Thanks to Julia, it became clear that the multi-collision algorithm from their PO attacks paper can easily be adapted to use a different nonce per key. Thus, PO attacks stay relevant for HPKE.
I wish IRTF drafts would support footnotes; then, I would just add it as a footnote. Now I am not sure how to best incorporate this note.
Thanks to Julia, it became clear that the multi-collision algorithm from their PO attacks paper can easily be adapted to use a different nonce per key. Thus, PO attacks stay relevant for HPKE.
I wish IRTF drafts would support footnotes; then, I would just add it as a footnote. Now I am not sure how to best incorporate this note.