IETF Logo Mail Archive

Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: include PK and CT in the KDF?

Deirdre Connolly <durumcrustulum@gmail.com> Thu, 11 April 2024 22:49 UTC

Return-Path: <neried7@gmail.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8698AC14F6BD for <pqc@ietfa.amsl.com>; Thu, 11 Apr 2024 15:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.844
X-Spam-Level:
X-Spam-Status: No, score=-1.844 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pst-VbaKxyHm for <pqc@ietfa.amsl.com>; Thu, 11 Apr 2024 15:49:14 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E42DBC14F68C for <pqc@ietf.org>; Thu, 11 Apr 2024 15:49:14 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-56e69a51a33so277088a12.1 for <pqc@ietf.org>; Thu, 11 Apr 2024 15:49:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712875753; x=1713480553; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dJLMdVtcix9tArY+PlVIPYLD4KwzmAEv6aDREvmuOIc=; b=blL8zJ21Oxk6BfgUkiasFajgcfnJ2JL+bTeWrLUH+nHDsJQ+YmfvWIcIzmy4AXbpOy bONx76AF5mVY3X/kTpYk1qUfAKq5b2VuSpr/UraYMd+j8/Xm8hZ9ugFNtYHD0/hHa10N DQ64R3dNr3SrgWylnWk/Jpgl/e1hMrY+58pUmDBHXI0qmCRJm+pzVtZAvdFa/0Wqrg8+ z21Dz4UoVsrP7IKp2b1Sv/iRYe8JQHbqsIFD4D50cvafgh1TG3Q5cM7RWURv71iL8ltb h1xotz9eTdWfcccbxIqeM399ZNtZ9ZCvABrZ+C2RDiz6XxZ8sxv/TOocsInUhJCrkKIZ J9hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712875753; x=1713480553; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dJLMdVtcix9tArY+PlVIPYLD4KwzmAEv6aDREvmuOIc=; b=YoNPw9WZi2Y8PCUjNtW+6fZw35OkE6E5mlo5YXLdoPFTHX8OKZFu4olsJbrLdBqrmt YKCU9HyRSds6VtRNXUg/+QJPY7rZkdLl2a0+oGhsogivzcZOrUiZjGphsVlDeGtjh+84 mRlByphGHCW4r0ZDUP+UoNUgqf5AbPCOg5T6irzbK28Bcp3ZgNC1Np2zdHQ3U4OzQ/0w 67pJ3R8ybu3xKtwgFRxG98b8wVGfZYJPP790rPWXG9L3X3+eUCgNr+JxenBTUNIquOon fVf0gAJhQTwbju8XP6wNEBfRMa0XOMi4ZziEqNatOxn8XVmLpfwo9R6Uhquv0y8efwkH xsvQ==
X-Gm-Message-State: AOJu0YzadXDh6OgjXJGzLUN4Tt8l1wGqc1TFfrGefZKknprKrWCqWxSN C8DzlQiPXQVCsSkO5DxEaJvd7S7mxx33GQtt6z8Vkj7EYPhzKBePuhsHTIfCHYMtw9jnbhaPDsB MgMRq83qIaC0ib37cMdFEbx5wPlBikw==
X-Google-Smtp-Source: AGHT+IHM76n0EnPXZfLFTEb4As2liooyx0btDGNXWjTosDwlSqrhskXo59jy8nsU7hR/wgFcGgM94GLQen1HoVCfEl8=
X-Received: by 2002:a50:9f86:0:b0:56d:fb8c:de6b with SMTP id c6-20020a509f86000000b0056dfb8cde6bmr821260edf.6.1712875752897; Thu, 11 Apr 2024 15:49:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAFR824w0rBfxGzCJrSZ3f45Lyn7SEVLZK6cM9ZaZVHVPujs-5g@mail.gmail.com> <A31C1C09-297F-4C4A-837E-FD2A703AD96F@vigilsec.com> <CH0PR11MB57391B1E18D87AEB8D9519EE9F052@CH0PR11MB5739.namprd11.prod.outlook.com> <CAFR824ybzCDY-C1cXFHcUhgZ-m8wgqgw4eCNoCraX7sPNNxC6g@mail.gmail.com> <4dedd695-3fa7-4bcb-8823-3b6a33248aaa@amongbytes.com>
In-Reply-To: <4dedd695-3fa7-4bcb-8823-3b6a33248aaa@amongbytes.com>
From: Deirdre Connolly <durumcrustulum@gmail.com>
Date: Thu, 11 Apr 2024 18:49:02 -0400
Message-ID: <CAFR824z1cjgCJ39eqv6ynmKAY1Sb3=8_H-iAp39mcOb77+NipQ@mail.gmail.com>
To: Kris Kwiatkowski <kris@amongbytes.com>
Cc: pqc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000cbc3d90615d9f669"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/jrHh7cpCNt3JRBl8pjI5JBbK6EA>
Subject: Re: [Pqc] [EXTERNAL] Re: [lamps] CMS Kyber: include PK and CT in the KDF?
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 22:49:15 -0000

> It would be clearer if FIPS-203 clearly states that "ek||H(ek)" doesn't
have to be a part of the "dk" (algorithm 15, line 4).

Agreed, and expressed as much to NIST people here at the PQC conf, but need
to follow up as official comments, along with other stuff

On Thu, Apr 11, 2024, 6:46 PM Kris Kwiatkowski <kris@amongbytes.com> wrote:

> On 11/04/2024 23:10, Deirdre Connolly wrote:
>
> and is apparently FIPS-compatible even now?
>
> I think it is a bit unclear (except if I'm missing something). Indeed,
> FIPS-203 says that implementation doesn't have to follow the spec as long
> as implementation produces same results (see 3.3 "Equivalent
> implementations" and definition of "equivalent process"). But as far as I
> can see, the format of the key must be preserved.
> It would be clearer if FIPS-203 clearly states that "ek||H(ek)" doesn't
> have to be a part of the "dk" (algorithm 15, line 4).
> --
> Pqc mailing list
> Pqc@ietf.org
> https://www.ietf.org/mailman/listinfo/pqc
>

v2.23.0 | Report a Bug | By Email