You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Should the spec include some guidance (not sure how detailed or for what audience) on when to use the info parameter to Setup* and when to use aad to Seal and Open? In particular, for protocols that only need the single-shot mode, both seem to serve roughly the same purpose. (Though they do work very differently internally...)
One difference I can see is you're better off sticking your label string into info since other protocols might not be single-shot. (Is it worth a suggestion to incorporate a label string into info.) @chris-wood also points out that processing aad with your AEAD's universal hash function is likely faster than processing info with your KDF. So there's probably some benefit to keeping bulk data in the aad side of things. But I also expect this is negligible compared to the KEM. :-)
Beyond that, I'm not sure. aad is per-encryption and info is per-context, but what "feels" per-encryption vs per-context is a little hazy for single-shot uses.
Should the spec include some guidance (not sure how detailed or for what audience) on when to use the
infoparameter toSetup*and when to useaadtoSealandOpen? In particular, for protocols that only need the single-shot mode, both seem to serve roughly the same purpose. (Though they do work very differently internally...)One difference I can see is you're better off sticking your label string into
infosince other protocols might not be single-shot. (Is it worth a suggestion to incorporate a label string intoinfo.) @chris-wood also points out that processingaadwith your AEAD's universal hash function is likely faster than processinginfowith your KDF. So there's probably some benefit to keeping bulk data in theaadside of things. But I also expect this is negligible compared to the KEM. :-)Beyond that, I'm not sure.
aadis per-encryption andinfois per-context, but what "feels" per-encryption vs per-context is a little hazy for single-shot uses.(CC @csharrison)
The text was updated successfully, but these errors were encountered: