Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

draft-thomson-ppm-prss-00 6.1: Could PRFs other than AES ever be supported? #28

Open
tgeoghegan opened this issue Jul 25, 2024 · 1 comment
Open

draft-thomson-ppm-prss-00 6.1: Could PRFs other than AES ever be supported? #28

tgeoghegan opened this issue Jul 25, 2024 · 1 comment
Labels
prss

Comments

@tgeoghegan
Copy link
Contributor

The document is generic over abstract descriptions of KEMs and KDFs, but then concretely requires either AES128 or 256 for the PRF. Section 6.1 cites GKWY20, which only considers AES. If someone did security proofs etc., could this method be extended to hashes (TurboSHAKE as in VDAF) or other symmetric ciphers?
@martinthomson
Copy link
Member

The use of an XOF would be very interesting here. The shape changes quite a bit, of course.

My view is that we'd want to see whether an XOF variant is faster. If it is faster always, then we'd stop using AES. If it is faster sometimes, that might make a case for two options, but we'd need to discuss what the costs look like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
prss
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinthomson @tgeoghegan