Skip to content

Commit

Permalink
Ounsworth KEM Combiner
Browse files Browse the repository at this point in the history
  • Loading branch information
FAlbertDev committed Aug 6, 2024
1 parent f5d49e0 commit 2a6b9bf
Show file tree
Hide file tree
Showing 16 changed files with 2,038 additions and 1 deletion.
21 changes: 21 additions & 0 deletions doc/api_ref/pubkey.rst
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,27 @@ A set of signature schemes based on elliptic curves. All are national standards
in their respective countries (Germany, South Korea, China, and Russia, resp),
and are completely obscure and unused outside of that context.

KEM Combiner
------------

A KEM Combiner is a key encapsulation mechanism (KEM) that combines multiple
KEMs into a single KEM. The resulting KEM is secure if at least one combined
KEM is secure. Usually, the KEM Combiner combines a classical KEM with a
post-quantum secure KEM. Note that every key exchange algorithm can also be
described as a KEM.

Ounsworth KEM Combiner
~~~~~~~~~~~~~~~~~~~~~~

This combiner is based on
`draft-ounsworth-cfrg-kem-combiners-05 <https://github.com/EntrustCorporation/draft-ounsworth-cfrg-kem-combiners/blob/475ff53eb8fb7213f6e5ab26dd23e5dc3203f7fa/draft-ounsworth-cfrg-kem-combiners.txt>`_
(Feb 2024). It is a generic combiner that achieves IND-CCA security if at least
one combined KEM is. Every KEM that implements Botan's private and public key
interfaces can be an ingredient of this combiner. However, some KEMs are
predefined for easier usage. The predefined KEMs are Kyber (Round 3) and
FrodoKEM for post-quantum security and X25519, X448, and ECDH (with various
named curves) as classical key exchange algorithms formulated as KEMs.

.. _creating_new_private_keys:

Creating New Private Keys
Expand Down
13 changes: 13 additions & 0 deletions doc/dev_ref/oids.rst
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,19 @@ Values currently assigned are::
kyber-768-90s OBJECT IDENTIFIER ::= { kyber-90s 2 }
kyber-1024-90s OBJECT IDENTIFIER ::= { kyber-90s 3 }

ounsworth-kem-combiner OBJECT IDENTIFIER ::= { publicKey 20 }

ounsworth-kem-combiner-kyber-768-r3-x25519-kmac-256 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 1 }
ounsworth-kem-combiner-kyber-1024-r3-x448-kmac-256 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 2 }

ounsworth-kem-combiner-kyber-512-r3-ecdh-secp256r1-kmac-128 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 3 }
ounsworth-kem-combiner-kyber-768-r3-ecdh-secp384r1-kmac-256 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 4 }
ounsworth-kem-combiner-kyber-1024-r3-ecdh-secp512r1-kmac-256 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 5 }

ounsworth-kem-combiner-frodokem-640-shake-ecdh-brainpool256r1-kmac-128 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 6 }
ounsworth-kem-combiner-frodokem-976-shake-ecdh-brainpool384r1-kmac-256 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 7 }
ounsworth-kem-combiner-frodokem-1344-shake-ecdh-brainpool512r1-kmac-256 OBJECT IDENTIFIER ::= { ounsworth-kem-combiner 8 }

xmss OBJECT IDENTIFIER ::= { publicKey 8 }

-- The current dilithium implementation is compatible with the reference
Expand Down
13 changes: 13 additions & 0 deletions src/build-data/oids.txt
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,19 @@
1.3.6.1.4.1.25258.1.11.2 = Kyber-768-90s-r3
1.3.6.1.4.1.25258.1.11.3 = Kyber-1024-90s-r3

# Ounsworth KEM Combiner Draft (Feb 2024)
# https://github.com/EntrustCorporation/draft-ounsworth-cfrg-kem-combiners/blob/475ff53eb8fb7213f6e5ab26dd23e5dc3203f7fa/draft-ounsworth-cfrg-kem-combiners.txt
1.3.6.1.4.1.25258.1.20.1 = OunsworthKEMCombiner/Kyber-768-r3/X25519/KMAC-256
1.3.6.1.4.1.25258.1.20.2 = OunsworthKEMCombiner/Kyber-1024-r3/X448/KMAC-256

1.3.6.1.4.1.25258.1.20.3 = OunsworthKEMCombiner/Kyber-512-r3/ECDH-secp256r1/KMAC-128
1.3.6.1.4.1.25258.1.20.4 = OunsworthKEMCombiner/Kyber-768-r3/ECDH-secp384r1/KMAC-256
1.3.6.1.4.1.25258.1.20.5 = OunsworthKEMCombiner/Kyber-1024-r3/ECDH-secp521r1/KMAC-256

1.3.6.1.4.1.25258.1.20.6 = OunsworthKEMCombiner/FrodoKEM-640-SHAKE/ECDH-brainpool256r1/KMAC-128
1.3.6.1.4.1.25258.1.20.7 = OunsworthKEMCombiner/FrodoKEM-976-SHAKE/ECDH-brainpool384r1/KMAC-256
1.3.6.1.4.1.25258.1.20.8 = OunsworthKEMCombiner/FrodoKEM-1344-SHAKE/ECDH-brainpool512r1/KMAC-256

# Dilithium OIDs are currently in Botan's private arc
1.3.6.1.4.1.25258.1.9.1 = Dilithium-4x4-r3
1.3.6.1.4.1.25258.1.9.2 = Dilithium-6x5-r3
Expand Down
19 changes: 19 additions & 0 deletions src/lib/asn1/oid_maps.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,14 @@ std::unordered_map<std::string, std::string> OID_Map::load_oid2str_map() {
{"1.3.6.1.4.1.25258.1.17.1", "eFrodoKEM-640-AES"},
{"1.3.6.1.4.1.25258.1.17.2", "eFrodoKEM-976-AES"},
{"1.3.6.1.4.1.25258.1.17.3", "eFrodoKEM-1344-AES"},
{"1.3.6.1.4.1.25258.1.20.1", "OunsworthKEMCombiner/Kyber-768-r3/X25519/KMAC-256"},
{"1.3.6.1.4.1.25258.1.20.2", "OunsworthKEMCombiner/Kyber-1024-r3/X448/KMAC-256"},
{"1.3.6.1.4.1.25258.1.20.3", "OunsworthKEMCombiner/Kyber-512-r3/ECDH-secp256r1/KMAC-128"},
{"1.3.6.1.4.1.25258.1.20.4", "OunsworthKEMCombiner/Kyber-768-r3/ECDH-secp384r1/KMAC-256"},
{"1.3.6.1.4.1.25258.1.20.5", "OunsworthKEMCombiner/Kyber-1024-r3/ECDH-secp521r1/KMAC-256"},
{"1.3.6.1.4.1.25258.1.20.6", "OunsworthKEMCombiner/FrodoKEM-640-SHAKE/ECDH-brainpool256r1/KMAC-128"},
{"1.3.6.1.4.1.25258.1.20.7", "OunsworthKEMCombiner/FrodoKEM-976-SHAKE/ECDH-brainpool384r1/KMAC-256"},
{"1.3.6.1.4.1.25258.1.20.8", "OunsworthKEMCombiner/FrodoKEM-1344-SHAKE/ECDH-brainpool512r1/KMAC-256"},
{"1.3.6.1.4.1.25258.1.3", "McEliece"},
{"1.3.6.1.4.1.25258.1.5", "XMSS-draft6"},
{"1.3.6.1.4.1.25258.1.6.1", "GOST-34.10-2012-256/SHA-256"},
Expand Down Expand Up @@ -432,6 +440,17 @@ std::unordered_map<std::string, OID> OID_Map::load_str2oid_map() {
{"Microsoft UPN", OID({1, 3, 6, 1, 4, 1, 311, 20, 2, 3})},
{"OpenPGP.Curve25519", OID({1, 3, 6, 1, 4, 1, 3029, 1, 5, 1})},
{"OpenPGP.Ed25519", OID({1, 3, 6, 1, 4, 1, 11591, 15, 1})},
{"OunsworthKEMCombiner/FrodoKEM-1344-SHAKE/ECDH-brainpool512r1/KMAC-256",
OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 8})},
{"OunsworthKEMCombiner/FrodoKEM-640-SHAKE/ECDH-brainpool256r1/KMAC-128",
OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 6})},
{"OunsworthKEMCombiner/FrodoKEM-976-SHAKE/ECDH-brainpool384r1/KMAC-256",
OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 7})},
{"OunsworthKEMCombiner/Kyber-1024-r3/ECDH-secp521r1/KMAC-256", OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 5})},
{"OunsworthKEMCombiner/Kyber-1024-r3/X448/KMAC-256", OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 2})},
{"OunsworthKEMCombiner/Kyber-512-r3/ECDH-secp256r1/KMAC-128", OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 3})},
{"OunsworthKEMCombiner/Kyber-768-r3/ECDH-secp384r1/KMAC-256", OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 4})},
{"OunsworthKEMCombiner/Kyber-768-r3/X25519/KMAC-256", OID({1, 3, 6, 1, 4, 1, 25258, 1, 20, 1})},
{"PBE-PKCS5v20", OID({1, 2, 840, 113549, 1, 5, 13})},
{"PBES2", OID({1, 2, 840, 113549, 1, 5, 13})},
{"PKCS5.PBKDF2", OID({1, 2, 840, 113549, 1, 5, 12})},
Expand Down
26 changes: 26 additions & 0 deletions src/lib/pubkey/ounsworth_kem_combiner/info.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<defines>
OUNSWORTH -> 20240528
</defines>

<module_info>
name -> "Ounsworth"
lifecycle -> "Experimental"
</module_info>

<header:internal>
ounsworth_internal.h
</header:internal>

<header:public>
ounsworth.h
ounsworth_mode.h
</header:public>

<requires>
asn1
hybrid_kem
kex_to_kem_adapter
kmac
sha3
sp800_56a
</requires>
Loading

0 comments on commit 2a6b9bf

Please sign in to comment.