Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: include PK and CT in the KDF?
Kris Kwiatkowski <kris@amongbytes.com> Thu, 11 April 2024 22:46 UTC
Return-Path: <kris@amongbytes.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E492C14F6BD for <pqc@ietfa.amsl.com>; Thu, 11 Apr 2024 15:46:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHFs3URT5G5q for <pqc@ietfa.amsl.com>; Thu, 11 Apr 2024 15:46:32 -0700 (PDT)
Received: from 5.mo579.mail-out.ovh.net (5.mo579.mail-out.ovh.net [46.105.34.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 440BBC14F68C for <pqc@ietf.org>; Thu, 11 Apr 2024 15:46:31 -0700 (PDT)
Received: from mxplan8.mail.ovh.net (unknown [10.109.148.157]) by mo579.mail-out.ovh.net (Postfix) with ESMTPS id 4VFvv85GKJz1H84 for <pqc@ietf.org>; Thu, 11 Apr 2024 22:46:28 +0000 (UTC)
Received: from amongbytes.com (37.59.142.95) by mxplan8.mail.ovh.net (172.16.2.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2507.37; Fri, 12 Apr 2024 00:46:28 +0200
Authentication-Results: garm.ovh; auth=pass (GARM-95G0011118bdbe-8e73-4e2f-8d12-96104d064ed1, CE76D8ED8A89D578EF5C2B42120B7EBD3CFE08B4) smtp.auth=kris@amongbytes.com
X-OVh-ClientIp: 62.30.61.232
Content-Type: multipart/alternative; boundary="------------CLgl3k90b8nVD83XRdbOqmVz"
Message-ID: <4dedd695-3fa7-4bcb-8823-3b6a33248aaa@amongbytes.com>
Date: Thu, 11 Apr 2024 23:46:27 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: pqc@ietf.org
References: <CAFR824w0rBfxGzCJrSZ3f45Lyn7SEVLZK6cM9ZaZVHVPujs-5g@mail.gmail.com> <A31C1C09-297F-4C4A-837E-FD2A703AD96F@vigilsec.com> <CH0PR11MB57391B1E18D87AEB8D9519EE9F052@CH0PR11MB5739.namprd11.prod.outlook.com> <CAFR824ybzCDY-C1cXFHcUhgZ-m8wgqgw4eCNoCraX7sPNNxC6g@mail.gmail.com>
Content-Language: en-GB
From: Kris Kwiatkowski <kris@amongbytes.com>
In-Reply-To: <CAFR824ybzCDY-C1cXFHcUhgZ-m8wgqgw4eCNoCraX7sPNNxC6g@mail.gmail.com>
X-Ovh-Tracer-GUID: 29204a6a-9c56-44c2-abef-67587f34bb23
X-Ovh-Tracer-Id: 7513130079225757463
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvledrudehledgudehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpegtkfffgggfuffvfhfhjgesrgdtreertddvjeenucfhrhhomhepmfhrihhsucfmfihirghtkhhofihskhhiuceokhhrihhssegrmhhonhhgsgihthgvshdrtghomheqnecuggftrfgrthhtvghrnhepudffkeeitedtteeijeefhfdtheelveejhffhhfefleehieekledtteetfffgvdegnecukfhppeduvdejrddtrddtrddupdeivddrfedtrdeiuddrvdefvddpfeejrdehledrudegvddrleehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehkrhhishesrghmohhnghgshihtvghsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepphhqtgesihgvthhfrdhorhhgpdfovfetjfhoshhtpehmohehjeelpdhmohguvgepshhmthhpohhuth
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/AydyCj9ay5MwKFy8EchvKExyePk>
Subject: Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: include PK and CT in the KDF?
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 22:46:34 -0000
On 11/04/2024 23:10, Deirdre Connolly wrote: > and is apparently FIPS-compatible even now? I think it is a bit unclear (except if I'm missing something). Indeed, FIPS-203 says that implementation doesn't have to follow the spec as long as implementation produces same results (see 3.3 "Equivalent implementations" and definition of "equivalent process"). But as far as I can see, the format of the key must be preserved. It would be clearer if FIPS-203 clearly states that "ek||H(ek)" doesn't have to be a part of the "dk" (algorithm 15, line 4).
- Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: inclu… Mike Ounsworth
- Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: inclu… Deirdre Connolly
- Re: [Pqc] [Ext] [EXTERNAL] Re: [lamps] CMS Kyber:… Paul Hoffman
- Re: [Pqc] [Ext] [EXTERNAL] Re: [lamps] CMS Kyber:… Deirdre Connolly
- Re: [Pqc] [Ext] [EXTERNAL] Re: [lamps] CMS Kyber:… Paul Hoffman
- Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: inclu… Kris Kwiatkowski
- Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: inclu… Deirdre Connolly
- Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: inclu… tirumal reddy
- Re: [Pqc] [lamps] [EXTERNAL] Re: CMS Kyber: inclu… Ilari Liusvaara
- Re: [Pqc] [lamps] [EXTERNAL] Re: CMS Kyber: inclu… Sophie Schmieg
- Re: [Pqc] [lamps] [EXTERNAL] Re: CMS Kyber: inclu… Deirdre Connolly
- Re: [Pqc] [lamps] [EXTERNAL] Re: CMS Kyber: inclu… Ilari Liusvaara
- Re: [Pqc] [CFRG] [lamps] [EXTERNAL] Re: CMS Kyber… Deirdre Connolly
- Re: [Pqc] [CFRG] [lamps] [EXTERNAL] Re: CMS Kyber… Ilari Liusvaara
- Re: [Pqc] [lamps] [EXTERNAL] Re: CMS Kyber: inclu… Michael Richardson
- Re: [Pqc] [lamps] [EXTERNAL] Re: CMS Kyber: inclu… Deirdre Connolly