From: Sergey Matveev Date: Fri, 30 May 2025 19:34:20 +0000 (+0300) Subject: Warn about non-PQC sender authentication X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=e26bba3bcc618054829c0807a36eceea3a754b8b369922c13ca9cfa9635a58f7;p=keks.git Warn about non-PQC sender authentication --- diff --git a/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 b/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 index 307b8ea..5ecc89e 100644 --- a/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 +++ b/spec/cm/kem/mceliece6960119-x25519-hkdf-shake256 @@ -23,6 +23,12 @@ Classic McEliece 6960-119 ciphertext, with XChaCha20-Poly1305-encrypted Recipient performs Classic McEliece decapsulation, decrypts ephemeral X25519 public key, computes shared secrets, combines them and derives KEK. + ==================================================== + WARNING + ==================================================== + Sender authentication uses only *NON*-PQ crypto! + ==================================================== + H = SHAKE256 mceliece-ciphertext, mceliece-shared-key = KEM-Encap(mceliece-recipient-public-key) mceliece-shared-key = KEM-Decap(mceliece-recipient-private-key, mceliece-ciphertext) diff --git a/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b b/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b index 69bc6eb..2d2f27b 100644 --- a/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b +++ b/spec/cm/kem/sntrup4591761-x25519-hkdf-blake2b @@ -18,6 +18,12 @@ Recipient performs X25519 and SNTRUP computations to derive/decapsulate two 32-byte shared keys. Then it combines them to get the KEK decryption key of the CEK. + ==================================================== + WARNING + ==================================================== + Sender authentication uses only *NON*-PQ crypto! + ==================================================== + H = BLAKE2b PRK = HKDF-Extract(H, salt="", ikm= sntrup4591761-shared-key || es-x25519-shared-key ||