<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p class="source-line" data-source-line="2">We are currently working
      on the integration of PQC algorithms in Libgcrypt based on <a
href="https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/">draft-wussler-openpgp-pqc</a>
      and will also add KMAC to Libgcrypt since this algorithm is used
      for the key derivation inside the key combiner.</p>
    <p class="source-line" data-source-line="5"><a
href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf#page=16">KMAC</a>
      is based on <a
href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf#page=13">cSHAKE</a>,
      which is variant of SHAKE that requires a
      different final bit padding than SHAKE and is currently not
      implemented in Libgcrypt.
      cSHAKE is defined as</p>
    <pre><code>cSHAKE(X, L, N, S):
1. If N = "" and S = "":
  return SHAKE256(X, L);
2. Else:
  return KECCAK[256](bytepad(encode_string(N) || encode_string(S), 168) || X || 00, L)
</code></pre>
    <p class="source-line" data-source-line="17">In order to support the
      additional arguments N and S, I propose the following approach:</p>
    <ul>
      <li class="source-line" data-source-line="19">
        <p class="source-line" data-source-line="19">cSHAKE is added as
          an XOF message digest like SHAKE</p>
      </li>
      <li class="source-line" data-source-line="20">
        <p class="source-line" data-source-line="20">For the purpose of
          providing the additional arguments N and S we add</p>
        <pre><code>typedef enum 
{
  GCRY_MD_ADDIN_CSHAKE_N = 1,
  GCRY_MD_ADDIN_CSHAKE_S = 2
} gcry_md_add_input_t;

gcry_error_t
gcry_md_set_add_input (gcry_md_hd_t *h,  
gcry_md_add_input_t addin_type,
const void* v, size_t v_len)
</code></pre>
        <p class="source-line" data-source-line="34">In order to invoke
          cSHAKE with non-empty N and S parameters, after the call to <code>_gcry_md_open()</code>,
          two calls to <code>gcry_md_set_add_input()</code> have to be
          made to set N and S in that order. If data is added without
          having made these calls,
          then it will behave as normal SHAKE as required by the
          specification.</p>
      </li>
    </ul>
    <p class="source-line" data-source-line="37">Does anyone have any
      thoughts on this?</p>
    <p class="source-line" data-source-line="37">- Falko<br>
    </p>
    <p></p>
    <div class="moz-signature">-- <br>
      <!-- MTG AG HTML signature v.1.0 - Messen 2022, 2022-03-14 - Author: Andreas Cholet -->
      <p style="line-height: 1.1;"><font face="Arial"><span
            style="font-size: small; color: rgb(93, 93, 95);">
            <strong>MTG AG</strong><br>
            Dr. Falko Strenzke<br>
            Executive System Architect<br>
            <!--up to here--> </span></font></p>
      <font face="Arial">
        <p>
          <span style="font-size: small; color: rgb(93, 93, 95);">
            <span style="display:inline-block;width:4em">Phone: </span>+49
            6151 8000 24<br>
            <span style="display:inline-block;width:4em">E-Mail: </span><a class="moz-txt-link-abbreviated" href="mailto:falko.strenzke@mtg.de">falko.strenzke@mtg.de</a><br>
            <span style="display:inline-block;width:4em">Web: </span><a
              href="https://www.mtg.de" title="MTG AG Internet"
              target="_blank">mtg.de</a><br>
            <br>
            <br>
            <strong>MTG Exhibitions – See you in 2023</strong>
          </span></p>
        <font face="Arial">
          <hr
style="width:320px; text-align:left;margin-left:0; height: 0,1px">
          <a
href="https://community.e-world-essen.com/institutions/allExhibitors?query=true&keywords=mtg"
            title="Info E-world 2023" target="_blank" rel="“noopener"
            noreferrer"="">
            <img data-filename="Eworld.png"
              src="cid:part1.BZGNROLW.4v5QdZkJ@mtg.de"
              style="width:126px; margin-left: 6px"></a>
          <span style="font-size: small; color: rgb(93, 93, 95);">
            <a href="https://www.itsa365.de/de-de/companies/m/mtg-ag"
              title="Info itsa365 2023" target="_blank" rel="“noopener"
              noreferrer"="">
              <img data-filename="itsa.png"
                src="cid:part2.7MzUS0Zh.lMms6r02@mtg.de"
                style="width:83px; margin-left: 60px"></a></span></font>
        <span style="font-size: small; color: rgb(93, 93, 95);">
          <!--a href="https://www.mtg.de/de/aktuelles/Hannover-Messe-2021-IT-Security-fuer-das-IoT/" title="Mehr Informationen" target="_blank"><strong>Mehr Informationen</strong></a -->
        </span><br>
        <br>
      </font>
      <p style="line-height: 1.2;"><font face="Arial">
          <span style="font-size: x-small; color: rgb(93, 93, 95);">
            MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany<br>
            Commercial register: HRB 8901<br>
            Register Court: Amtsgericht Darmstadt<br>
            Management Board: Jürgen Ruf (CEO), Tamer Kemeröz<br>
            Chairman of the Supervisory Board: Dr. Thomas Milde<br>
            <br>
            This email may contain confidential and/or privileged
            information. If you are not the correct recipient or have
            received this email in error,
            <br>
            please inform the sender immediately and delete this email.
            Unauthorised copying or distribution of this email is not
            permitted.<br>
            <br>
            Data protection information: <a
              href="https://www.mtg.de/en/privacy-policy"
              title="MTG Privacy policy" target="_blank">Privacy policy</a>
          </span></font></p>
    </div>
  </body>
</html>