Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Abstraction Layer for Hybrid KEMs #4067

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

FAlbertDev
Copy link
Collaborator

We plan to add various KEM combiners in the following weeks/months. A KEM combiner is a KEM (with a KEM interface) that internally consists of two (or more) KEMs and/or key exchange algorithms transformed into KEMs. They are used for combining PQC with a classical public key algorithm. For that, this PR defines an abstract interface, a common base for these combiners.

In general, each KEM combiner consists of multiple public/private keys stored internally that are used to encapsulate multiple shared secrets. These multiple shared secrets are combined (using some sort of KDF) into a single shared secret. For that, the abstraction stores multiple public/private keys and implements the common boilerplate, such as defining the overall strength by returning the strength of the strongest sub-algorithm, etc. Also, a convenient interface for Encryptors and Decryptors is implemented. The existing TLS KEM combiner has been refactored to use this hybrid KEM abstraction.

For the BSI Project 481, we currently plan to implement the following three additional KEM combiners:

@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch from 46d3084 to 9d9158d Compare May 23, 2024 09:27
@coveralls
Copy link

coveralls commented May 23, 2024

Coverage Status

coverage: 91.353% (+0.009%) from 91.344%
when pulling 2cbadce on Rohde-Schwarz:kem-combiner-abstraction
into 13edb92 on randombit:master.

@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch from 9d9158d to f9ade5e Compare May 23, 2024 11:28
@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch from f9ade5e to 3235a24 Compare June 10, 2024 07:23
@FAlbertDev
Copy link
Collaborator Author

Rebased to master

@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch 3 times, most recently from 7548c0d to 97b9ea2 Compare June 13, 2024 07:05
@FAlbertDev
Copy link
Collaborator Author

Rebased to master.

This was referenced Jun 13, 2024
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some overly verbose iterator usage that I object to on aesthetic grounds :) but otherwise lgtm

src/lib/pubkey/hybrid_kem/hybrid_kem.cpp Outdated Show resolved Hide resolved
std::all_of(m_sks.begin(),
m_sks.end(),
[](const auto& sk) { return sk->supports_operation(PublicKeyOperation::KeyEncapsulation); }),
"Some provided secret key is not compatible with this hybrid wrapper");
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here again a for loop seems simpler and shorter

for(const auto* k: m_sks) {
   BOTAN_ARG_CHECK(k != nullptr, "List of secret keys contains a nullptr");
   BOTAN_ARG_CHECK(k->supports_operation(PublicKeyOperation::KeyEncapsulation), "Some provided secret key ...");
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was a holding us back from ranges again? 😅 Was it Xcode/NDK again?

src/lib/pubkey/hybrid_kem/hybrid_kem.cpp Outdated Show resolved Hide resolved
@FAlbertDev
Copy link
Collaborator Author

Thanks for the review. I agree that loops are easier to read here. It's quite sad that these C++ iterators are so bulky :(

I addressed your review comments.

@FAlbertDev
Copy link
Collaborator Author

I also made the KEX to KEM adapter header public. This is very useful for applications using non-predefined KEX algorithms with KEM combiners. Let me know what you think.

@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch 3 times, most recently from 21846e6 to a35b674 Compare June 17, 2024 13:58
@FAlbertDev FAlbertDev mentioned this pull request Jun 17, 2024
@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch from a35b674 to 9252d58 Compare June 19, 2024 06:26
@FAlbertDev
Copy link
Collaborator Author

Rebased to master

@randombit randombit added this to the Botan 3.6.0 milestone Jun 30, 2024
@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch 3 times, most recently from a6828dc to f5d49e0 Compare August 5, 2024 08:46
@FAlbertDev
Copy link
Collaborator Author

FAlbertDev commented Aug 5, 2024

@randombit Sorry for the late update. I applied your review suggestions, rebased to master, and cleaned-up the history (to make it less bulky in the depending PRs).

@FAlbertDev FAlbertDev force-pushed the kem-combiner-abstraction branch from f5d49e0 to 2cbadce Compare August 6, 2024 07:01
@reneme reneme removed this from the Botan 3.6.0 milestone Oct 7, 2024
@reneme reneme added this to the Botan 3.7.0 milestone Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants