On Tue, Dec 02, 2025 at 01:41:25PM +0530, tirumal reddy wrote: > With JWE HPKE, we already need 2 (Integrated and Key Encryption). But with > AKP, because alg includes KEM + KDF + AEAD, the same KEM key would require > many key objects. For example, with 3 KDFs and 2 AEADs, that becomes 6 > representations instead of 2. That extra proliferation is what I want to > avoid.
KEM/KDF are expected to be tied together. So 6 is very unlikely. However, there is still oppurtunity for very annoying broken combinatorial explosions. E.g., IE/KE and AES/Chacha. Broken combinatorial explosions are much worse than clean ones, as complexity grows multiplicatively instead of additively. And yes, this kind of proliferation should be avoided. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
