> The NIST Kyber patent license only grants you a license to use ML-KEM
> when implemented according to NIST specifications.
>
> If you deviate, such as by taking the defense-in-depth approach to hash
> m to improve robustness against a compromised PRNG, the NIST patent
> license does not cover your usage.

Hi Simon!

I appreciate the warning and I am well aware. Maybe you providing this
information is helpful for others on the list but it is simply not
relevant to Katzenpost since we have no commercial pursuit, we are not
titans of the industry, and furthermore we do not force users to use
any particular KEM. Any KEM can be used via specifying it in
configuration files. Novel KEMs can also be created via our KEM
combiner. In light of all of this, I am merely stating that pretty
soon when I get around to it, I will make a modified Kyber that hashes
m. And this will be made OPTIONALLY available for use in Katzenpost if
users choose to use it; and in this context "users" means mixnet
operators.

Best regards,
David

> People in the IETF used to prefer patent un-encumbered technology, but
> things are different today.
>
> https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/selected-algos-2022/nist-pqc-license-summary-and-excerpts.pdf
>
> /Simon

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to