Diff: rfc9936v1.txt - rfc9936.txt

	rfc9936v1.txt	rfc9936.txt

	skipping to change at line 601 ¶	skipping to change at line 601 ¶
	kda-hkdf-with-sha256.&smimeCaps \|	kda-hkdf-with-sha256.&smimeCaps \|
	kwa-aes128-wrap.&smimeCaps \|	kwa-aes128-wrap.&smimeCaps \|
	kwa-aes256-wrap.&smimeCaps,	kwa-aes256-wrap.&smimeCaps,
	... }	... }

	END	END
	<CODE ENDS>	<CODE ENDS>

	Appendix B. Parameter Set Security and Sizes	Appendix B. Parameter Set Security and Sizes


	Instead of defining the strength of a quantum algorithm in a	Instead of defining the strength of a quantum algorithm using the
	traditional manner using the imprecise notion of bits of security,	imprecise notion of bits of security, NIST has defined security
	NIST has defined security levels by picking a reference scheme, which	levels by picking a reference scheme, which is expected to offer
	is expected to offer notable levels of resistance to both quantum and	notable levels of resistance to both quantum and classical attacks.
	classical attacks. To wit, a KEM algorithm that achieves NIST Post-	To wit, a KEM algorithm that achieves NIST Post-Quantum Cryptography
	Quantum Cryptography (PQC) security must require computational	(PQC) security must require computational resources to break IND-CCA2
	resources to break IND-CCA2 security comparable or greater than that	security comparable or greater than that required for key search on
	required for key search on AES-128, AES-192, and AES-256 for Levels	AES-128, AES-192, and AES-256 for Levels 1, 3, and 5, respectively.
	1, 3, and 5, respectively. Levels 2 and 4 use collision search for	Levels 2 and 4 use collision search for SHA-256 and SHA-384 as
	SHA-256 and SHA-384 as reference.	reference.

	+=============+=======+==========+==========+============+========+	+=============+=======+==========+==========+============+========+
	\| Parameter \| Level \| Encap. \| Decap. \| Ciphertext \| Shared \|	\| Parameter \| Level \| Encap. \| Decap. \| Ciphertext \| Shared \|
	\| Set \| \| Key Size \| Key Size \| Size \| Secret \|	\| Set \| \| Key Size \| Key Size \| Size \| Secret \|
	\| \| \| \| \| \| Size \|	\| \| \| \| \| \| Size \|
	+=============+=======+==========+==========+============+========+	+=============+=======+==========+==========+============+========+
	\| ML-KEM-512 \| 1 \| 800 \| 1632 \| 768 \| 32 \|	\| ML-KEM-512 \| 1 \| 800 \| 1632 \| 768 \| 32 \|
	+-------------+-------+----------+----------+------------+--------+	+-------------+-------+----------+----------+------------+--------+
	\| ML-KEM-768 \| 3 \| 1184 \| 2400 \| 1088 \| 32 \|	\| ML-KEM-768 \| 3 \| 1184 \| 2400 \| 1088 \| 32 \|
	+-------------+-------+----------+----------+------------+--------+	+-------------+-------+----------+----------+------------+--------+

	skipping to change at line 756 ¶	skipping to change at line 756 ¶
	HWWcKlYCm3RTxfO6UkPZ+nSdkXxA2dEB5FO8ixDkKnwIkyPAJveD4QC5+m5wFEJN	HWWcKlYCm3RTxfO6UkPZ+nSdkXxA2dEB5FO8ixDkKnwIkyPAJveD4QC5+m5wFEJN
	pvo3kryVfughnQFrdz8o/tzJYqSFq6/+wCMoGXHimqaJg57P0mGekih80jDbJqJQ	pvo3kryVfughnQFrdz8o/tzJYqSFq6/+wCMoGXHimqaJg57P0mGekih80jDbJqJQ
	fMUA6xx6UpO1/pF64pvxrTUBJPijEWNSFLQR259n07hb1xUBhTfqRbQfQbTGYFEw	fMUA6xx6UpO1/pF64pvxrTUBJPijEWNSFLQR259n07hb1xUBhTfqRbQfQbTGYFEw
	DQYLKoZIhvcNAQkQAxwCARAwCwYJYIZIAWUDBAEFBBjAUOQ5L5wU3QrCIgID8xfX	DQYLKoZIhvcNAQkQAxwCARAwCwYJYIZIAWUDBAEFBBjAUOQ5L5wU3QrCIgID8xfX
	AflPndknePUwOgYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBBjARBAxcpXRouBvwO42n	AflPndknePUwOgYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBBjARBAxcpXRouBvwO42n
	GGwCARCADZTIaJqZ0sOOGS+muggEEFzxeGxXx0ArVPyTwwpKRTM=	GGwCARCADZTIaJqZ0sOOGS+muggEEFzxeGxXx0ArVPyTwwpKRTM=
	-----END CMS-----	-----END CMS-----

	This result decodes to:	This result decodes to:


	0 994: SEQUENCE {	0 994: SEQUENCE {
	4 11: OBJECT IDENTIFIER	4 11: OBJECT IDENTIFIER
	: authEnvelopedData (1 2 840 113549 1 9 16 1 23)	: authEnvelopedData (1 2 840 113549 1 9 16 1 23)
	17 977: [0] {	17 977: [0] {
	21 973: SEQUENCE {	21 973: SEQUENCE {
	25 1: INTEGER 0	25 1: INTEGER 0
	28 888: SET {	28 888: SET {
	32 884: [4] {	32 884: [4] {
	36 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 13 3'	36 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 13 3'
	49 867: SEQUENCE {	49 867: SEQUENCE {
	53 1: INTEGER 0	53 1: INTEGER 0
	56 20: [0]	56 20: [0]
	: 59 97 88 C3 7A ED 40 0E E4 05 D1 B2 A3 36 6A B1	: 59 97 88 C3 7A ED 40 0E E4 05 D1 B2 A3 36 6A B1
	: 7D 82 4A 51	: 7D 82 4A 51
	78 11: SEQUENCE {	78 11: SEQUENCE {
	80 9: OBJECT IDENTIFIER '2 16 840 1 101 3 4 4 1'	80 9: OBJECT IDENTIFIER '2 16 840 1 101 3 4 4 1'
	: }	: }
	91 768: OCTET STRING	91 768: OCTET STRING
	: 3E A4 0F C6 CA 09 0E 2C 8A F7 6E 27 27 AB 38 E0	: 3E A4 0F C6 CA 09 0E 2C 8A F7 6E 27 27 AB 38 E0
	: 65 2D 95 15 98 6F E1 86 82 7F E8 4E 59 6E 42 1B	: 65 2D 95 15 98 6F E1 86 82 7F E8 4E 59 6E 42 1B
	: 85 FD 45 9C C7 89 97 37 2C 9D E3 1D 19 1B 39 C1	: 85 FD 45 9C C7 89 97 37 2C 9D E3 1D 19 1B 39 C1
	: D5 A3 EB 6D DB 56 AA DE DE 76 5C C3 90 FD BB C2	: D5 A3 EB 6D DB 56 AA DE DE 76 5C C3 90 FD BB C2
	: F8 8C B1 75 68 1D 42 01 B8 1C CD FC B2 4F EF 13	: F8 8C B1 75 68 1D 42 01 B8 1C CD FC B2 4F EF 13
	: AF 2F 5A 1A BC F8 D8 AF 38 4F 02 A0 10 A6 E9 19	: AF 2F 5A 1A BC F8 D8 AF 38 4F 02 A0 10 A6 E9 19
	: F1 98 7A 5E 9B 1C 0E 2D 3F 07 F5 8A 9F A5 39 CE	: F1 98 7A 5E 9B 1C 0E 2D 3F 07 F5 8A 9F A5 39 CE
	: 86 CC 14 99 10 A1 69 2C 0C A4 CE 0E CE 4E EE D2	: 86 CC 14 99 10 A1 69 2C 0C A4 CE 0E CE 4E EE D2
	: E6 69 9C B9 76 33 24 52 DE 4A 2E B5 CA 61 F7 B0	: E6 69 9C B9 76 33 24 52 DE 4A 2E B5 CA 61 F7 B0
	: 81 33 0C 34 79 8E F7 12 A2 4E 59 C3 3C EA 1F 1F	: 81 33 0C 34 79 8E F7 12 A2 4E 59 C3 3C EA 1F 1F
	: 9E 6D 4F BF 37 43 A3 84 67 43 00 11 33 6F 62 D8	: 9E 6D 4F BF 37 43 A3 84 67 43 00 11 33 6F 62 D8
	: 70 79 2B 86 6B EF CD 1D 1B 36 5B ED 19 52 67 3D	: 70 79 2B 86 6B EF CD 1D 1B 36 5B ED 19 52 67 3D
	: 3A 5B 0C 20 B3 86 B4 EF D1 CF 63 FD 37 6B D4 7C	: 3A 5B 0C 20 B3 86 B4 EF D1 CF 63 FD 37 6B D4 7C
	: CC 46 AC 4D D8 EC 66 B0 47 C4 C9 5A CF F1 CF D0	: CC 46 AC 4D D8 EC 66 B0 47 C4 C9 5A CF F1 CF D0
	: 28 A4 19 B0 02 FD A1 B6 17 CB A6 1D 2E 91 CF E8	: 28 A4 19 B0 02 FD A1 B6 17 CB A6 1D 2E 91 CF E8
	: FF FB CB 8F FD 4D 5F 6A D8 B1 58 C2 19 E3 6D C5	: FF FB CB 8F FD 4D 5F 6A D8 B1 58 C2 19 E3 6D C5
	: 14 05 DC 0C 0B 23 49 79 AC 65 8E 72 BD DF 1B 67	: 14 05 DC 0C 0B 23 49 79 AC 65 8E 72 BD DF 1B 67
	: 73 B9 6B 2A E3 E4 D0 7B E8 60 48 04 0C 01 67 43	: 73 B9 6B 2A E3 E4 D0 7B E8 60 48 04 0C 01 67 43
	: 6F A8 39 E7 52 9B 00 CC 9A B5 5A 2F 25 DB 63 CC	: 6F A8 39 E7 52 9B 00 CC 9A B5 5A 2F 25 DB 63 CC
	: 9F 55 75 94 E6 91 C1 1E 55 3D 4A 3E BC 76 0F 5F	: 9F 55 75 94 E6 91 C1 1E 55 3D 4A 3E BC 76 0F 5F
	: 19 E5 FE 14 48 38 B4 C7 D1 59 1D A9 B5 D4 67 49	: 19 E5 FE 14 48 38 B4 C7 D1 59 1D A9 B5 D4 67 49
	: 4F D9 CA C5 2C C5 50 40 60 39 9D BD B7 22 98 EB	: 4F D9 CA C5 2C C5 50 40 60 39 9D BD B7 22 98 EB
	: 9A 4C 01 7B 00 78 6F DC 7D 9D 7A A5 7A DB B8 B6	: 9A 4C 01 7B 00 78 6F DC 7D 9D 7A A5 7A DB B8 B6
	: 1C 34 DE 1E 28 8B 2A B7 28 17 1D CE 14 3C D1 69	: 1C 34 DE 1E 28 8B 2A B7 28 17 1D CE 14 3C D1 69
	: 53 F9 84 C1 AE D5 59 E5 6B AA 0C E6 58 D3 2C CE	: 53 F9 84 C1 AE D5 59 E5 6B AA 0C E6 58 D3 2C CE
	: 42 F4 40 75 04 CD 7A 57 9A D0 EF 9B 77 13 5E AA	: 42 F4 40 75 04 CD 7A 57 9A D0 EF 9B 77 13 5E AA
	: 39 B6 F9 3A 3A 2E 59 97 80 7F 06 36 1C 83 F4 E6	: 39 B6 F9 3A 3A 2E 59 97 80 7F 06 36 1C 83 F4 E6
	: 7F 8E 3F 9C F6 83 16 01 15 14 F5 D8 5A 18 1C EA	: 7F 8E 3F 9C F6 83 16 01 15 14 F5 D8 5A 18 1C EA
	: D7 14 CD 49 40 E4 EB AC 01 D6 65 28 DA 32 F8 9C	: D7 14 CD 49 40 E4 EB AC 01 D6 65 28 DA 32 F8 9C
	: EA 04 28 E8 EB CA DC F8 AA 18 8C 9F 62 E8 5B 19	: EA 04 28 E8 EB CA DC F8 AA 18 8C 9F 62 E8 5B 19
	: 57 65 5B 7F E2 B8 D7 97 3B 7A 72 26 B6 6D 93 BF	: 57 65 5B 7F E2 B8 D7 97 3B 7A 72 26 B6 6D 93 BF
	: 7B 23 2F 3D CF 65 3C 84 B4 EC F1 A9 92 0D B1 94	: 7B 23 2F 3D CF 65 3C 84 B4 EC F1 A9 92 0D B1 94
	: 9A D7 50 B5 46 A5 55 2A 20 E5 49 09 71 9B 8C 0C	: 9A D7 50 B5 46 A5 55 2A 20 E5 49 09 71 9B 8C 0C
	: 07 05 6F CB 7E 57 4A D2 A3 2E C9 50 01 DD E8 44	: 07 05 6F CB 7E 57 4A D2 A3 2E C9 50 01 DD E8 44
	: 81 BE 77 D0 39 ED 5B F7 42 62 EC F3 98 1F 1B 00	: 81 BE 77 D0 39 ED 5B F7 42 62 EC F3 98 1F 1B 00
	: D3 36 6A 9C 2E 06 1C 47 E2 41 A0 61 C6 24 95 60	: D3 36 6A 9C 2E 06 1C 47 E2 41 A0 61 C6 24 95 60
	: D2 B8 44 6A 48 0C 38 C2 8B A9 89 D9 F6 8A DC 4B	: D2 B8 44 6A 48 0C 38 C2 8B A9 89 D9 F6 8A DC 4B
	: BA F2 A2 0B 47 E4 92 31 28 C7 23 42 D5 97 FD A2	: BA F2 A2 0B 47 E4 92 31 28 C7 23 42 D5 97 FD A2
	: 59 DE 0B 83 C2 05 6D 6B 77 E7 99 B3 19 32 4A A5	: 59 DE 0B 83 C2 05 6D 6B 77 E7 99 B3 19 32 4A A5
	: 0B 1D 65 9C 2A 56 02 9B 74 53 C5 F3 BA 52 43 D9	: 0B 1D 65 9C 2A 56 02 9B 74 53 C5 F3 BA 52 43 D9
	: FA 74 9D 91 7C 40 D9 D1 01 E4 53 BC 8B 10 E4 2A	: FA 74 9D 91 7C 40 D9 D1 01 E4 53 BC 8B 10 E4 2A
	: 7C 08 93 23 C0 26 F7 83 E1 00 B9 FA 6E 70 14 42	: 7C 08 93 23 C0 26 F7 83 E1 00 B9 FA 6E 70 14 42
	: 4D A6 FA 37 92 BC 95 7E E8 21 9D 01 6B 77 3F 28	: 4D A6 FA 37 92 BC 95 7E E8 21 9D 01 6B 77 3F 28
	: FE DC C9 62 A4 85 AB AF FE C0 23 28 19 71 E2 9A	: FE DC C9 62 A4 85 AB AF FE C0 23 28 19 71 E2 9A
	: A6 89 83 9E CF D2 61 9E 92 28 7C D2 30 DB 26 A2	: A6 89 83 9E CF D2 61 9E 92 28 7C D2 30 DB 26 A2
	: 50 7C C5 00 EB 1C 7A 52 93 B5 FE 91 7A E2 9B F1	: 50 7C C5 00 EB 1C 7A 52 93 B5 FE 91 7A E2 9B F1
	: AD 35 01 24 F8 A3 11 63 52 14 B4 11 DB 9F 67 D3	: AD 35 01 24 F8 A3 11 63 52 14 B4 11 DB 9F 67 D3
	: B8 5B D7 15 01 85 37 EA 45 B4 1F 41 B4 C6 60 51	: B8 5B D7 15 01 85 37 EA 45 B4 1F 41 B4 C6 60 51
	863 13: SEQUENCE {	863 13: SEQUENCE {
	865 11: OBJECT IDENTIFIER	865 11: OBJECT IDENTIFIER
	: hkdfWithSha256 (1 2 840 113549 1 9 16 3 28)	: hkdfWithSha256 (1 2 840 113549 1 9 16 3 28)
	: }	: }
	878 1: INTEGER 16	878 1: INTEGER 16
	881 11: SEQUENCE {	881 11: SEQUENCE {
	883 9: OBJECT IDENTIFIER	883 9: OBJECT IDENTIFIER
	: aes128-wrap (2 16 840 1 101 3 4 1 5)	: aes128-wrap (2 16 840 1 101 3 4 1 5)
	: }	: }
	894 24: OCTET STRING	894 24: OCTET STRING
	: C0 50 E4 39 2F 9C 14 DD 0A C2 22 02 03 F3 17 D7	: C0 50 E4 39 2F 9C 14 DD 0A C2 22 02 03 F3 17 D7
	: 01 F9 4F 9D D9 27 78 F5	: 01 F9 4F 9D D9 27 78 F5
	: }	: }
	: }	: }
	: }	: }
	920 58: SEQUENCE {	920 58: SEQUENCE {
	922 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)	922 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
	933 30: SEQUENCE {	933 30: SEQUENCE {
	935 9: OBJECT IDENTIFIER	935 9: OBJECT IDENTIFIER
	: aes128-GCM (2 16 840 1 101 3 4 1 6)	: aes128-GCM (2 16 840 1 101 3 4 1 6)
	946 17: SEQUENCE {	946 17: SEQUENCE {
	948 12: OCTET STRING 5C A5 74 68 B8 1B F0 3B 8D A7 18 6C	948 12: OCTET STRING 5C A5 74 68 B8 1B F0 3B 8D A7 18 6C
	962 1: INTEGER 16	962 1: INTEGER 16
	: }	: }
	: }	: }
	965 13: [0] 94 C8 68 9A 99 D2 C3 8E 19 2F A6 BA 08	965 13: [0] 94 C8 68 9A 99 D2 C3 8E 19 2F A6 BA 08
	: }	: }
	980 16: OCTET STRING 5C F1 78 6C 57 C7 40 2B 54 FC 93 C3 0A 4A 45 33	980 16: OCTET STRING
	: }	: 5C F1 78 6C 57 C7 40 2B 54 FC 93 C3 0A 4A 45 33
	: }	: }
	: }	: }
		: }

	C.2. Recipient CMS Processing	C.2. Recipient CMS Processing

	Bob's ML-KEM-512 private key:	Bob's ML-KEM-512 private key:

	-----BEGIN PRIVATE KEY-----	-----BEGIN PRIVATE KEY-----
	MFQCAQAwCwYJYIZIAWUDBAQBBEKAQAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ	MFQCAQAwCwYJYIZIAWUDBAQBBEKAQAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ
	GhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=	GhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=
	-----END PRIVATE KEY-----	-----END PRIVATE KEY-----


	skipping to change at line 875 ¶	skipping to change at line 876 ¶
	the key-encryption key from the shared secret and the DER-encoded	the key-encryption key from the shared secret and the DER-encoded
	CMSORIforKEMOtherInfo using HKDF with SHA-256, uses AES-128-KEYWRAP	CMSORIforKEMOtherInfo using HKDF with SHA-256, uses AES-128-KEYWRAP
	to decrypt the content-encryption key with the key-encryption key,	to decrypt the content-encryption key with the key-encryption key,
	and decrypts the encrypted contents with the content-encryption key,	and decrypts the encrypted contents with the content-encryption key,
	revealing the plaintext content:	revealing the plaintext content:

	Hello, world!	Hello, world!

	Acknowledgements	Acknowledgements


	This document borrows heavily from [RFC9690], [FIPS203], and	This document borrows heavily from [RFC9690], [FIPS203], [RFC9935],
	[IKEv2-MLKEM]. Thanks go to the authors of those documents.	and [IKEv2-MLKEM]. Thanks go to the authors of those documents.
	"Copying always makes things easier and less error prone." -	"Copying always makes things easier and less error prone." -
	[RFC8411].	[RFC8411].

	Thanks to Carl Wallace, Jonathan Hammel, and Sean Turner for the	Thanks to Carl Wallace, Jonathan Hammel, and Sean Turner for the
	detailed review and Carl Wallace and Philippe Cece for	detailed review and Carl Wallace and Philippe Cece for
	interoperability testing for the examples.	interoperability testing for the examples.

	Authors' Addresses	Authors' Addresses

	Julien Prat	Julien Prat

End of changes. 3 change blocks.
	109 lines changed or deleted	110 lines changed or added
This html diff was produced by rfcdiff 1.48.