[PATCH] Add Streamlined NTRU Prime sntrup761.
Simon Josefsson
simon at josefsson.org
Mon May 15 16:02:39 CEST 2023
Hi
See attached patch that adds sntrup761. What do you think?
My use case is to enable implementation of OpenSSH's
sntrup761x25519-sha512 in libssh/libssh2.
Specific open issues:
- Documentation
- Benchmarking self-test
- Self-tests that validate test vectors
Not trivial because the algorithm is randomized, so we would have to
use deterministic randomness somehow -- and to use an deterministic
algorithm for which there exists sntrup761 test vectors (DRBG-CTR is
the only one I am aware of, but far from ideal).
- API design
- Are gcry_kem_open/gcry_kem_close useful? They complicate
implementation for no gain for sntrup761, but could be useful for
other KEM's, OTOH they may just complicate it for all KEM's since I
believe the KEM APIs are fairly established these days.
- The pubkey parameter for KEM-Enc could be stored in the handle, as
could the seckey parameter for KEM-Dec. This would make the
gcry_kem_open/gcry_kem_close more useful, however it would mean
more memory zeroization issues.
- The #define's for output lengths could be functions, similar to
other libgcrypt APIs. This makes it harder to use statically
allocated buffers, so I think the current #define's are useful.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-Streamlined-NTRU-Prime-sntrup761.patch
Type: text/x-diff
Size: 41181 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20230515/5e4b75fb/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20230515/5e4b75fb/attachment-0001.sig>
More information about the Gcrypt-devel
mailing list