Re: [COSE] Consensus call on COSE HPKE algorithm representations

Wed, 20 Sep 2023 10:53:43 -0700 

On Wed, Sep 20, 2023 at 07:09:43PM +0200, [email protected] wrote:
> Thanks for doing the consensus call, Mike & Ivo.
> 
> We will update the document accordingly!
 
As to what changes are needed (at least):

- HPKE_sender_info needs to be replaced with a new header parameter
  (proposed name "encapsulated key") with bstr value.

  It is not possible to reuse the "ephemeral key" parameter.

- It needs to be specified that the "enc" output goes to the
  "encapsulated key" (unprotected) header parameter.

- The examples need to be updated.

- There needs to be systematic naming of the algorithms. (proposed
  'HPKE-v1-Base-{kem:x}-{kdf:x}-{aead:x}'. The HPKE names are far too
  long. {foo:x} means value of foo in lowercase hexadecimal without
  leading zeros).

- IANA considerations need updating. I would use a table for the
  COSE Algorithms Registry, as there are going to be fair bit of
  entries defined.

  The entry for header parameters is something like:

   *  Name: encapsulated key
   *  Label: TBD2 (Assumed: -4)
   *  Value type: bstr
   *  Value Registry: N/A

- COSE Elliptic Curve needs to be added for the x25519/Kyber hybrid.

  Key type is OKP.

  The public key should be concatenation of X25519 public key and
  Kyber768 v3.02 public key.

  The private key should be concatenation of X25519 private key and
  Kyber768 v3.02 private key.

  These formats are directly compatible with the HPKE KEM.

  Reference for Kyber768 v3.02:
  https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf

  (I think that is the best reference that could be used.)

  (And yes, the naming is horrible.)
 
> From: COSE <[email protected]> On Behalf Of Michael Jones
> Sent: Mittwoch, 20. September 2023 17:21
> To: cose <[email protected]>
> Subject: Re: [COSE] Consensus call on COSE HPKE algorithm representations
> 
> The consensus call has concluded.  Thanks to all who participated. 
> There was overwhelming support for the decision to use the
> ciphersuite (fully specified) approach.
> 
> 
> Editors, please update the specification accordingly.




-Ilari

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to