From 0fd5ab94913ea72e28c8223f6da3d2f6058de04f745d692e0f42b494f9ef6781 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Tue, 18 Mar 2025 11:14:08 +0300
Subject: [PATCH] Prehashing of Classical McEliece public keys

---
 spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi | 4 ++++
 spec/cm/pub.texi                                      | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi b/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi
index 0eaae37..6af3a20 100644
--- a/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi
+++ b/spec/cm/kem-mceliece6960119-x25519-hkdf-shake256.texi
@@ -31,3 +31,7 @@ KEK = HKDF-Expand(SHAKE256, prk=PRK,
 HKDF is KDF algorithm,
 @url{https://datatracker.ietf.org/doc/html/rfc5869.html, RFC 5869}.
 @url{https://keccak.team/, SHAKE} is a XOF function.
+
+If sender/recipient's public key structure contains
+@code{/load/v/prehash} field, then it could be used as already
+calculated values of SHAKE256 calls of PRK.
diff --git a/spec/cm/pub.texi b/spec/cm/pub.texi
index b92eb62..5de604d 100644
--- a/spec/cm/pub.texi
+++ b/spec/cm/pub.texi
@@ -173,3 +173,8 @@ Example minimal certified public key may look like:
     @url{https://datatracker.ietf.org/doc/html/rfc7748.html, RFC 7748}.
     @url{https://classic.mceliece.org/, Classic McEliece} is KEM algorithm.
     @url{https://keccak.team/, SHAKE} is a XOF function.
+
+    Optional @code{/load/v/prehash} field can contain the SHAKE256 hash
+    of the concatenated public keys in @code{/load/v/pub/0}, that could
+    save resources during @ref{kem-mceliece6960119-x25519-hkdf-shake256}
+    KDF calculations.
-- 
2.48.1