]> Cypherpunks repositories - keks.git/commitdiff
projects / keks.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 631490a)
Warn about non-PQC sender authentication
authorSergey Matveev <stargrave@stargrave.org>
Fri, 30 May 2025 19:34:20 +0000 (22:34 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Fri, 30 May 2025 19:34:20 +0000 (22:34 +0300)
spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 patch | blob | history
spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b patch | blob | history

diff --git a/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 b/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256
index 307b8ea8961229662f955e13ee880e8e70e65067fb55ae375d09e7b3bb0f74ef..5ecc89ec5caa5b40dda05287612617ef0f76a0ea910585dd82deb985224f9ffc 100644 (file)
--- a/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256
+++ b/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256
@@ -23,6 +23,12 @@ Classic McEliece 6960-119 ciphertext, with XChaCha20-Poly1305-encrypted
 Recipient performs Classic McEliece decapsulation, decrypts ephemeral
 X25519 public key, computes shared secrets, combines them and derives KEK.
 
+          ====================================================
+                                WARNING
+          ====================================================
+          Sender authentication uses only *NON*-PQ crypto!
+          ====================================================
+
     H = SHAKE256
     mceliece-ciphertext, mceliece-shared-key = KEM-Encap(mceliece-recipient-public-key)
     mceliece-shared-key = KEM-Decap(mceliece-recipient-private-key, mceliece-ciphertext)
diff --git a/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b b/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b
index 69bc6eb34efc751bdc3a8d9e4e9d0ea924675559ff04f7403e76613bf2e0eee7..2d2f27b4b11f70377b24182cfe00f4d915512a49e4be95b605f764fff509079a 100644 (file)
--- a/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b
+++ b/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b
@@ -18,6 +18,12 @@ Recipient performs X25519 and SNTRUP computations to derive/decapsulate
 two 32-byte shared keys. Then it combines them to get the KEK decryption
 key of the CEK.
 
+          ====================================================
+                                WARNING
+          ====================================================
+          Sender authentication uses only *NON*-PQ crypto!
+          ====================================================
+
     H = BLAKE2b
     PRK = HKDF-Extract(H, salt="", ikm=
         sntrup4591761-shared-key || es-x25519-shared-key ||
KEKS codec