Open chris-wood opened 3 weeks ago
The generic combiner effectively shoves everything into a KDF to produce a new shared secret, e.g.:
ss = KDF(mlkemSS || tradSS || tradCT || tradPK || Domain)
However, for HKDF-based KDFs, this simply doesn't make sense. HKDF requires multiple inputs, not just a single input (mlkemSS || tradSS || tradCT || tradPK || Domain). As it stands, none of the HKDF-based variants in table 2 can be implemented.
mlkemSS || tradSS || tradCT || tradPK || Domain
The generic combiner effectively shoves everything into a KDF to produce a new shared secret, e.g.:
However, for HKDF-based KDFs, this simply doesn't make sense. HKDF requires multiple inputs, not just a single input (
mlkemSS || tradSS || tradCT || tradPK || Domain). As it stands, none of the HKDF-based variants in table 2 can be implemented.