Adding new public key KEM API

NIIBE Yutaka gniibe at
Fri Nov 17 07:40:26 CET 2023


Falko Strenzke <falko.strenzke at> wrote:
> There is another point to consider for the design of a generic KEM API: 
> the use of the public in the key derivation, which makes it necessary to 
> pass the public key to the decapsulation function if one doesn't want to 
> run the computation of the public key from the private key in the 
> decapsulation function.

Thank you for the input.

I encounter this exact issue when I did an experiment for DHKEM(X25519,
HKDF-SHA256).  Currently, it computes public key from secret key.

My experiment is here:

This is the branch on top of master.

Last month, I created the gniibe/kem branch on top of 1.10 branch.  I
need HKDF function for the DHKEM, so, I did again on top of master.

More information about the Gcrypt-devel mailing list