Prehashing of Classical McEliece public keys

diff --git a/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi b/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi
index 0eaae37e281a4ec853a86c4ef8ae830ebf5605f3d279647379806e35a9ab7d70..6af3a206f2039012ca980b19f88a96b24464a265168d1473ae76e93b6c1a97a0 100644 (file)
--- a/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi
+++ b/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi
@@ -31,3 +31,7 @@ KEK = HKDF-Expand(SHAKE256, prk=PRK,
 HKDF is KDF algorithm,
 @url{https://datatracker.ietf.org/doc/html/rfc5869.html, RFC 5869}.
 @url{https://keccak.team/, SHAKE} is a XOF function.
+
+If sender/recipient's public key structure contains
+@code{/load/v/prehash} field, then it could be used as already
+calculated values of SHAKE256 calls of PRK.

diff --git a/spec/cm/pub.texi b/spec/cm/pub.texi
index b92eb626274f0707350a976a2b00f4c6df369b36c2d8aef44d0d90e2526f9a17..5de604de35c4f127bf21be2669fb92f62c3e0680a39cd9b97cbb5da8d83faf01 100644 (file)
--- a/spec/cm/pub.texi
+++ b/spec/cm/pub.texi
@@ -173,3 +173,8 @@ Example minimal certified public key may look like:
     @url{https://datatracker.ietf.org/doc/html/rfc7748.html, RFC 7748}.
     @url{https://classic.mceliece.org/, Classic McEliece} is KEM algorithm.
     @url{https://keccak.team/, SHAKE} is a XOF function.
+
+    Optional @code{/load/v/prehash} field can contain the SHAKE256 hash
+    of the concatenated public keys in @code{/load/v/pub/0}, that could
+    save resources during @ref{kem-mceliece6960119-x25519-hkdf-shake256}
+    KDF calculations.