X-Mozilla-Status: 0001
X-Mozilla-Status2: 00800000
X-Mozilla-Keys:                                                                                 
Subject: Re: new PQC talk
To: "Moody, Dustin (Fed)" <dustin.moody@nist.gov>
References: <DM6PR09MB3228225B3D00834909E98C67E54C0@DM6PR09MB3228.namprd09.prod.outlook.com>
From: "David A. Cooper" <david.cooper@nist.gov>
Message-ID: <14be6cf7-405c-f136-0330-8d98fcb99737@nist.gov>
Date: Thu, 7 Mar 2019 15:12:55 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <DM6PR09MB3228225B3D00834909E98C67E54C0@DM6PR09MB3228.namprd09.prod.outlook.com>
Content-Type: text/html; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi Dustin,</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">I have just a few comments on the
      slides.<br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">On slide 4, for the PQC survey paper,
      Ray's name should be listed first. He was definitely the primary
      author on that paper.</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">Slide 11 - Should there be some mention
      of public key size and signature/ciphertext size? Performance in
      terms of run time did not play a major role, since we didn't have
      optimized implementations, so couldn't know the "true" performance
      of the algorithms. However, better implementations won't affect
      the sizes of public keys and signatures/ciphertext, and as others
      have commented, in many cases the communication costs associated
      with these sizes may have a greater impact on overall performance
      than the costs of the internal computations. PQRSA would have been
      considered unacceptable as a result of the key and
      signature/ciphertext sizes even if the internal computations could
      have been performed quickly. In other cases, when choosing between
      similar submissions, the ones with smaller key and ciphertexts
      were preferred.<br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">Slide 22 says "Feb 2019 - If another
      shutdown occurs, the PQC project will not be shutdown." Perhaps
      Matt has already approved this language, but I would suggest not
      saying it. While Matt made that statement about our project a few
      weeks ago, just before the spending bill was passed, another
      shutdown can't happen for at least 7 months, and it doesn't seem
      safe to assume that the thinking that applied in mid-February will
      still apply then. Also, even if the PQC project itself were
      exempted, the project could still be impacted by the shutdown.</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">Slide 31 - LMS is in the RFC editor
      queue.</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">Slide 34 - there are 17 encryption/KEN
      algorithms and 9 signature algorithms.<br>
    </div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">On 3/7/19 11:32 AM, Moody, Dustin (Fed)
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:DM6PR09MB3228225B3D00834909E98C67E54C0@DM6PR09MB3228.namprd09.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Everyone, <o:p></o:p></p>
        <p class="MsoNormal">     I’ll be giving a talk in two weeks at
          a PQC workshop, and came up with some new slides for a talk. 
          It goes into more of our decision making process during Round
          1.  Please take a look – and let me know your suggestions (by
          next Thursday 3/14).  I’ll probably use this as the base for
          our talk at PQCrypto in May as well.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Dustin<o:p></o:p></p>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>