MPAI-PTF V1.0 Data - Security Algorithm Taxonomy

1 Definition

The Security Algorithm Taxonomy defines the set of identifiers used by MPAI‑PTF to reference cryptographic algorithms in a consistent, interoperable, and implementation‑independent manner. It provides canonical names for hash algorithms, signature algorithms, encryption algorithms, key‑establishment algorithms, and other security‑relevant primitives used across PTF data types such as credentials, evidence, policies, and profiles.

The taxonomy ensures that all PTF components refer to cryptographic algorithms using stable identifiers rather than implementation‑specific labels, enabling interoperability, validation, and policy enforcement across heterogeneous systems.

2 Functional Requirements

The Security Algorithm Taxonomy shall:

Provide unique, stable identifiers for each cryptographic algorithm used within PTF.
Classify algorithms into categories such as:
- Hash algorithms
- Signature algorithms
- Encryption algorithms
- Key‑establishment algorithms
- Message authentication algorithms
- Custom or externally defined algorithms
Support algorithm agility, allowing new algorithms to be added without breaking existing implementations.
Provide identifiers that are independent of vendor, library, or platform.
Enable PTF components to:
- Declare which algorithms they require (e.g., in PolicyBinding, Profile).
- Declare which algorithms they support (e.g., in CapabilityProfile).
- Declare which algorithms they use (e.g., in CII, InstanceCredential, AttestationEvidence).
Allow referencing of post‑quantum, hybrid, and future algorithms.
Support custom algorithm identifiers for deployments requiring non‑standard or proprietary algorithms.
Ensure that identifiers are:
- Human‑readable
- Machine‑processable
- Version‑stable
Provide a single authoritative namespace for all PTF cryptographic algorithm identifiers.

3 Syntax

https://schemas.mpai.community/PTF/V1.0/data/SecurityAlgorithmTaxonomy.json

4 Semantics

Label	Description
Hash	Identifies allowed hash algorithms.
– AIF-ALGO-HASH-SHA256	SHA‑256 hash algorithm.
– AIF-ALGO-HASH-SHA384	SHA‑384 hash algorithm.
– AIF-ALGO-HASH-SHA512	SHA‑512 hash algorithm.
– AIF-ALGO-HASH-SHA3-256	SHA‑3‑256 hash algorithm.
– AIF-ALGO-HASH-SHA3-512	SHA‑3‑512 hash algorithm.
– AIF-ALGO-HASH-BLAKE3	BLAKE3 hash algorithm.
– AIF-ALGO-HASH-CUSTOM	Implementation‑specific hash algorithm.
Signature	Identifies allowed signature algorithms.
– AIF-ALGO-SIG-ED25519	Ed25519 signature algorithm.
– AIF-ALGO-SIG-ECDSA-P256-SHA256	ECDSA P‑256 with SHA‑256.
– AIF-ALGO-SIG-ECDSA-P384-SHA384	ECDSA P‑384 with SHA‑384.
– AIF-ALGO-SIG-RSA-PSS-SHA256	RSA‑PSS using SHA‑256.
– AIF-ALGO-SIG-RSA-PSS-SHA384	RSA‑PSS using SHA‑384.
– AIF-ALGO-SIG-DILITHIUM2	Dilithium‑2 post‑quantum signature algorithm.
– AIF-ALGO-SIG-FALCON512	Falcon‑512 post‑quantum signature algorithm.
– AIF-ALGO-SIG-CUSTOM	Implementation‑specific signature algorithm.
MAC	Identifies allowed message authentication code algorithms.
– AIF-ALGO-MAC-HMAC-SHA256	HMAC using SHA‑256.
– AIF-ALGO-MAC-HMAC-SHA384	HMAC using SHA‑384.
– AIF-ALGO-MAC-CMAC-AES	CMAC using AES.
– AIF-ALGO-MAC-CUSTOM	Implementation‑specific MAC algorithm.
Encryption	Identifies allowed symmetric encryption algorithms.
– AIF-ALGO-ENC-AES-256-CBC	AES‑256‑CBC encryption.
– AIF-ALGO-ENC-AES-256-CTR	AES‑256‑CTR encryption.
– AIF-ALGO-ENC-CHACHA20	ChaCha20 encryption.
– AIF-ALGO-ENC-CUSTOM	Implementation‑specific encryption algorithm.
AEAD	Identifies allowed authenticated-encryption-with-associated-data algorithms.
– AIF-ALGO-AEAD-AES-256-GCM	AES‑256‑GCM authenticated encryption.
– AIF-ALGO-AEAD-CHACHA20-POLY1305	ChaCha20‑Poly1305 authenticated encryption.
– AIF-ALGO-AEAD-CUSTOM	Implementation‑specific AEAD algorithm.
KeyExchange	Identifies allowed key‑exchange or key‑agreement algorithms.
– AIF-ALGO-KX-X25519	X25519 key exchange.
– AIF-ALGO-KX-ECDH-P256	ECDH using P‑256.
– AIF-ALGO-KX-ECDH-P384	ECDH using P‑384.
– AIF-ALGO-KX-KYBER512	Kyber‑512 post‑quantum key encapsulation.
– AIF-ALGO-KX-CUSTOM	Implementation‑specific key‑exchange algorithm.
Hybrid	Identifies allowed hybrid classical + post‑quantum algorithms.
– AIF-ALGO-HYBRID-X25519-KYBER512	Hybrid X25519 + Kyber‑512.
– AIF-ALGO-HYBRID-ECDH-P256-DILITHIUM2	Hybrid ECDH‑P256 + Dilithium‑2.
– AIF-ALGO-HYBRID-CUSTOM	Implementation‑specific hybrid algorithm.

<- Go to Data Types Go to ToC

Cookie	Duration	Description
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Technical".
CookieLawInfoConsent	1 year	The cookie is set by the GDPR Cookie Consent plug-in and is used to store whether the user has consented to the use of cookies or not. It does not store any personal data.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pk_id.6.08a8	13 months	Used to store a few details about the user such as the unique visitor ID
_pk_ses.6.08a8	30 minutes	Short lived cookies used to temporarily store data for the visit

MPAI-PTF V1.0 Data – Security Algorithm Taxonomy

1 Definition

2 Functional Requirements

3 Syntax

4 Semantics

Notice