4096-PKCS15-SHA512, pk-HashMLDSA65-RSA4096-PKCS15-SHA512 } + +-- TODO: OID to be replaced by IANA +id-HashMLDSA65-ECDSA-P256-SHA512 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) 82 } + +pk-HashMLDSA65-ECDSA-P256-SHA512 PUBLIC-KEY ::= + pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P256-SHA512, + CompositeMLDSAPublicKey} + +sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-HashMLDSA65-ECDSA-P256-SHA512, + pk-HashMLDSA65-ECDSA-P256-SHA512 } + + + + -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) @@ -426,7 +459,7 @@ pk-HashMLDSA65-ECDSA-P384-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, CompositeMLDSAPublicKey} -sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= +sa-HashMLDSA65-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= sa-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, pk-HashMLDSA65-ECDSA-P384-SHA512 } diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index 9f2e276..2cfb91d 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1057,6 +1057,7 @@ Pure Composite-ML-DSA Signature public key types: | id-MLDSA65-RSA3072-PKCS15 | <CompSig>.65 | id-ML-DSA-65 | sha256WithRSAEncryption | | id-MLDSA65-RSA4096-PSS | <CompSig>.66 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | | id-MLDSA65-RSA4096-PKCS15 | <CompSig>.67 | id-ML-DSA-65 | sha384WithRSAEncryption | +| id-MLDSA65-ECDSA-P256 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | | id-MLDSA65-ECDSA-P384 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | | id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | | id-MLDSA65-Ed25519 | <CompSig>.70 | id-ML-DSA-65 | id-Ed25519 | @@ -1083,6 +1084,7 @@ HashComposite-ML-DSA Signature public key types: | id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | | id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | | id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | | id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | | id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | | id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | @@ -1112,6 +1114,7 @@ As mentioned above, the OID input value is used as a domain separator for the Co | id-MLDSA65-RSA3072-PKCS15 |060B6086480186FA6B50080141| | id-MLDSA65-RSA4096-PSS |060B6086480186FA6B50080142| | id-MLDSA65-RSA4096-PKCS15 |060B6086480186FA6B50080143| +| id-MLDSA65-ECDSA-P256 |XXXXXX| | id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080144| | id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080145| | id-MLDSA65-Ed25519 |060B6086480186FA6B50080146| @@ -1130,6 +1133,7 @@ As mentioned above, the OID input value is used as a domain separator for the Co | id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B5008014F| | id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080150| | id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080151| +| id-HashMLDSA65-ECDSA-P256-SHA512 |XXXXXXXX| | id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080152| | id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B50080153| | id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B50080154| @@ -1237,6 +1241,7 @@ A compliant implementation MUST support the following algorithms for the SignerI | id-MLDSA65-RSA3072-PKCS15 | SHA512 | | id-MLDSA65-RSA4096-PSS | SHA512 | | id-MLDSA65-RSA4096-PKCS15 | SHA512 | +| id-MLDSA65-ECDSA-P256 | SHA512 | | id-MLDSA65-ECDSA-P384 | SHA512 | | id-MLDSA65-ECDSA-brainpoolP256r1 | SHA512 | | id-MLDSA65-Ed25519 | SHA512 | @@ -1329,14 +1334,14 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ ### Object Identifier Registrations - SMI Security for PKIX Algorithms -- id-MLDSA44-RSA2048-PSS-SHA256 +- id-MLDSA44-RSA2048-PSS - Decimal: IANA Assigned - - Description: id-MLDSA44-RSA2048-PSS-SHA256 + - Description: id-MLDSA44-RSA2048-PSS - References: This Document -- id-MLDSA44-RSA2048-PKCS15-SHA256 +- id-MLDSA44-RSA2048-PKCS15 - Decimal: IANA Assigned - - Description: id-MLDSA44-RSA2048-PKCS15-SHA256 + - Description: id-MLDSA44-RSA2048-PKCS15 - References: This Document - id-MLDSA44-Ed25519 @@ -1344,39 +1349,44 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-MLDSA44-Ed25519 - References: This Document -- id-MLDSA44-ECDSA-P256-SHA256 +- id-MLDSA44-ECDSA-P256 - Decimal: IANA Assigned - - Description: id-MLDSA44-ECDSA-P256-SHA256 + - Description: id-MLDSA44-ECDSA-P256 - References: This Document -- id-MLDSA65-RSA3072-PSS-SHA512 +- id-MLDSA65-RSA3072-PSS - Decimal: IANA Assigned - - Description: id-MLDSA65-RSA3072-PSS-SHA512 + - Description: id-MLDSA65-RSA3072-PSS - References: This Document -- id-MLDSA65-RSA3072-PKCS15-SHA512 +- id-MLDSA65-RSA3072-PKCS15 - Decimal: IANA Assigned - - Description: id-MLDSA65-RSA3072-PKCS15-SHA512 + - Description: id-MLDSA65-RSA3072-PKCS15 - References: This Document -- id-MLDSA65-RSA4096-PSS-SHA512 +- id-MLDSA65-RSA4096-PSS - Decimal: IANA Assigned - - Description: id-MLDSA65-RSA4096-PSS-SHA512 + - Description: id-MLDSA65-RSA4096-PSS - References: This Document -- id-MLDSA65-RSA4096-PKCS15-SHA512 +- id-MLDSA65-RSA4096-PKCS15 - Decimal: IANA Assigned - - Description: id-MLDSA65-RSA4096-PKCS15-SHA512 + - Description: id-MLDSA65-RSA4096-PKCS15 - References: This Document -- id-MLDSA65-ECDSA-P384-SHA512 +- id-MLDSA65-ECDSA-P256 - Decimal: IANA Assigned - - Description: id-MLDSA65-ECDSA-P384-SHA512 + - Description: id-MLDSA65-ECDSA-P256 - References: This Document -- id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 +- id-MLDSA65-ECDSA-P384 - Decimal: IANA Assigned - - Description: id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 + - Description: id-MLDSA65-ECDSA-P384 + - References: This Document + +- id-MLDSA65-ECDSA-brainpoolP256r1 + - Decimal: IANA Assigned + - Description: id-MLDSA65-ECDSA-brainpoolP256r1 - References: This Document - id-MLDSA65-Ed25519 @@ -1384,14 +1394,14 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-MLDSA65-Ed25519 - References: This Document -- id-MLDSA87-ECDSA-P384-SHA512 +- id-MLDSA87-ECDSA-P384 - Decimal: IANA Assigned - - Description: id-MLDSA87-ECDSA-P384-SHA512 + - Description: id-MLDSA87-ECDSA-P384 - References: This Document -- id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 +- id-MLDSA87-ECDSA-brainpoolP384r1 - Decimal: IANA Assigned - - Description: id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 + - Description: id-MLDSA87-ECDSA-brainpoolP384r1 - References: This Document - id-MLDSA87-Ed448 @@ -1439,6 +1449,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-HashMLDSA65-RSA4096-PKCS15-SHA512 - References: This Document +- id-HashMLDSA65-ECDSA-P256-SHA512 + - Decimal: IANA Assigned + - Description: id-HashMLDSA65-ECDSA-P256-SHA512 + - References: This Document + - id-HashMLDSA65-ECDSA-P384-SHA512 - Decimal: IANA Assigned - Description: id-HashMLDSA65-ECDSA-P384-SHA512 From 304a347098f486e621127026a55ad6d2104b11c8 Mon Sep 17 00:00:00 2001 From: Mike Ounsworth Date: Tue, 7 Jan 2025 09:49:25 +1000 Subject: [PATCH 2/7] typos. Thanks Ilari --- .gitignore | 1 + Composite-MLDSA-2024.asn | 34 +++++++++++++-------------- draft-ietf-lamps-pq-composite-sigs.md | 20 ++++++++-------- 3 files changed, 28 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index 0dd18cd..72a59ae 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ *.html *~ lib/ +.includes.mk diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn index b57b18a..08577f4 100644 --- a/Composite-MLDSA-2024.asn +++ b/Composite-MLDSA-2024.asn @@ -208,6 +208,22 @@ sa-MLDSA65-RSA4096-PKCS15 SIGNATURE-ALGORITHM ::= id-MLDSA65-RSA4096-PKCS15, pk-MLDSA65-RSA4096-PKCS15 } + +-- TODO: OID to be replaced by IANA +id-MLDSA65-ECDSA-P256 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) XXXX } + +pk-MLDSA65-ECDSA-P256 PUBLIC-KEY ::= + pk-CompositeSignature{ id-MLDSA65-ECDSA-P256, + CompositeMLDSAPublicKey} + +sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-MLDSA65-ECDSA-P256, + pk-MLDSA65-ECDSA-P256 } + + -- TODO: OID to be replaced by IANA id-MLDSA65-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) @@ -217,7 +233,7 @@ pk-MLDSA65-ECDSA-P384 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-P384, CompositeMLDSAPublicKey} -sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= +sa-MLDSA65-ECDSA-P384 SIGNATURE-ALGORITHM ::= sa-CompositeSignature{ id-MLDSA65-ECDSA-P384, pk-MLDSA65-ECDSA-P384 } @@ -252,22 +268,6 @@ sa-MLDSA65-Ed25519 SIGNATURE-ALGORITHM ::= id-MLDSA65-Ed25519, pk-MLDSA65-Ed25519 } - --- TODO: OID to be replaced by IANA -id-MLDSA87-ECDSA-P256 OBJECT IDENTIFIER ::= { - joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 71 } - -pk-MLDSA87-ECDSA-P256 PUBLIC-KEY ::= - pk-CompositeSignature{ id-MLDSA87-ECDSA-P384, - CompositeMLDSAPublicKey} - -sa-MLDSA87-ECDSA-P256 SIGNATURE-ALGORITHM ::= - sa-CompositeSignature{ - id-MLDSA87-ECDSA-P256, - pk-MLDSA87-ECDSA-P256 } - - -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index 2cfb91d..7ab73bf 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1084,7 +1084,7 @@ HashComposite-ML-DSA Signature public key types: | id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | | id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | | id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-P256-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | | id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | | id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | | id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | @@ -1233,21 +1233,21 @@ A compliant implementation MUST support the following algorithms for the SignerI | Composite Signature AlgorithmID | digestAlgorithm | | ----------- | ----------- | -| id-MLDSA44-RSA2048-PSS | SHA256 | -| id-MLDSA44-RSA2048-PKCS15 | SHA256 | -| id-MLDSA44-Ed25519 | SHA512 | -| id-MLDSA44-ECDSA-P256 | SHA256 | +| id-MLDSA44-RSA2048-PSS | SHA256 | +| id-MLDSA44-RSA2048-PKCS15 | SHA256 | +| id-MLDSA44-Ed25519 | SHA512 | +| id-MLDSA44-ECDSA-P256 | SHA256 | | id-MLDSA65-RSA3072-PSS | SHA512 | -| id-MLDSA65-RSA3072-PKCS15 | SHA512 | +| id-MLDSA65-RSA3072-PKCS15 | SHA512 | | id-MLDSA65-RSA4096-PSS | SHA512 | | id-MLDSA65-RSA4096-PKCS15 | SHA512 | | id-MLDSA65-ECDSA-P256 | SHA512 | | id-MLDSA65-ECDSA-P384 | SHA512 | | id-MLDSA65-ECDSA-brainpoolP256r1 | SHA512 | -| id-MLDSA65-Ed25519 | SHA512 | -| id-MLDSA87-ECDSA-P384 | SHA512| -| id-MLDSA87-ECDSA-brainpoolP384r1 | SHA512 | -| id-MLDSA87-Ed448 | SHA512 | +| id-MLDSA65-Ed25519 | SHA512 | +| id-MLDSA87-ECDSA-P384 | SHA512 | +| id-MLDSA87-ECDSA-brainpoolP384r1 | SHA512 | +| id-MLDSA87-Ed448 | SHA512 | {: #tab-cms-shas title="Recommended Composite Signature Digest Algorithms"} where: From e6593082bc08d6b7b3cb88efc42a9fc5cbaaec2f Mon Sep 17 00:00:00 2001 From: Mike Ounsworth Date: Sun, 5 Jan 2025 14:08:52 +1000 Subject: [PATCH 3/7] Added a P256 variant --- Composite-MLDSA-2024.asn | 35 ++++++++++++++++++++++++++- draft-ietf-lamps-pq-composite-sigs.md | 15 ++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn index d42ac42..b57b18a 100644 --- a/Composite-MLDSA-2024.asn +++ b/Composite-MLDSA-2024.asn @@ -253,6 +253,21 @@ sa-MLDSA65-Ed25519 SIGNATURE-ALGORITHM ::= pk-MLDSA65-Ed25519 } +-- TODO: OID to be replaced by IANA +id-MLDSA87-ECDSA-P256 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) 71 } + +pk-MLDSA87-ECDSA-P256 PUBLIC-KEY ::= + pk-CompositeSignature{ id-MLDSA87-ECDSA-P384, + CompositeMLDSAPublicKey} + +sa-MLDSA87-ECDSA-P256 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-MLDSA87-ECDSA-P256, + pk-MLDSA87-ECDSA-P256 } + + -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) @@ -417,6 +432,24 @@ sa-HashMLDSA65-RSA4096-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= id-HashMLDSA65-RSA4096-PKCS15-SHA512, pk-HashMLDSA65-RSA4096-PKCS15-SHA512 } + +-- TODO: OID to be replaced by IANA +id-HashMLDSA65-ECDSA-P256-SHA512 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) 82 } + +pk-HashMLDSA65-ECDSA-P256-SHA512 PUBLIC-KEY ::= + pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P256-SHA512, + CompositeMLDSAPublicKey} + +sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-HashMLDSA65-ECDSA-P256-SHA512, + pk-HashMLDSA65-ECDSA-P256-SHA512 } + + + + -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) @@ -426,7 +459,7 @@ pk-HashMLDSA65-ECDSA-P384-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, CompositeMLDSAPublicKey} -sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= +sa-HashMLDSA65-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= sa-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, pk-HashMLDSA65-ECDSA-P384-SHA512 } diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index d326ca3..6cddfe1 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1057,6 +1057,7 @@ Pure Composite-ML-DSA Signature public key types: | id-MLDSA65-RSA3072-PKCS15 | <CompSig>.65 | id-ML-DSA-65 | sha256WithRSAEncryption | | id-MLDSA65-RSA4096-PSS | <CompSig>.66 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | | id-MLDSA65-RSA4096-PKCS15 | <CompSig>.67 | id-ML-DSA-65 | sha384WithRSAEncryption | +| id-MLDSA65-ECDSA-P256 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | | id-MLDSA65-ECDSA-P384 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | | id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | | id-MLDSA65-Ed25519 | <CompSig>.70 | id-ML-DSA-65 | id-Ed25519 | @@ -1083,6 +1084,7 @@ HashComposite-ML-DSA Signature public key types: | id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | | id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | | id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | | id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | | id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | | id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | @@ -1112,6 +1114,7 @@ As mentioned above, the OID input value is used as a domain separator for the Co | id-MLDSA65-RSA3072-PKCS15 |060B6086480186FA6B50080141| | id-MLDSA65-RSA4096-PSS |060B6086480186FA6B50080142| | id-MLDSA65-RSA4096-PKCS15 |060B6086480186FA6B50080143| +| id-MLDSA65-ECDSA-P256 |XXXXXX| | id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080144| | id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080145| | id-MLDSA65-Ed25519 |060B6086480186FA6B50080146| @@ -1130,6 +1133,7 @@ As mentioned above, the OID input value is used as a domain separator for the Co | id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B5008014F| | id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080150| | id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080151| +| id-HashMLDSA65-ECDSA-P256-SHA512 |XXXXXXXX| | id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080152| | id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B50080153| | id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B50080154| @@ -1239,6 +1243,7 @@ A compliant implementation MUST support the following algorithms for the SignerI | id-MLDSA65-RSA3072-PKCS15 | SHA512 | | id-MLDSA65-RSA4096-PSS | SHA512 | | id-MLDSA65-RSA4096-PKCS15 | SHA512 | +| id-MLDSA65-ECDSA-P256 | SHA512 | | id-MLDSA65-ECDSA-P384 | SHA512 | | id-MLDSA65-ECDSA-brainpoolP256r1 | SHA512 | | id-MLDSA65-Ed25519 | SHA512 | @@ -1373,6 +1378,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-MLDSA65-RSA4096-PKCS15 - References: This Document +- id-MLDSA65-ECDSA-P256 + - Decimal: IANA Assigned + - Description: id-MLDSA65-ECDSA-P256 + - References: This Document + - id-MLDSA65-ECDSA-P384 - Decimal: IANA Assigned - Description: id-MLDSA65-ECDSA-P384 @@ -1443,6 +1453,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-HashMLDSA65-RSA4096-PKCS15-SHA512 - References: This Document +- id-HashMLDSA65-ECDSA-P256-SHA512 + - Decimal: IANA Assigned + - Description: id-HashMLDSA65-ECDSA-P256-SHA512 + - References: This Document + - id-HashMLDSA65-ECDSA-P384-SHA512 - Decimal: IANA Assigned - Description: id-HashMLDSA65-ECDSA-P384-SHA512 From cf867fba412fe8b12ff05065ecb70f4664ecf7ec Mon Sep 17 00:00:00 2001 From: Mike Ounsworth Date: Tue, 7 Jan 2025 09:49:25 +1000 Subject: [PATCH 4/7] typos. Thanks Ilari --- .gitignore | 1 + Composite-MLDSA-2024.asn | 34 +++++++++++++-------------- draft-ietf-lamps-pq-composite-sigs.md | 20 ++++++++-------- 3 files changed, 28 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index 0dd18cd..72a59ae 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ *.html *~ lib/ +.includes.mk diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn index b57b18a..08577f4 100644 --- a/Composite-MLDSA-2024.asn +++ b/Composite-MLDSA-2024.asn @@ -208,6 +208,22 @@ sa-MLDSA65-RSA4096-PKCS15 SIGNATURE-ALGORITHM ::= id-MLDSA65-RSA4096-PKCS15, pk-MLDSA65-RSA4096-PKCS15 } + +-- TODO: OID to be replaced by IANA +id-MLDSA65-ECDSA-P256 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) XXXX } + +pk-MLDSA65-ECDSA-P256 PUBLIC-KEY ::= + pk-CompositeSignature{ id-MLDSA65-ECDSA-P256, + CompositeMLDSAPublicKey} + +sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-MLDSA65-ECDSA-P256, + pk-MLDSA65-ECDSA-P256 } + + -- TODO: OID to be replaced by IANA id-MLDSA65-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) @@ -217,7 +233,7 @@ pk-MLDSA65-ECDSA-P384 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-P384, CompositeMLDSAPublicKey} -sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= +sa-MLDSA65-ECDSA-P384 SIGNATURE-ALGORITHM ::= sa-CompositeSignature{ id-MLDSA65-ECDSA-P384, pk-MLDSA65-ECDSA-P384 } @@ -252,22 +268,6 @@ sa-MLDSA65-Ed25519 SIGNATURE-ALGORITHM ::= id-MLDSA65-Ed25519, pk-MLDSA65-Ed25519 } - --- TODO: OID to be replaced by IANA -id-MLDSA87-ECDSA-P256 OBJECT IDENTIFIER ::= { - joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 71 } - -pk-MLDSA87-ECDSA-P256 PUBLIC-KEY ::= - pk-CompositeSignature{ id-MLDSA87-ECDSA-P384, - CompositeMLDSAPublicKey} - -sa-MLDSA87-ECDSA-P256 SIGNATURE-ALGORITHM ::= - sa-CompositeSignature{ - id-MLDSA87-ECDSA-P256, - pk-MLDSA87-ECDSA-P256 } - - -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index 6cddfe1..619e60a 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1084,7 +1084,7 @@ HashComposite-ML-DSA Signature public key types: | id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | | id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | | id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-P256-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | | id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | | id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | | id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | @@ -1235,21 +1235,21 @@ A compliant implementation MUST support the following algorithms for the SignerI | Composite Signature Algorithm | digestAlgorithm | | ----------- | ----------- | -| id-MLDSA44-RSA2048-PSS | SHA256 | -| id-MLDSA44-RSA2048-PKCS15 | SHA256 | -| id-MLDSA44-Ed25519 | SHA512 | -| id-MLDSA44-ECDSA-P256 | SHA256 | +| id-MLDSA44-RSA2048-PSS | SHA256 | +| id-MLDSA44-RSA2048-PKCS15 | SHA256 | +| id-MLDSA44-Ed25519 | SHA512 | +| id-MLDSA44-ECDSA-P256 | SHA256 | | id-MLDSA65-RSA3072-PSS | SHA512 | -| id-MLDSA65-RSA3072-PKCS15 | SHA512 | +| id-MLDSA65-RSA3072-PKCS15 | SHA512 | | id-MLDSA65-RSA4096-PSS | SHA512 | | id-MLDSA65-RSA4096-PKCS15 | SHA512 | | id-MLDSA65-ECDSA-P256 | SHA512 | | id-MLDSA65-ECDSA-P384 | SHA512 | | id-MLDSA65-ECDSA-brainpoolP256r1 | SHA512 | -| id-MLDSA65-Ed25519 | SHA512 | -| id-MLDSA87-ECDSA-P384 | SHA512| -| id-MLDSA87-ECDSA-brainpoolP384r1 | SHA512 | -| id-MLDSA87-Ed448 | SHA512 | +| id-MLDSA65-Ed25519 | SHA512 | +| id-MLDSA87-ECDSA-P384 | SHA512 | +| id-MLDSA87-ECDSA-brainpoolP384r1 | SHA512 | +| id-MLDSA87-Ed448 | SHA512 | {: #tab-cms-shas title="Recommended Composite Signature Digest Algorithms"} where: From c2edf1775a14c57e605345cd23741f922edd315f Mon Sep 17 00:00:00 2001 From: John Gray <55205977+johngray-dev@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:03:33 -0500 Subject: [PATCH 5/7] Update the ASN.1 OID definitions --- Composite-MLDSA-2024.asn | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn index 08577f4..35d910f 100644 --- a/Composite-MLDSA-2024.asn +++ b/Composite-MLDSA-2024.asn @@ -212,7 +212,7 @@ sa-MLDSA65-RSA4096-PKCS15 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA65-ECDSA-P256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) XXXX } + entrust(114027) algorithm(80) composite(8) signature(1) 68 } pk-MLDSA65-ECDSA-P256 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-P256, @@ -227,7 +227,7 @@ sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA65-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 68 } + entrust(114027) algorithm(80) composite(8) signature(1) 69 } pk-MLDSA65-ECDSA-P384 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-P384, @@ -242,7 +242,7 @@ sa-MLDSA65-ECDSA-P384 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA65-ECDSA-brainpoolP256r1 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 69 } + entrust(114027) algorithm(80) composite(8) signature(1) 70 } pk-MLDSA65-ECDSA-brainpoolP256r1 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-brainpoolP256r1, @@ -257,7 +257,7 @@ sa-MLDSA65-ECDSA-brainpoolP256r1 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA65-Ed25519 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 70 } + entrust(114027) algorithm(80) composite(8) signature(1) 71 } pk-MLDSA65-Ed25519 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-Ed25519, @@ -271,7 +271,7 @@ sa-MLDSA65-Ed25519 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 71 } + entrust(114027) algorithm(80) composite(8) signature(1) 72 } pk-MLDSA87-ECDSA-P384 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA87-ECDSA-P384, @@ -286,7 +286,7 @@ sa-MLDSA87-ECDSA-P384 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-brainpoolP384r1 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 72 } + entrust(114027) algorithm(80) composite(8) signature(1) 73 } pk-MLDSA87-ECDSA-brainpoolP384r1 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA87-ECDSA-brainpoolP384r1, @@ -301,7 +301,7 @@ sa-MLDSA87-ECDSA-brainpoolP384r1 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA87-Ed448 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 73 } + entrust(114027) algorithm(80) composite(8) signature(1) 74 } pk-MLDSA87-Ed448 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA87-Ed448, @@ -318,7 +318,7 @@ sa-MLDSA87-Ed448 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-RSA2048-PSS-SHA256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 74 } + entrust(114027) algorithm(80) composite(8) signature(1) 80 } pk-HashMLDSA44-RSA2048-PSS-SHA256 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-RSA2048-PSS-SHA256, @@ -332,7 +332,7 @@ sa-HashMLDSA44-RSA2048-PSS-SHA256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-RSA2048-PKCS15-SHA256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 75 } + entrust(114027) algorithm(80) composite(8) signature(1) 81 } pk-HashMLDSA44-RSA2048-PKCS15-SHA256 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-RSA2048-PKCS15-SHA256, @@ -347,7 +347,7 @@ sa-HashMLDSA44-RSA2048-PKCS15-SHA256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-Ed25519-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 76 } + entrust(114027) algorithm(80) composite(8) signature(1) 82 } pk-HashMLDSA44-Ed25519-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-Ed25519-SHA512, @@ -362,7 +362,7 @@ sa-HashMLDSA44-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-ECDSA-P256-SHA256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 77 } + entrust(114027) algorithm(80) composite(8) signature(1) 83 } pk-HashMLDSA44-ECDSA-P256-SHA256 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-ECDSA-P256-SHA256, @@ -377,7 +377,7 @@ sa-HashMLDSA44-ECDSA-P256-SHA256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA3072-PSS-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 78 } + entrust(114027) algorithm(80) composite(8) signature(1) 84 } pk-HashMLDSA65-RSA3072-PSS-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA3072-PSS-SHA512, @@ -392,7 +392,7 @@ sa-HashMLDSA65-RSA3072-PSS-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA3072-PKCS15-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 79 } + entrust(114027) algorithm(80) composite(8) signature(1) 85 } pk-HashMLDSA65-RSA3072-PKCS15-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA3072-PKCS15-SHA512, @@ -406,7 +406,7 @@ sa-HashMLDSA65-RSA3072-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA4096-PSS-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 80 } + entrust(114027) algorithm(80) composite(8) signature(1) 86 } pk-HashMLDSA65-RSA4096-PSS-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA4096-PSS-SHA512, @@ -421,7 +421,7 @@ sa-HashMLDSA65-RSA4096-PSS-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA4096-PKCS15-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 81 } + entrust(114027) algorithm(80) composite(8) signature(1) 87 } pk-HashMLDSA65-RSA4096-PKCS15-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA4096-PKCS15-SHA512, @@ -436,7 +436,7 @@ sa-HashMLDSA65-RSA4096-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-P256-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 82 } + entrust(114027) algorithm(80) composite(8) signature(1) 88 } pk-HashMLDSA65-ECDSA-P256-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P256-SHA512, @@ -453,7 +453,7 @@ sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 82 } + entrust(114027) algorithm(80) composite(8) signature(1) 89 } pk-HashMLDSA65-ECDSA-P384-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, @@ -468,7 +468,7 @@ sa-HashMLDSA65-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 83 } + entrust(114027) algorithm(80) composite(8) signature(1) 90 } pk-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512, @@ -483,7 +483,7 @@ sa-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-Ed25519-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 84 } + entrust(114027) algorithm(80) composite(8) signature(1) 91 } pk-HashMLDSA65-Ed25519-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-Ed25519-SHA512, @@ -498,7 +498,7 @@ sa-HashMLDSA65-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA87-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 85 } + entrust(114027) algorithm(80) composite(8) signature(1) 92 } pk-HashMLDSA87-ECDSA-P384-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA87-ECDSA-P384-SHA512, @@ -513,7 +513,7 @@ sa-HashMLDSA87-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 86 } + entrust(114027) algorithm(80) composite(8) signature(1) 93 } pk-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512, @@ -528,7 +528,7 @@ sa-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA87-Ed448-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 87 } + entrust(114027) algorithm(80) composite(8) signature(1) 94 } pk-HashMLDSA87-Ed448-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA87-Ed448-SHA512, From 120e1f20dd5f26ef68a9c75d5f5134ebae70cb60 Mon Sep 17 00:00:00 2001 From: John Gray <55205977+johngray-dev@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:12:57 -0500 Subject: [PATCH 6/7] Fixed up OIDs for new P256 combination --- draft-ietf-lamps-pq-composite-sigs.md | 56 +++++++++++++-------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index 619e60a..bf56b67 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1058,12 +1058,12 @@ Pure Composite-ML-DSA Signature public key types: | id-MLDSA65-RSA4096-PSS | <CompSig>.66 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | | id-MLDSA65-RSA4096-PKCS15 | <CompSig>.67 | id-ML-DSA-65 | sha384WithRSAEncryption | | id-MLDSA65-ECDSA-P256 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | -| id-MLDSA65-ECDSA-P384 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | -| id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | -| id-MLDSA65-Ed25519 | <CompSig>.70 | id-ML-DSA-65 | id-Ed25519 | -| id-MLDSA87-ECDSA-P384 | <CompSig>.71 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | -| id-MLDSA87-ECDSA-brainpoolP384r1 | <CompSig>.72 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | -| id-MLDSA87-Ed448 | <CompSig>.73 | id-ML-DSA-87 | id-Ed448 | +| id-MLDSA65-ECDSA-P384 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | +| id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.70 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | +| id-MLDSA65-Ed25519 | <CompSig>.71 | id-ML-DSA-65 | id-Ed25519 | +| id-MLDSA87-ECDSA-P384 | <CompSig>.72 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | +| id-MLDSA87-ECDSA-brainpoolP384r1 | <CompSig>.73 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | +| id-MLDSA87-Ed448 | <CompSig>.74 | id-ML-DSA-87 | id-Ed448 | {: #tab-sig-algs title="Pure ML-DSA Composite Signature Algorithms"} See the ASN.1 module in section {{sec-asn1-module}} for the explicit definitions of the above Composite ML-DSA algorithms. @@ -1114,32 +1114,32 @@ As mentioned above, the OID input value is used as a domain separator for the Co | id-MLDSA65-RSA3072-PKCS15 |060B6086480186FA6B50080141| | id-MLDSA65-RSA4096-PSS |060B6086480186FA6B50080142| | id-MLDSA65-RSA4096-PKCS15 |060B6086480186FA6B50080143| -| id-MLDSA65-ECDSA-P256 |XXXXXX| -| id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080144| -| id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080145| -| id-MLDSA65-Ed25519 |060B6086480186FA6B50080146| -| id-MLDSA87-ECDSA-P384 |060B6086480186FA6B50080147| -| id-MLDSA87-ECDSA-brainpoolP384r1 |060B6086480186FA6B50080148| -| id-MLDSA87-Ed448 |060B6086480186FA6B50080149| +| id-MLDSA65-ECDSA-P256 |060B6086480186FA6B50080144| +| id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080145| +| id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080146| +| id-MLDSA65-Ed25519 |060B6086480186FA6B50080147| +| id-MLDSA87-ECDSA-P384 |060B6086480186FA6B50080148| +| id-MLDSA87-ECDSA-brainpoolP384r1 |060B6086480186FA6B50080149| +| id-MLDSA87-Ed448 |060B6086480186FA6B5008014A| {: #tab-sig-alg-oids title="Pure ML-DSA Composite Signature Domain Separators"} | Composite Signature Algorithm | Domain Separator (in Hex encoding)| | ----------- | ----------- | -| id-HashMLDSA44-RSA2048-PSS-SHA256 | 060B6086480186FA6B5008014A| -| id-HashMLDSA44-RSA2048-PKCS15-SHA256 |060B6086480186FA6B5008014B| -| id-HashMLDSA44-Ed25519-SHA512 |060B6086480186FA6B5008014C| -| id-HashMLDSA44-ECDSA-P256-SHA256 |060B6086480186FA6B5008014D| -| id-HashMLDSA65-RSA3072-PSS-SHA512 |060B6086480186FA6B5008014E| -| id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B5008014F| -| id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080150| -| id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080151| -| id-HashMLDSA65-ECDSA-P256-SHA512 |XXXXXXXX| -| id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080152| -| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B50080153| -| id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B50080154| -| id-HashMLDSA87-ECDSA-P384-SHA512 |060B6086480186FA6B50080155| -| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 |060B6086480186FA6B50080156| -| id-HashMLDSA87-Ed448-SHA512 |060B6086480186FA6B50080157| +| id-HashMLDSA44-RSA2048-PSS-SHA256 | 060B6086480186FA6B50080150| +| id-HashMLDSA44-RSA2048-PKCS15-SHA256 |060B6086480186FA6B50080151| +| id-HashMLDSA44-Ed25519-SHA512 |060B6086480186FA6B50080152| +| id-HashMLDSA44-ECDSA-P256-SHA256 |060B6086480186FA6B50080153| +| id-HashMLDSA65-RSA3072-PSS-SHA512 |060B6086480186FA6B50080154| +| id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B50080155| +| id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080156| +| id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080157| +| id-HashMLDSA65-ECDSA-P256-SHA512 |060B6086480186FA6B50080158| +| id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080159| +| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B5008015A| +| id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B5008015B| +| id-HashMLDSA87-ECDSA-P384-SHA512 |060B6086480186FA6B5008015C| +| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 |060B6086480186FA6B5008015D| +| id-HashMLDSA87-Ed448-SHA512 |060B6086480186FA6B5008015E| {: #tab-hash-sig-alg-oids title="Hash ML-DSA Composite Signature Domain Separators"} ## Rationale for choices From 46fd923e15e97789e1d3fad449382c8031769b26 Mon Sep 17 00:00:00 2001 From: John Gray <55205977+johngray-dev@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:16:28 -0500 Subject: [PATCH 7/7] Update the Composite HashML-DSA OID table --- draft-ietf-lamps-pq-composite-sigs.md | 30 +++++++++++++-------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index bf56b67..ee8626e 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1076,21 +1076,21 @@ HashComposite-ML-DSA Signature public key types: | Composite Signature Algorithm | OID | First Algorithm | Second Algorithm | Pre-Hash | | ----------- | ----------- | ----------- | ----------- | ----------- | -| id-HashMLDSA44-RSA2048-PSS-SHA256 | <CompSig>.74 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | id-sha256 | -| id-HashMLDSA44-RSA2048-PKCS15-SHA256 | <CompSig>.75 | id-ML-DSA-44 | sha256WithRSAEncryption | id-sha256 | -| id-HashMLDSA44-Ed25519-SHA512 | <CompSig>.76 | id-ML-DSA-44 | id-Ed25519 | id-sha512 | -| id-HashMLDSA44-ECDSA-P256-SHA256 | <CompSig>.77 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | id-sha256 | -| id-HashMLDSA65-RSA3072-PSS-SHA512 | <CompSig>.78 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | id-sha512 | -| id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | -| id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-ECDSA-P256-SHA512 | <CompSig>.XX | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | -| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | -| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | -| id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | -| id-HashMLDSA87-ECDSA-P384-SHA512 | <CompSig>.85 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | id-sha512| -| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 | <CompSig>.86 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | id-sha512 | -| id-HashMLDSA87-Ed448-SHA512 | <CompSig>.87 | id-ML-DSA-87 | id-Ed448 | id-sha512 | +| id-HashMLDSA44-RSA2048-PSS-SHA256 | <CompSig>.80 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | id-sha256 | +| id-HashMLDSA44-RSA2048-PKCS15-SHA256 | <CompSig>.81 | id-ML-DSA-44 | sha256WithRSAEncryption | id-sha256 | +| id-HashMLDSA44-Ed25519-SHA512 | <CompSig>.82 | id-ML-DSA-44 | id-Ed25519 | id-sha512 | +| id-HashMLDSA44-ECDSA-P256-SHA256 | <CompSig>.83 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | id-sha256 | +| id-HashMLDSA65-RSA3072-PSS-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | id-sha512 | +| id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.85 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.86 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | +| id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.87 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-ECDSA-P256-SHA512 | <CompSig>.88 | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.89 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.90 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | +| id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.91 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | +| id-HashMLDSA87-ECDSA-P384-SHA512 | <CompSig>.92 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | id-sha512| +| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 | <CompSig>.93 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | id-sha512 | +| id-HashMLDSA87-Ed448-SHA512 | <CompSig>.94 | id-ML-DSA-87 | id-Ed448 | id-sha512 | {: #tab-hash-sig-algs title="Hash ML-DSA Composite Signature Algorithms"}