Caliptra security level in hybrid mode (PQC+ECC) #579
Assignees
Labels
Comments
|
Security level 4 is enough per CNSA 2.0. We can keep PQC at security level 5 (since there is no security level 4 parameter for MLDSA) and use Secp384rl for ECC. so, no need to upgrade to Secp521 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Although ML-DSA-87 meets the NIST security level category 5 [1], the other components, such as ECC Secp384r1 [2], SHA384 [3], and HMAC384, are classified under category 4. Consequently, the hybrid mode is rated at category 4 for the entire design.
To achieve category 5, the ECC design must be upgraded to ECC Secp521, along with SHA512 and HMAC512. Additionally, fuses and key slots (KV) need to be extended to 521 bits from the current 384 bits.
[1] FIPS 204: Module-Lattice-Based Digital Signature Standard
[2] Recommended Elliptic Curve Domain Parameters
[3] [PQC Security (Evaluation Criteria](https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)
The text was updated successfully, but these errors were encountered: