Re: Adding new public key KEM API

Falko Strenzke Tue, 14 Nov 2023 15:33:04 -0800

There is another point to consider for the design of a generic KEM API: the use of the public in the key derivation, which makes it necessary to pass the public key to the decapsulation function if one doesn't want to run the computation of the public key from the private key in the decapsulation function.

We are using using this now for instance in our OpenPGP PQC draft (https://github.com/openpgp-pqc/draft-openpgp-pqc/pull/66 corrects the ECC-KEM function signature regarding that matter).


- Falko

Am 24.10.23 um 08:25 schrieb NIIBE Yutaka:

Werner Koch<w...@gnupg.org>  wrote:

On Thu, 19 Oct 2023 16:37, NIIBE Yutaka said:

gcry_error_t gcry_kem_decap (int algo,
                              const void *seckey,
                              const void *ciphertext,
                              void *shared_secret);

I still don't feel comfortable without a size argument.

Assumption here (for lower level API) is:

        It's caller side (user of libgcrypt) which does static
        compile-time check against ALGO and the length of each
        byte-array.

         If not static, caller side can do run-time check, if needed,
         before the call.

Having a size argument would mean,

        libgcrypt does run-time check of the length (for each call)

I wonder if this kind of run-time check in libgcrypt is useful in lower
level API.

I could imagine having an API offering static compile-time check.  In
this case, it would provide a macro something like gcry_kem_decap_check
which has length arguments.  The ABI is gcry_kem_decap.

--

*MTG AG*
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.stren...@mtg.de
Web: mtg.de <https://www.mtg.de>

<https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false>
Follow us
------------------------------------------------------------------------

<https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> <https://www.itsa365.de/de-de/companies/m/mtg-ag>


MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted.

Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>

smime.p7s
Description: Kryptografische S/MIME-Signatur

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Adding new public key KEM API

Reply via email to