Hello,
Falko Strenzke <[email protected]> wrote:
> There is another point to consider for the design of a generic KEM API:
> the use of the public in the key derivation, which makes it necessary to
> pass the public key to the decapsulation function if one doesn't want to
> run the computation of the public key from the private key in the
> decapsulation function.
Thank you for the input.
I encounter this exact issue when I did an experiment for DHKEM(X25519,
HKDF-SHA256). Currently, it computes public key from secret key.
My experiment is here:
https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Fkem2/
This is the branch on top of master.
Last month, I created the gniibe/kem branch on top of 1.10 branch. I
need HKDF function for the DHKEM, so, I did again on top of master.
--
_______________________________________________
Gcrypt-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
