Add table of PK, Sig sizes

[ounsworth]

https://mailarchive.ietf.org/arch/msg/spasm/zfWx5fYjvuvohTOI7asQG4m-NDI/

Hi Mike,

Your draft:
https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem/
could do with table on Npk, Nsk, and NSig sizes. Such tables greatly help
in implementation.

The idea is from RFC 9180, Section 7.1
https://datatracker.ietf.org/doc/rfc9180/

[image: image.png]

The details of the calculations can be found here:

https://github.com/codespree/quantcrypt/blob/main/additional_info_keysize.md

All the best,
Varun

In my opinion, we should get sample keys, signatures, and ciphertexts for all algorithms, and then measure them. This sounds like a hackathon project.

[ZPDSSAI]

Hi Mike,

I am Peiduo and I am from Varun(@codespree)'s team. We have computed the public key, secrete key and signature lengths for ML-DSA and its composite variations, and the public key, secrete key, shared secret, and cipher text lengths for ML-KEM and its composite variations. The full table documentation, together with notes on overhead computation, can be found in our project repo here.

Please check if the tables meet the requirement of this issue :)

Best regards,
Zhao Peiduo

[johngray-dev]

Thanks for doing these computations. I had done some computations on a handful of them before IETF 120 and it looks like they align (which is always a good thing). I think we should be able to add these tables to an Appendix.