github/ml-kem
1
1
Fork 0
mirror of https://github.com/itzmeanjan/ml-kem.git synced 2026-01-09 15:47:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add domain separation in K-PKE key generation step

Browse Source 
See section C.2 of https://doi.org/10.6028/NIST.FIPS.203

Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
This commit is contained in:
Anjan Roy
2024-09-01 20:36:17 +04:00
parent 07883453dd
commit c9087f37ff
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/ml_kem/internals/k_pke.hpp
View File

@@ -19,8 +19,13 @@ keygen(std::span<const uint8_t, 32> d, std::span<uint8_t, k * 12 * 32 + 32> pubk
std::array<uint8_t, 64> g_out{};
auto _g_out = std::span(g_out);
// Repurposing `g_out` (i.e. array for holding output of hash function G),
// for preparing the concatenated input to hash function G.
std::copy(d.begin(), d.end(), _g_out.begin());
_g_out[d.size()] = k; // Domain seperator to prevent misuse of key
sha3_512::sha3_512_t h512;
h512.absorb(d);
h512.absorb(_g_out.template first<d.size() + 1>());
h512.finalize();
h512.digest(_g_out);