Timeline for answer to Kyber-CCA-KEM - Deterministic implicit rejection by xagawa
Current License: CC BY-SA 4.0
Post Revisions
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 13, 2023 at 3:42 | comment | added | DannyNiu | I suppose yes, Peter did say "with a dedicated part of the secret key". | |
| Aug 12, 2023 at 16:30 | comment | added | xagawa | @DannyNiu You mean that H(seed,c) instead of H(sk,c), right? If so, it is IND-CCA-secure and fine as in the first paragraph. | |
| Aug 12, 2023 at 12:05 | vote | accept | DannyNiu | ||
| Aug 12, 2023 at 12:04 | comment | added | DannyNiu | I also post this Q to NIST PQC mailing list, and Peter Schwabe told me that's already being done in the Kyber GitHub branch dedicated to standard drafting. | |
| Aug 12, 2023 at 7:57 | history | answered | xagawa | CC BY-SA 4.0 |