Add an algorithm OID for X-Wing

[codespree]

Hi folks,

After doing some reading, I found X-Wing is exactly what I was looking for. https://datatracker.ietf.org/doc/html/draft-connolly-cfrg-xwing-kem-04

I have implemented it here: https://github.com/codespree/quantcrypt/blob/main/src/kem/xwing.rs

Its use in HPKE is also clearly evident from the draft as are the fixed sized outputs.

However, in my use-case, I also need to have the public key signed (i.e. have a certificate) containing the X-Wing public key.

The draft doesn't define use in Internet X.509 Public Key Infrastructure, however, I think this could be a good addition to the draft.

At the very least, all that is required is a top level Algorithm identifier OID for X-Wing.

That would allow putting the public key in an ASN.1 structure: PublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, PublicKey BIT STRING } which could go inside a certificate

For the private key, we could use the OneAsymmetricKey (OAK) structure as per normal.

This would provide a means of having a signed encapsulation key for the X-Wing KEM which is included in a certificate.

Then, the KEM could be used in HPKE as per normal, but with a certificate available for the encapsulating key to ascertain its authenticity.

Do you think the assignment of the OID and a brief note on X-Wing's use in Internet X.509 Public Key Infrastructure would be something the authors would consider?

@dconnolly @bwesterb @raphaelrobert

[bwesterb]

Thanks for the suggestion. We'll assign an OID and add guidance on how to use in X509 certificates (similar to for ML-KEM), when we've frozen X-Wing. I hope that won't be long anymore. By the way, we just made two backwards incompatible changes to the X-Wing specification.