Skip to content

Commit

Permalink
Add note on HKDF
Browse files Browse the repository at this point in the history
  • Loading branch information
@bwesterb
bwesterb committed Nov 15, 2023
1 parent e88a950 commit ba1dbe7
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions draft-connolly-cfrg-xwing-kem.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,9 @@ hybrid KEM, that should be suitable for the vast majority of use cases.
By making concrete choices, we can simplify and improve many aspects of X-Wing
as compared to a more generic combiner.

* Simplicity of definition: because all shared secrets and cipher texts are
fixed length, we do not need to encode the length.
* Simplicity of definition. Because all shared secrets and cipher texts are
fixed length, we do not need to encode the length. Using SHA3-256,
we do not need HMAC-based construction.

* Security analysis: because ML-KEM-768 already assumes QROM, we do not need to
complicate the analysis of X-Wing by considering weaker models.
Expand Down

0 comments on commit ba1dbe7

Please sign in to comment.