Add table of PK, CT sizes

[ounsworth]

https://mailarchive.ietf.org/arch/msg/spasm/zfWx5fYjvuvohTOI7asQG4m-NDI/

Hi Mike,

Your draft: https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem/ could do with table on Npk, Nsk, and NSig sizes. Such tables greatly help in implementation.

The idea is from RFC 9180, Section 7.1 https://datatracker.ietf.org/doc/rfc9180/

[image: image.png]

The details of the calculations can be found here:

https://github.com/codespree/quantcrypt/blob/main/additional_info_keysize.md

All the best, Varun

In my opinion, we should get sample keys, signatures, and ciphertexts for all algorithms, and then measure them. This sounds like a hackathon project.

[ZPDSSAI]

Hi Mike,

I am Peiduo and I am from Varun(@codespree)'s team. We have computed the public key, secrete key and signature lengths for ML-DSA and its composite variations, and the public key, secrete key, shared secret, and cipher text lengths for ML-KEM and its composite variations. The full table documentation, together with notes on overhead computation, can be found in our project repo here.

Please check if the tables meet the requirement of this issue :)

Best regards, Zhao Peiduo