[PATCH] Add Streamlined NTRU Prime sntrup761.

Werner Koch wk at gnupg.org
Tue May 16 17:52:53 CEST 2023


> My use case is to enable implementation of OpenSSH's
> sntrup761x25519-sha512 in libssh/libssh2.

Given that OpenSSH starts to move into that direction, it is a good idea
to add support to Libgcrypt.  After all we want that gpg-agent can also
work with that algorithms.

>    - Are gcry_kem_open/gcry_kem_close useful?  They complicate
>      implementation for no gain for sntrup761, but could be useful for
>      other KEM's, OTOH they may just complicate it for all KEM's since I
>      believe the KEM APIs are fairly established these days.

I have not yet anaylyzed your needs but I think that this new API is not
needed because we have KEM functions already implemented in the pubkey

Instead of a new separate API it should be sufficient to make use of the
general idea of gcry_ctx_t.  Right now we use such a context only for
KATs and to implement custom EC functions.

The context object was actually implemented to add state to the public
key functions and to allow the provisioning of larger parameters by
associating them with an s-expression.  A context is also a way to
implement n-way processing within Libgcrypt.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20230516/e15b3d58/attachment.sig>

More information about the Gcrypt-devel mailing list