Comments (5)
These hybrids were added for use in TLS 1.3, where simple concatenation is sufficient for IND-CCA2 robustness of the combined protocol (because the transcript hash mixes in the ciphertexts.)
Outside of TLS 1.3, such as with HPKE, the situation still isn't clear cut: it depends on which KEMs are combined. Both the current version of Kyber and DHKEM hash in the ciphertext, so the simple concatenation in hpke/hybridkem
is still IND-CCA2 robust. (This is not the case for those in kem/hybrid
when used on their own.)
Kyber will probably stop hashing in the ciphertext in the final version.
We should properly document this in the code.
What do you need for your application?
from circl.
The Katzenpost mix network project thus far has two uses for KEMs:
- PQNoise https://github.com/katzenpost/katzenpost/blob/main/core/wire/session.go
- KEM Sphinx https://github.com/katzenpost/katzenpost/blob/main/core/sphinx/kemsphinx.go
I'd guess that the Noise hash object might get us IND-CCA2 security like you mentioned with TLS. However for the Sphinx nested encrypted packet, it would require the KEM to be IND-CCA2.
Also... I recently wrote a NIKE to KEM adapter:
https://github.com/katzenpost/katzenpost/blob/use_new_ctidh_types/core/crypto/kem/adapter/kem.go
it could probably use some code review, if you like:
from circl.
And here's how I add the split PRF KEM combiner:
katzenpost/katzenpost@9088d6b
...which has not be code reviewed... but the unit tests pass ;-)
I guess I could make a pull request for circl to have this code if other developers were interested in using hybrid KEMs that are IND-CCA2 secure... which probably means that they would use these KEMs for a use case that does not include TLS or Noise.
from circl.
...which has not be code reviewed
I don't think that's implemented correctly: it doesn't mix in the ciphertexts at all. Also, AES is not a PRF — it's a PRP.
I would simply go for H(ss1 || ss2 || ct1 || ct2)
, given all of them are fixed length, which is IND-CCA2 robust in QROM.
from circl.
Thanks for the correction!
from circl.
Related Issues (20)
- [QUESTION]: is blindsign package post-quantum secure ? HOT 4
- Bytes() and SetBytes() are not match in BLS12381 G1 and G2 HOT 3
- repo: consider add govulncheck to CI job
- enhancement request: Implement McCallum-Relyea exchange HOT 1
- oprf: Update latest test vectors
- blindrsa: update test vectors to match RFC9474 HOT 1
- add disclaimer and warning to README about Kyber patent
- Unusual Behavior: Successful Signature Verification After Altering Private Key HOT 4
- Why were the patch versions for CVE-2023-1732 released so late? HOT 2
- does KyberSlash affect this verison of Kyber? HOT 3
- ML-DSA? HOT 2
- Implement MAYO
- cp-abe: plaintext exceeding a certain length will fail during decryption HOT 2
- kem: Scheme.DeriveKeyPair length check too strict HOT 6
- hpke: slice bounds out of range in shortKEM.UnmarshalBinaryPrivateKey HOT 3
- Align on `purego` build tag. HOT 1
- In ecc/bls12381, Pairing operations seems racy
- Unpacking Kyber keys from a FIPS 203 x509 key spec HOT 10
- Incorrect Documentation of Dilithium Private Key HOT 1
- Deserialization test failing for BLS12-381 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from circl.