Brian: I am willing to assist on the GMAC document.
Any reason not to do KMAC as well? See RFC 8702. I would think that KMAC with SHAKE128 (outputs 256 bits with no customization string) and KMAC with SHAKE256 (outputs 512 bitswith no customization string). I am willing to consider other parameter choices if people see a need. Russ > On Jul 19, 2024, at 11:28 AM, Sipos, Brian J. <[email protected]> wrote: > > All, > I was looking in the COSE algorithms registry [1] for any existing > allocations for GMAC uses but don’t see any. My reason for looking was that > in some hardware-accelerated environments AES-GCM is faster than HMAC > processing, so a GMAC would also benefit from the acceleration. > I expect that a COSE use of AES-GMAC would look similar to the use in CMS [2] > except that COSE algorithms typically combine options like authentication tag > size into a single code point, so an initial thought would be max-length tags > like: AES-GMAC 128/128, AES-GMAC 192/128, AES-GMAC 256/128 > > Would there be WG interest in allocating GMAC algorithms in the near-term > time supporting max-length tags? > Thanks, > Brian S. > > [1] https://www.iana.org/assignments/cose/cose.xhtml#algorithms > [2] https://datatracker.ietf.org/doc/html/rfc9044 >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
