Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defining ML-KEM and ML-DSA secret keys to be in seed format #146

Merged
merged 2 commits into from
Oct 21, 2024
Merged

Defining ML-KEM and ML-DSA secret keys to be in seed format #146

merged 2 commits into from
Oct 21, 2024

Conversation

falko-strenzke
Copy link
Collaborator

Closes #139
Closes #108

TJ-91
TJ-91 reviewed Oct 16, 2024
View reviewed changes
Copy link
Collaborator

@TJ-91 TJ-91 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me aside from one further issue. We use ML-KEM.Decaps and ML-DSA.Sign directly with the secret key (seed) which is only defined for the expanded key. For ML-KEM we would first need to call ML-KEM.KeyGen_internal to obtain the actual key that can be input to Decaps.

@falko-strenzke
Copy link
Collaborator Author

We use ML-KEM.Decaps and ML-DSA.Sign directly with the secret key (seed) which is only defined for the expanded key. For ML-KEM we would first need to call ML-KEM.KeyGen_internal to obtain the actual key that can be input to Decaps.

This is why it says in the added text to the secret key format:

Upon parsing the private key format, or before using the secret key, for the expansion of the key, the function ML-KEM.KeyGen_internal [FIPS-203] has to be invoked [...]

I think it is easier to state that where the key format is defined, because it is up to the implementation when to expand the secret key.

TJ-91
TJ-91 approved these changes Oct 16, 2024
View reviewed changes
Copy link
Collaborator

@TJ-91 TJ-91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I re-read and now agree with you. It should be sufficiently clear, especially since we clarify that mlkemSecretKey is the decapsulation key.

fluppe2
fluppe2 approved these changes Oct 17, 2024
View reviewed changes
Copy link
Collaborator

@fluppe2 fluppe2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

TJ-91
TJ-91 requested changes Oct 17, 2024
View reviewed changes
Copy link
Collaborator

@TJ-91 TJ-91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, just one minor detail: Could you add a changelog entry, Falko?

wussler
wussler approved these changes Oct 20, 2024
View reviewed changes
Copy link
Collaborator

@wussler wussler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for me, with changelog looks good!

@falko-strenzke falko-strenzke requested a review from TJ-91 October 21, 2024 06:41
@wussler wussler merged commit 0a48622 into main Oct 21, 2024
2 checks passed
lubux added a commit to ProtonMail/go-crypto that referenced this pull request Oct 21, 2024
@lubux
feat: Integrate ML-DSA seed fromat
2961a8b 
- openpgp-pqc/draft-openpgp-pqc#146
- Replace draft-ietf-openpgp-pqc-04 with draft-ietf-openpgp-pqc-05
twiss pushed a commit to ProtonMail/go-crypto that referenced this pull request Nov 8, 2024
@lubux @twiss
feat: Integrate ML-DSA seed fromat
536cfb3 
- openpgp-pqc/draft-openpgp-pqc#146
- Replace draft-ietf-openpgp-pqc-04 with draft-ietf-openpgp-pqc-05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TJ-91 TJ-91 TJ-91 approved these changes

@fluppe2 fluppe2 fluppe2 approved these changes

@wussler wussler wussler approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@falko-strenzke @wussler @fluppe2 @TJ-91