-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support derivation of KEM key pairs #2003
Comments
Hi @bifurcation, please see #1206 and #1877—it may be the case that this in-progress (admittedly stalled due to other priorities) work addresses or partially addresses the use case. Your insight on the approach taken in that draft PR would be very welcome! |
That sounds like a technically doable approach. As the "copy_from_upstream" tooling is not exactly well documented and meant just for internal use, the best proposal I can make right now is point you to #1919 which shows the "tooling in action" adding an API to all algs: Everything starts with "copy_from_upstream.py" reading the config and applying all patches (if needed) and running the jinja2 fragments below the scripts/copy_from_upstream folder (one file each for each main source code file with template code)... The general approach (of adding yet another API) is one I don't feel competent enough to comment on right now without understanding the protocols you mention. As you mention TLS though, I've got to ask how this is supposed to wind up in that protocol (by way of oqsprovider to OpenSSL or some other mechanism/some other TLS software)? |
I'll also drop this link regarding copy_from_upstream documentation: https://github.com/open-quantum-safe/liboqs/wiki/Patching-upstream-sources This doesn't thoroughly document the script itself, but it does explain fairly well how to use it, which helps with understanding the code. |
In #1994, we have been discussing adding support for the "seed" format of ML-KEM keys. As I looked into implementation, it occurred to me that the approach outlined in that issue is not sufficient for implementing HPKE and protocols such as MLS and TLS ECH that rely on it. The proposed solution here is to add a "derive key pair" method to the KEM interface, that would provide the correspondingly-named function in the HPKE specification.
The addition to the KEM struct would be something like:
This approach would support HPKE and downstream protocols, and would remove the need for a separate ML-KEM instance based on the seed, since the application could expand the seed themselves.
It seems like the major challenge here would be addressing all the existing KEMs. I'm not all that familiar with the
copy_from_upstream
tooling, but presumably we would add a parameter to the YAML file to point to an implementation of this method. If we could generate a default "always return failure" function when that parameter isn't present, it seems like that would enable a smooth migration.The text was updated successfully, but these errors were encountered: