Adding new public key KEM API
Falko Strenzke
falko.strenzke at mtg.de
Tue Nov 14 16:16:30 CET 2023
There is another point to consider for the design of a generic KEM API:
the use of the public in the key derivation, which makes it necessary to
pass the public key to the decapsulation function if one doesn't want to
run the computation of the public key from the private key in the
decapsulation function.
We are using using this now for instance in our OpenPGP PQC draft
(https://github.com/openpgp-pqc/draft-openpgp-pqc/pull/66 corrects the
ECC-KEM function signature regarding that matter).
- Falko
Am 24.10.23 um 08:25 schrieb NIIBE Yutaka:
> Werner Koch<wk at gnupg.org> wrote:
>> On Thu, 19 Oct 2023 16:37, NIIBE Yutaka said:
>>
>>> gcry_error_t gcry_kem_decap (int algo,
>>> const void *seckey,
>>> const void *ciphertext,
>>> void *shared_secret);
>> I still don't feel comfortable without a size argument.
> Assumption here (for lower level API) is:
>
> It's caller side (user of libgcrypt) which does static
> compile-time check against ALGO and the length of each
> byte-array.
>
> If not static, caller side can do run-time check, if needed,
> before the call.
>
> Having a size argument would mean,
>
> libgcrypt does run-time check of the length (for each call)
>
> I wonder if this kind of run-time check in libgcrypt is useful in lower
> level API.
>
> I could imagine having an API offering static compile-time check. In
> this case, it would provide a macro something like gcry_kem_decap_check
> which has length arguments. The ABI is gcry_kem_decap.
--
*MTG AG*
Dr. Falko Strenzke
Executive System Architect
Phone: +49 6151 8000 24
E-Mail: falko.strenzke at mtg.de
Web: mtg.de <https://www.mtg.de>
<https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false>
Follow us
------------------------------------------------------------------------
<https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/>
<https://www.itsa365.de/de-de/companies/m/mtg-ag>
MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde
This email may contain confidential and/or privileged information. If
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised
copying or distribution of this email is not permitted.
Data protection information: Privacy policy
<https://www.mtg.de/en/privacy-policy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20231114/97f8e972/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HM2gwfch0I8R0uAq.png
Type: image/png
Size: 4018 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20231114/97f8e972/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NNDy9qKS7rLGbGcv.png
Type: image/png
Size: 14587 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20231114/97f8e972/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Q5roHJuK66RgXLHM.png
Type: image/png
Size: 13185 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20231114/97f8e972/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20231114/97f8e972/attachment-0001.bin>
More information about the Gcrypt-devel
mailing list