Minutes of the July 8th, 2025 Meeting

[johngray-dev]

Present: Jean-Pierre Fiset, Abel Chen, Austin Lin, John Gray, Mike Ounsworth, Nicola Tuveri, Christoph Wildfeuer, James Tung, Carl Wallace, Markku-Juhani Saarinen, Peter Muzikant, Alexander Railien, Felipe Ventura, Corey Bonnell

Hackathon Coming up July 19th - 20th
Each person answered whether they would attend the hackathon remotely or in person, what they wanted to bring and what they wanted to work on.

Mike Ounsworth - Will attend hackathon remotely - Will work on the composite test vectors in JSON. Had side question regarding the government - Does CNSA support Hybrid more general in any way, anyone have comments?

Alexander Railean - Will attend in person, will bring CMP test suite. In the CMP test suite, they support all flavors of hybrid algorithms.

Jean-Pierre - Will attend in person with additional team members. Will continue working on the pure formats and would like to start work on the composites.

James Tung - Will attend the next hackathon remotely. Will work on generating certificates with composite keys. Also looking at implementing ML-KEM in CMS.

Nicola Tuveri - Will attend in Person, and will be working with openSSL. Want to add composite support for ML-DSA-65 X25519. Ask about the private key formats.

Christoph Wildfeuer - Not around for hackathon - Maybe next one. Getting into the certificate issues with satellite communication. Maybe we build on some expertise. Regarding Mike's question with CNSA 2.0 - They are not requiring hybrid mode, not preferred, but not forbidden. They say it is adding additional complexity.

• Mike mentioned it has to be allowed in MLS and IKEv2 - sometimes allow in specific implementations. They have been pretty clear about complexity, don't have enough analysts.

• Markku - Some hardware vendors have been asking. Could have proprietary check then PQ check. During firmware check it can be separated so they can be approved separately. A sequence of verifications should be fine. CNSA PQC - You can have a legacy thing.

• Markku - May be going to Madrid - Don't have anything to contribute - SLH-DSA in OQS is taking Markku's implementation. He has 200 parameter sets. NIST will do an SP of new parameter sets plus the PreHash versions. TripleA2 variant - short and limited to 1 million signatures.

Petr Muzikant - Can't make it to hackathon. Got back to the PQC engineering for more relevant topics in near future. Very early to ask to do a PQ certificate in Go crypto lang.

Daniel Van Geest - Will be at hackathon in person. He has SLH-DSA test vectors if you want to test them. He will come with a composite KEM implementation, and maybe signatures. Dan has noticed that the automated testing is quite behind, might help update them. Work on KEMRecipientInfo implementation before openSSL 3.6 (due in October).
See:
openssl/openssl#27247
openssl/openssl#27681

John Gray - Will attend in person. Will also work on Composites and reference implementation for Certificate Discovery. Would also like to work on MTL revocation if time.

Felipe Ventura - Will attend remotely, will work more on composite signatures for openSSL. Will try to have something done at the hackathon.

• Nicola will talk to the OpenSSL people

Corey Bonnell - Will be in person in Madrid. He will most likely work on certificate discovery.

Carl Wallace - Will not be present during the Hackathon - trying to get stuff done before hand. Verified all the composite signature examples in the spec, except ed448. Will start work on Composite KEM. Generate and verifier that use wrapped code.

Mike Mentioned the KEM tradPK issue in KEM. See lamps-wg/draft-composite-kem#179

TomoFumi - If he comes it will be remotely.

Nikola - Tim Hudson he believes Viktor will be participate remotely. Click on following link to show support of openSSL staff at IETF 123: https://openssl-communities.org/d/dQA7g9mP/interactions-with-openssl-staff-during-upcoming-ietf-123

Other Comments:
Markku - SHA2 version of SLH-DSA can work 2 times faster if you have the compression function API available. It is not exposed in openSSL. Would be good to discussion with openSSL team.

Nicola - Many external implementations do not yet provide an interface to derive the public key from the seed or the expanded private key. Getting only the seed is very restrictive. Nicola is working with the Rust library (Wrapping around PQClean, Pure Rust).

Action: John to send out an e-mail invite for the 2-day hackathon so it is in everyone's calendars.