Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify private key format for ML-KEM and ML-DSA when switching to FIPS final versions #108

Closed
falko-strenzke opened this issue Apr 30, 2024 · 3 comments · Fixed by #146
Closed

Specify private key format for ML-KEM and ML-DSA when switching to FIPS final versions #108

falko-strenzke opened this issue Apr 30, 2024 · 3 comments · Fixed by #146
Assignees
@falko-strenzke
Labels
NIST final std.

Comments

@falko-strenzke
Copy link
Collaborator

Based on what was announced, NIST' s final standard for the ML-KEM and ML-DSA will enable private keys in seed format. Currently, the draft only refers to the NIST standard for the private key format. Thus this needs more specification, and it might be relevant to specify in the draft:

  • what is the single (?) secret key format in the NIST standard, that the draft is referring to
    • alternative option: that seed format is also possible for private keys (?)
  • that a private key in expanded format needs to be checked for consistency before usage
@falko-strenzke
Copy link
Collaborator Author

This is relevant only for ML-KEM, since FIPS 204 does not explicitly mention the seed format for the private key.

@falko-strenzke falko-strenzke changed the title Specify private key format for ML-* depending on final standard Specify private key format for ML-KEM depending on final standard Aug 22, 2024
@falko-strenzke falko-strenzke changed the title Specify private key format for ML-KEM depending on final standard Specify private key format for ML-KEM when switching to FIPS final versions Aug 22, 2024
@falko-strenzke
Copy link
Collaborator Author

LAMPS has decided to use the seed format of the private key format as the transfer format: https://mailarchive.ietf.org/arch/msg/spasm/KPg3lbPeNms2H5PNDBt0iJByuE0/

@falko-strenzke
Copy link
Collaborator Author

It seems that for ML-DSA, Botan will also offer only the seed format: randombit/botan#4270 (comment)

@falko-strenzke falko-strenzke changed the title Specify private key format for ML-KEM when switching to FIPS final versions Specify private key format for ML-KEM and ML-DSA when switching to FIPS final versions Sep 26, 2024
@falko-strenzke falko-strenzke mentioned this issue Sep 26, 2024
Closed
@falko-strenzke falko-strenzke mentioned this issue Oct 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@falko-strenzke falko-strenzke

Labels
NIST final std.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Defining ML-KEM and ML-DSA secret keys to be in seed format openpgp-pqc/draft-openpgp-pqc
1 participant
@falko-strenzke