Werner Koch via Gnupg-devel <[email protected]> writes: > On Mon, 6 May 2024 14:49, Simon Josefsson said: >> Werner Koch via Gnupg-devel <[email protected]> writes: >> >>> + - Prepare fixedInfo as specified above >>> >>> - Compute KEK := multiKeyCombine(eccKeyShare, eccCipherText, >>> mlkemKeyShare, mlkemCipherText, fixedInfo, 256) as defined in >>> - Section [](#KEM-Key-Combiner). >>> + Section [](#kem-key-combiner). >> >> Where is multiKeyCombine defined? I can't find it in > > Line 6133 in the draft I posted today to librepgp-discuss > https://lists.gnupg.org/pipermail/librepgp-discuss/2024/000068.html
Thank you! As far as I can tell this doesn't strongly bind eccPublicKey and mlkemPublicKey to the KEK which may complicate a security proof. /Simon
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
