Specification for Kyber in GnuPG

Werner Koch wk at gnupg.org
Mon May 6 14:59:08 CEST 2024


On Mon,  6 May 2024 14:49, Simon Josefsson said:
> Werner Koch via Gnupg-devel <gnupg-devel at gnupg.org> writes:
>
>> +  - Prepare fixedInfo as specified above
>>  
>>    - Compute KEK := multiKeyCombine(eccKeyShare, eccCipherText,
>>      mlkemKeyShare, mlkemCipherText, fixedInfo, 256) as defined in
>> -    Section [](#KEM-Key-Combiner).
>> +    Section [](#kem-key-combiner).
>
> Where is multiKeyCombine defined?  I can't find it in

Line 6133 in the draft I posted today to librepgp-discuss
https://lists.gnupg.org/pipermail/librepgp-discuss/2024/000068.html

> draft-koch-librepgp-00 nor in your patch.  I'm happy you included the
> ciphertext in the combiner, but I'm trying to work out how strong the
> binding to the Kyber public key material this has.

That is the same as in draft-wussler-openpgp-pqc-03.txt.

> Is the source code of the file this patch is against public?  It is
> easier to review a patched version of an entire document than a patch
> against an unknown file.

git://git.gnupg.org/people/wk/rfc4880bis.git

and take rfc4880bis.md


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240506/47fdb385/attachment.sig>


More information about the Gnupg-devel mailing list