> The NIST Kyber patent license only grants you a license to use ML-KEM > when implemented according to NIST specifications. > > If you deviate, such as by taking the defense-in-depth approach to hash > m to improve robustness against a compromised PRNG, the NIST patent > license does not cover your usage.
Hi Simon! I appreciate the warning and I am well aware. Maybe you providing this information is helpful for others on the list but it is simply not relevant to Katzenpost since we have no commercial pursuit, we are not titans of the industry, and furthermore we do not force users to use any particular KEM. Any KEM can be used via specifying it in configuration files. Novel KEMs can also be created via our KEM combiner. In light of all of this, I am merely stating that pretty soon when I get around to it, I will make a modified Kyber that hashes m. And this will be made OPTIONALLY available for use in Katzenpost if users choose to use it; and in this context "users" means mixnet operators. Best regards, David > People in the IETF used to prefer patent un-encumbered technology, but > things are different today. > > https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/selected-algos-2022/nist-pqc-license-summary-and-excerpts.pdf > > /Simon _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
