search

dconnolly / draft-connolly-cfrg-xwing-kem

I-D for a general purpose KEM (key encapsulation mechanism) that includes a hash at the end
Other
8 stars 5 forks source link

KeyGen and KeyGen_internal mixed up in Section 4 #20

Closed FiloSottile closed 2 months ago

FiloSottile commented 2 months ago

Section 4 says X-Wing relies on ML-KEM-768.KeyGen and that to generate deterministic test vectors, we also use ML-KEM-768.KeyGen_internal. In the latest version, the former is not used and the latter is used in "production". (Which is good!)

FiloSottile commented 2 months ago

Also, aren't UnpackDecapsulationKey and GenerateKeyPairDerand the same function?

bwesterb commented 2 months ago

Section 4 says X-Wing relies on ML-KEM-768.KeyGen and that to generate deterministic test vectors, we also use ML-KEM-768.KeyGen_internal. In the latest version, the former is not used and the latter is used in "production". (Which is good!)

Whoops, corrected, thanks.

Also, aren't UnpackDecapsulationKey and GenerateKeyPairDerand the same function?

In a typical X-Wing implementation they'd be very close, but for RSA you have a reasonable implementation where they wouldn't. There GenerateKeyPairDerand would take a seed, and then increment two nonces until they find the primes. The decapsulation key would be the seed and the two nonces.

FiloSottile commented 2 months ago

In a typical X-Wing implementation they'd be very close, but for RSA you have a reasonable implementation where they wouldn't. There GenerateKeyPairDerand would take a seed, and then increment two nonces until they find the primes. The decapsulation key would be the seed and the two nonces.

Oh yeah for sure not all KEMs use seeds as decapsulation keys, but XWing does, so reading only this spec it’s weird to see an undefined function be referenced which just happens to be the same as a differently named function.

bwesterb commented 2 months ago

Ah, I was speaking about such an API in general, but I see now it's confusing. Rephrased.