-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spell out the hash functions in each Method Name subsection #9
Comments
Imo, the method name should define it, just in case there are newly discovers concerns with the hash and in order to align the KEM security levels with the hash security level. |
I'm not sure what you mean by defined in the "PQ-hybrid abstraction" -- do you mean that this document would specify that all PQ-hybrids use a specific hash function? That seems odd to me. For other key exchange methods, RFC 4253 has the method name include the group name and the hash (e.g., |
It was a thought we discussed with Torben about hardcoding the hash function in the 2.1 PQ-hybrid Key Exchange Method Abstraction section. Like saying that every time we do hybrid we will use hash XYZ. But I agree, that does not make much sense. We ought define the hash in the method name.
|
There is two things to consider:
Assuming a common interface, we can define the input as an "abstract" thing that applies to all methods (it depends on the messages being send). The algorithm choice will be in the specification that instantiates the key exchange method. My line of thought was a route similar to what the OPAQUE IETF follows: modular design where you plug in algorithms. If we only have very few instantiations, that modularity might not make sense. Thoughts? |
We could define the hash function in the PQ-hybrid abstraction and say all PQ-hybrid exchanges will use that hash. Or we could define the hash in the Method Name.The text was updated successfully, but these errors were encountered: