Populate the PQC extension introduction

athoelke · athoelke · commit ffc8be5c17f7 · 2024-10-25T12:49:50.000+01:00
diff --git a/doc/ext-pqc/overview/intro.rst b/doc/ext-pqc/overview/intro.rst
@@ -18,12 +18,37 @@ When the proposed extension is sufficiently stable to be classed as Final, it wi
 
 This specification must be read and implemented in conjunction with `[PSA-CRYPT]`. All of the conventions, design considerations, and implementation considerations that are described in `[PSA-CRYPT]` apply to this specification.
 
-.. rationale:: Note
+Objectives for the PQC Extension
+--------------------------------
 
-    This version of the document includes *Rationale* commentary that provides background information relating to the design decisions that led to the current proposal. This enables the reader to understand the wider context and alternative approaches that have been considered.
+Background
+~~~~~~~~~~
 
+The justification for developing new :term:`public-key cryptography` algorithms due to the risks posed by quantum computing are described by NIST in :cite-title:`NIST-PQC`.
 
-Objectives for the PQC Extension
---------------------------------
+.. admonition:: Extract from *Post-Quantum Cryptography*:
+
+    *In recent years, there has been a substantial amount of research on quantum computers --- machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.  The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.*
+
+    *The question of when a large-scale quantum computer will be built is a complicated one. While in the past it was less clear that large quantum computers are a physical possibility, many scientists now believe it to be merely a significant engineering challenge. Some engineers even predict that within the next twenty or so years sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure.  Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.*
+
+NIST is hosting a project to collaboratively develop, analyze, refine, and select cryptographic schemes that are resistant to attack by both classical and quantum computing.
+
+Selection of algorithms
+~~~~~~~~~~~~~~~~~~~~~~~
+
+PQC algorithms that have been standardized are obvious candidates for inclusion in the |API|. The current set of standards is the following:
+
+*   :cite-title:`FIPS203`
+*   :cite-title:`FIPS204`
+*   :cite-title:`FIPS205`
+
+Although the NIST standards for these algorithms are now finalized, the definition of keys in the |API| depends on import and export formats.
+To maximize key exchange interoperability with other specifications, the default export format in the |API| should be aligned with the definitions selected for X.509 public-key infrastructure.
+As the IETF process for defining the X.509 key formats is still ongoing at the time of publishing this document, the interfaces within this document are at BETA status.
+
+However, it is not expected that other aspects of the API in this document will change when it becomes FINAL.
 
-:issue:`TBD`
+.. note::
+    Although PQC algorithms that are draft standards could be considered, any definitions for these algorithms would be have to be considered experimental.
+    Significant aspects of the algorithm, such as approved parameter sets, can change before publication of a final standard, potentially requiring a revision of any proposed interface for the |API|.
diff --git a/doc/ext-pqc/references b/doc/ext-pqc/references
@@ -47,3 +47,9 @@
     :author: IETF
     :publication: October 2024 (Draft 02)
     :url: datatracker.ietf.org/doc/draft-ietf-lamps-x509-slhdsa-02
+
+.. reference:: NIST-PQC
+    :title: Post-Quantum Cryptography
+    :author: NIST
+    :publication: PQC Project page
+    :url: nist.gov/pqcrypto
diff --git a/doc/ext-pqc/terms b/doc/ext-pqc/terms
@@ -1,4 +1,4 @@
-.. SPDX-FileCopyrightText: Copyright 2022 Arm Limited and/or its affiliates <open-source-office@arm.com>
+.. SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its affiliates <open-source-office@arm.com>
 .. SPDX-License-Identifier: CC-BY-SA-4.0 AND LicenseRef-Patent-license
 
 .. term:: Algorithm
@@ -154,13 +154,6 @@
 
     A key that has a short lifespan and is guaranteed not to exist after a restart of an application instance.
 
-.. term:: Password-authenticated key exchange
-    :abbr: PAKE
-
-    An interactive method for two or more parties to establish cryptographic keys based on knowledge of a low entropy secret, such as a password.
-
-    This can provide strong security for communication from a weak password, because the password is not directly communicated as part of the key exchange.
-
 .. term:: Post-Quantum Cryptography
     :abbr: PQC
 
