Specification for Kyber in GnuPG
Simon Josefsson
simon at josefsson.org
Mon May 6 17:06:32 CEST 2024
Werner Koch via Gnupg-devel <gnupg-devel at gnupg.org> writes:
> On Mon, 6 May 2024 14:49, Simon Josefsson said:
>> Werner Koch via Gnupg-devel <gnupg-devel at gnupg.org> writes:
>>
>>> + - Prepare fixedInfo as specified above
>>>
>>> - Compute KEK := multiKeyCombine(eccKeyShare, eccCipherText,
>>> mlkemKeyShare, mlkemCipherText, fixedInfo, 256) as defined in
>>> - Section [](#KEM-Key-Combiner).
>>> + Section [](#kem-key-combiner).
>>
>> Where is multiKeyCombine defined? I can't find it in
>
> Line 6133 in the draft I posted today to librepgp-discuss
> https://lists.gnupg.org/pipermail/librepgp-discuss/2024/000068.html
Thank you! As far as I can tell this doesn't strongly bind eccPublicKey
and mlkemPublicKey to the KEK which may complicate a security proof.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240506/ed5a1c1c/attachment.sig>
More information about the Gnupg-devel
mailing list