Curve is only a curve, but X is the ECDH algorithm.
@node cm-encrypted-sntrup4591761-x25519-hkdf-blake2b
@cindex cm-encrypted-sntrup4591761-x25519-hkdf-blake2b
-@nodedescription cm/encrypted with SNTRUP4591761+Curve25519+HKDF-BLAKE2b KEM
-@subsection cm/encrypted with SNTRUP4591761+Curve25519+HKDF-BLAKE2b KEM
+@nodedescription cm/encrypted with SNTRUP4591761+X25519+HKDF-BLAKE2b KEM
+@subsection cm/encrypted with SNTRUP4591761+X25519+HKDF-BLAKE2b KEM
@code{/kem/*/a} equals to "sntrup4591761-x25519-hkdf-blake2b".
Recipient public key with
Recipient map must also contain additional field:
@code{/kem/*/encap: bytes} -- concatenation of 1047 bytes of Streamlined
NTRU Prime 4591^761's ciphertext with 32 bytes of ephemeral
- Curve25519 public key.
+ X25519 public key.
- Recipient performs Curve25519 and SNTRUP computation to
+ Recipient performs X25519 and SNTRUP computation to
derive/decapsulate two 32-byte shared keys. Then it combines
them to get the KEK decryption key of the CEK.
@node cm-encrypted-mceliece6960119-x25519-hkdf-shake256
@cindex cm-encrypted-mceliece6960119-x25519-hkdf-shake256
-@nodedescription cm/encrypted with Classic McEliece 6960-119+Curve25519+HKDF-SHAKE256 KEM
-@subsection cm/encrypted with Classic McEliece 6960-119+Curve25519+HKDF-SHAKE256 KEM
+@nodedescription cm/encrypted with Classic McEliece 6960-119+X25519+HKDF-SHAKE256 KEM
+@subsection cm/encrypted with Classic McEliece 6960-119+X25519+HKDF-SHAKE256 KEM
@code{/kem/*/a} equals to "mceliece6960119-x25519-hkdf-shake256".
Recipient public key with
Recipient map must also contain additional field:
@code{/kem/*/encap: bytes} -- concatenation of 194 bytes of
Classic McEliece 6960-119 ciphertext with 32 bytes of ephemeral
- Curve25519 public key.
+ X25519 public key.
- Recipient performs Curve25519 and Classic McEliece computation to
+ Recipient performs X25519 and Classic McEliece computation to
derive/decapsulate two 32-byte shared keys. Then it combines
them to get the KEK decryption key of the CEK.
@node cm-prv-sntrup4591761-x25519
@cindex cm-prv-sntrup4591761-x25519
-@nodedescription cm/prv with SNTRUP4591761+Curve25519
-@subsection cm/prv with SNTRUP4591761+Curve25519
+@nodedescription cm/prv with SNTRUP4591761+X25519
+@subsection cm/prv with SNTRUP4591761+X25519
Concatenation of Streamlined NTRU Prime 4591^761's 1600-byte private key
- and Curve25519's 32-byte one.
+ and X25519's 32-byte one.
@code{sntrup4591761-x25519} algorithm identifier is used.
@node cm-prv-mceliece6960119-x25519
@cindex cm-prv-mceliece6960119-x25519
-@nodedescription cm/prv with Classic McEliece 6960-119+Curve25519
-@subsection cm/prv with Classic McEliece 6960-119+Curve25519
+@nodedescription cm/prv with Classic McEliece 6960-119+X25519
+@subsection cm/prv with Classic McEliece 6960-119+X25519
Concatenation of Classic McEliece 6960-119 13948-byte private key
- and Curve25519's 32-byte one.
+ and X25519's 32-byte one.
@code{mceliece6960119-x25519} algorithm identifier is used.
That is @strong{solely} intended for tasks requiring more than single
key usage. For example @url{http://www.nncpgo.org, NNCP} uses one
-curve25519 for (DH) encryption, one curve25519 for online authentication
+X25519 for (DH) encryption, one curve25519 for online authentication
and one ed25519 for signing purposes. All those three keys are used
together. That public key's key usage field must contain something like
"nncp".
@node cm-pub-sntrup4591761-x25519
@cindex cm-pub-sntrup4591761-x25519
-@nodedescription cm/pub with SNTRUP4591761+Curve25519
-@subsection cm/pub with SNTRUP4591761+Curve25519
+@nodedescription cm/pub with SNTRUP4591761+X25519
+@subsection cm/pub with SNTRUP4591761+X25519
-Combined Streamlined NTRU Prime 4591^761 and Curve25519 public keys are
+Combined Streamlined NTRU Prime 4591^761 and X25519 public keys are
used for KEM purposes, so should have "kem" key usage set.
Its algorithm identifier is @code{sntrup4591761-x25519}. Its public key
value is a concatenation of 1218-byte SNTRUP4591761 public key and
-32-byte Curve25519 one.
+32-byte X25519 one.
Public key's identifier should be calculated using BLAKE2b hash with 128
or 256 bit output length specified.
@node cm-pub-mceliece6960119-x25519
@cindex cm-pub-mceliece6960119-x25519
-@nodedescription cm/pub with Classic McEliece 6960-119+Curve25519
-@subsection cm/pub with Classic McEliece 6960-119+Curve25519
+@nodedescription cm/pub with Classic McEliece 6960-119+X25519
+@subsection cm/pub with Classic McEliece 6960-119+X25519
-Combined Classic McEliece 6960-119 and Curve25519 public keys are used
+Combined Classic McEliece 6960-119 and X25519 public keys are used
for KEM purposes, so should have "kem" key usage set.
Its algorithm identifier is @code{mceliece6960119-x25519}. Its public key
value is a concatenation of 1047319-byte @code{mceliece6960119} public key
-and 32-byte Curve25519 one.
+and 32-byte X25519 one.
Public key's identifier should be calculated using either SHAKE128 or
SHAKE256 hash.