Closed TheRebelOfBabylon closed 9 months ago
To only send the public key and not perform authentication:
let (ciphertext, shared_secret_bob) = encapsulate(&alice_keys.public, &mut rng)?;
let shared_secret_alice = decapsulate(&ciphertext, &alice_keys.secret)?;
assert_eq!(shared_secret_alice, shared_secret_bob);
Not sure what you mean by an encrypted public key. You can encapsulate the public key again with another method like x25519 to make a hybrid system but that's not in the scope of this crate. Note that this still involves sending a public key.
If there is any more questions feel free to raise another issue
encapsulate the public key again with another method like x25519
This seems to be false positive, since quantum computers can easily break ECC, it's possible to do man-in-the-middle attack which swaps Kyber public key. Since quantum computers can easily break ECC, I suggest using post-quantum PKE to encrypt Kyber public key, just use Kyber again when sending the public key or use another post-quantum cipher.
In
examples/ake.rs
we have thisTo me, this assumes Alice sends an encrypted blob (
client_send
) and her public key (clear text) to Bob in order for Bob to doserver_receive
. But what if Alice is privacy-conscious and only wants to send her public key if its encrypted? Is this possible using the current tools in this crate?