Open Quantum Safe
-
|
Do PQ-KEMs kyber and KEMs approved for 4th round by NIST, need Domain Separation for deriving multiple keys from shared secret? I am using HKDF to split shared secret to derive multiple keys, one for encryption , the other one for HMAC. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Any cryptographic key, including those output by KEMs, should only be used for a single purpose. If you need to use multiple symmetric algorithms (e.g., AES for encryption and then HMAC for authentication), you should use a key derivation function to derive multiple computationally independent keys from the single key. |
Beta Was this translation helpful? Give feedback.
-
|
@dstebila a small doubt does deriving key for AES and deriving separate key for HMAC using HKDF on shared secret obtained from PQ-KEM need domain separation? |
Beta Was this translation helpful? Give feedback.
-
|
KDFs take labels as input which you should use for domain separation. This is generally outside the scope of liboqs so if you have more questions about how to use KDFs I suggest trying StackExchange. |
Beta Was this translation helpful? Give feedback.
Any cryptographic key, including those output by KEMs, should only be used for a single purpose. If you need to use multiple symmetric algorithms (e.g., AES for encryption and then HMAC for authentication), you should use a key derivation function to derive multiple computationally independent keys from the single key.