search

lamps-wg / draft-composite-kem

IETF draft specifying PQC composite KEM algorithms for use in X.509 and CMS
Other
6 stars 3 forks source link

SHA2 and SHA3 combinations #51

Closed ounsworth closed 2 months ago

ounsworth commented 3 months ago

The authors suggest, rather than 2x'ing the whole list, we do the following:

All RSA combinations use HKDF-SHA2. Each of the P256 and brainpoolP256 combinations are offered with both SHA3 (to align with X-Wing), and HKDF-SHA2. The new list would then be:

| Composite KEM                     | KDF       |
|---------                          | --------  |
| id-MLKEM512-ECDH-P256             | SHA3-256  |
| id-MLKEM512-ECDH-P256             | HKDF-SHA2 |
| id-MLKEM512-ECDH-brainpoolP256r1  | SHA3-256  |
| id-MLKEM512-ECDH-brainpoolP256r1  | HKDF-SHA2 |
| id-MLKEM512-X25519                | SHA3-256  |
| id-MLKEM512-RSA2048               | HKDF-SHA2 |
| id-MLKEM512-RSA3072               | HKDF-SHA2 |
| id-MLKEM512-RSA4096            | HKDF-SHA2 |
| id-MLKEM768-ECDH-P256             | SHA3-384  |
| id-MLKEM768-ECDH-P256             | HKDF-SHA2 |
| id-MLKEM768-ECDH-brainpoolP256r1  | SHA3-384  |
| id-MLKEM768-ECDH-brainpoolP256r1  | HKDF-SHA2 |
| id-MLKEM768-X25519                | SHA3-384  |
| id-MLKEM1024-ECDH-P384            | SHA3-512  |
| id-MLKEM1024-ECDH-brainpoolP384r1 | SHA3-512  |
| id-MLKEM1024-X448                 | SHA3-512  |
{: #tab-kem-algs title="Composite KEM key types"}