Update to final version of ML-KEM, and use seed as decapsulation key.

dconnolly / draft-connolly-cfrg-xwing-kem

I-D for a general purpose KEM (key encapsulation mechanism) that includes a hash at the end

Other

8 stars 5 forks source link

Update to final version of ML-KEM, and use seed as decapsulation key. #19

Closed bwesterb closed 3 months ago

sophieschmieg commented 3 months ago

LGTM.

We do need a separate proof for the combined KEM, using the fact that we include the X25519 public key and ephemeral public key, otherwise we do not get HON-BIND-K-PK/HON-BIND-K-CT. We could also shorten the list of misbinding properties to only list the MAL-BIND properties, since the others are true a fortiori.

dconnolly commented 3 months ago

LGTM.

We do need a separate proof for the combined KEM, using the fact that we include the X25519 public key and ephemeral public key, otherwise we do not get HON-BIND-K-PK/HON-BIND-K-CT. We could also shorten the list of misbinding properties to only list the MAL-BIND properties, since the others are true a fortiori.

@bwesterb we should update the eprint with the MAL-BIND proof(s)