OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Groups - Post Quantum Signatures V4 Comments

On 10/22/23 4:10 PM, JOHNSON Darren wrote:

THALES GROUP LIMITED DISTRIBUTION to email recipients

Â

Hi,

I just wanted to confirm some details with this proposal. As well as add some minor editorial comments.

Â

FIPS 204 defines pre-hashing for ML-DSA. We didnât want to include that in the spec?

I missed that. It looks like a different mechanism, though. It would be single shot only. I'm not clear, however, does the pre-hash version need 'tr' (hash obj the public key)?

Â

FIPS 204 defines both random and deterministic variants. Donât we want to have those defined separately in the spec? There are use cases where one may want a deterministic signature, as well as use case where one may want a randomized signature.

Hmm I was considering that a compatible implementation detail, not necessarily visible to the application. I wouldn't use two different mechanisms. Probably an optional parameter that lets the application select this on Signature creation (wouldn't be needed at verify because p' is already included in the signature.

Â

CKA_VALUE for CKK_ML_DSA public key is defined as a âBig Integerâ. But FIPS 204 defines it as an encoded value. So shouldnât it be a âByte Arrayâ? The question/comment applies to CKA_VALUE for the ML-DSA private key as well.

Yes, the values for these shhould be the encoded values from the FIPS spec.

Â

For Falcon, both public and private keys are encoded values as well. The proposal states that the CK_VALUE attribute for the public and private keys are a âBig Integerâ. Shouldnât they be âByte Arrayâ?

Yes.

Â

I spent a lot of time on SLH-DSA, but I have the same question about the CKA_VALUE for the public and private keys. Shouldnât they be âByte Arrayâ? They both contain multiple values.

Yes.

Also, FIPS 205 defines both random and deterministic variations of SLH-DSA. We didnât want those called out separately in the spec either?

I think that's the same answer as ML_DSA.

Â

Thanks

Darren


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]