-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Public Key from the Private Key Structure #7
Comments
From Markku
|
From David B.
|
From Phillip H. B.
|
As Markku brought up in the list, in Dilithium the private key includes Someone can derive the public key In other words, not including the public key I would expect signers to have a separate copy of their public key |
Note that while this can mathematically be done, no current Dilithium implementation provides this conversion functionality. You'd need to create special API calls just to facilitate this. And it would probably be outside NIST / FIPS / CAVP validation too, as it's a "derive the public key from private key" that is not covered by Signing, Verification, and Key Generation pseudocode. So it is not in any way certain that a future FIPS 140-? or NIAP Dilithium module is able to do this at all. |
ACK. I still do not consider this as a big problem because the module ought to be able to keep a copy of both the public and private key structures separately. |
From Bas W.
|
From Uri B.
I like this idea. |
From Markku > The Dilithium specification contains a description of the secret key format; I'd suggest sticking with it.
And Bas acknowledged
|
I like the seed idea too because it simplifies the private key. But I don’t like that it basically requires keygen+sign every time you want to sign which is different to what we have traditionally been doing. Plus the side-channel concern Markku brought up. For now, let’s keep the Dilithium PrivateKey in the structure, and we can consider keeping only the seed if there is a shift and keygen+sign for a seed becomes common. |
From John
The text was updated successfully, but these errors were encountered: