Add missing parameter to ECC-KEM

openpgp-pqc / draft-openpgp-pqc

Repository of the WIP draft-ietf-openpgp-pqc

Other

8 stars 2 forks source link

Add missing parameter to ECC-KEM #66

Closed wussler closed 7 months ago

wussler commented 10 months ago

The eccPublicKey parameter is also used into the KDF, therefore required for the decaps

wussler commented 10 months ago

@fluppe2

Option 2 will trigger some changes in implementations as it would change the specification of the secret key material packet.

This would probably make it less OpenPGP-like but definitely makes it easy to verify the keys against KOpenpgp attacks

TJ-91 commented 10 months ago

Personally, I prefer option 1) since it seems like the "obvious approach". For 2) I feel like we need some justification. IMO KOpenpgp attacks should be mitigated on a different level: use authenticated encryption (which is introduced in the Crypto Refresh).