Comments (6)
Actually, a >=
check wouldn't be enough for MLS: the official test vectors pass a 64-byte seed to KEM_P521_HKDF_SHA512
(which has SeedSize
of 66). We'd need to drop the checks entirely.
from circl.
In Section 7.4, MLS, DeriveKeyPair is called with node_secret
, which is the output of DeriveSecret
node_secret[n] = DeriveSecret(path_secret[n], "node")
node_priv[n], node_pub[n] = KEM.DeriveKeyPair(node_secret[n])
Looking at the definition of DeriveSecret
in Section 8, MLS, it outputs KDF.Nh
bytes.
DeriveSecret(Secret, Label) =
ExpandWithLabel(Secret, Label, "", KDF.Nh)
There is a mismatch between KDF.Nh
and KEM.Nsk
only in the following MLS suites:
MLS ID | MLS Suite | KDF.Nh | KEM.Nsk |
---|---|---|---|
0x04 | MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 | 64 | 56 |
0x05 | MLS_256_DHKEMP521_AES256GCM_SHA512_P521 | 64 | 66 |
0x06 | MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 | 64 | 56 |
@emersion , I recommend you to reach the MLS authors to seek guidance, this could be a typo in the spec.
from circl.
Good idea. I've sent an email to the mailing list: https://mailarchive.ietf.org/arch/msg/mls/JdrJvjGnVjNHX1xE4kTcsmq_PRc/
from circl.
The kem.Scheme
interface isn't meant to match up precisely with HPKE. Its DeriveKeyPair function is meant to match up exactly with the natural key derivation. HPKE's derivation can be built on top of that, eg. as in X-Wing. I think we might want to add a separate interface for HPKE key derivation.
from circl.
Also the
For a given KEM, the ikm parameter given to DeriveKeyPair() SHOULD have length at least Nsk, and SHOULD have at least Nsk bytes of entropy.
requirement is problematic for PQ KEMs, which have large secret keys, and is ignored. This requirement is very much written thinking only of elliptic curves.
from circl.
Related Issues (20)
- Add Validate() function to kem.PublicKey and kem.PrivateKey interfaces
- enhancement request: implement KDF (SDHI and/or Naor-Reingold) HOT 4
- Add KEM combiner which is IND-CCA2 robust HOT 5
- Compatibility with npmjs.com/package/dilithium-crystals HOT 5
- panic: unmarshalling 0 first byte private keys HOT 1
- [QUESTION]: is blindsign package post-quantum secure ? HOT 4
- Bytes() and SetBytes() are not match in BLS12381 G1 and G2 HOT 3
- repo: consider add govulncheck to CI job
- enhancement request: Implement McCallum-Relyea exchange HOT 1
- oprf: Update latest test vectors
- blindrsa: update test vectors to match RFC9474 HOT 1
- add disclaimer and warning to README about Kyber patent
- Unusual Behavior: Successful Signature Verification After Altering Private Key HOT 4
- Why were the patch versions for CVE-2023-1732 released so late? HOT 2
- does KyberSlash affect this verison of Kyber? HOT 3
- ML-DSA? HOT 2
- Implement MAYO
- cp-abe: plaintext exceeding a certain length will fail during decryption HOT 2
- hpke: slice bounds out of range in shortKEM.UnmarshalBinaryPrivateKey HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from circl.