diff --git a/kem/schemes/schemes.go b/kem/schemes/schemes.go index eaa58e3..0c8548f 100644 --- a/kem/schemes/schemes.go +++ b/kem/schemes/schemes.go @@ -27,7 +27,6 @@ import ( "github.com/katzenpost/hpqc/nike/ctidh/ctidh2048" "github.com/katzenpost/hpqc/nike/ctidh/ctidh511" "github.com/katzenpost/hpqc/nike/ctidh/ctidh512" - "github.com/katzenpost/hpqc/nike/diffiehellman" "github.com/katzenpost/hpqc/nike/x25519" "github.com/katzenpost/hpqc/nike/x448" "github.com/katzenpost/hpqc/rand" @@ -35,18 +34,39 @@ import ( var potentialSchemes = [...]kem.Scheme{ - // post quantum KEM schemes + // PQ KEMs adapter.FromNIKE(ctidh511.Scheme()), adapter.FromNIKE(ctidh512.Scheme()), adapter.FromNIKE(ctidh1024.Scheme()), adapter.FromNIKE(ctidh2048.Scheme()), + + // hybrid KEMs + + combiner.New( + "CTIDH512-X25519", + []kem.Scheme{ + adapter.FromNIKE(ctidh512.Scheme()), + adapter.FromNIKE(x25519.Scheme(rand.Reader)), + }, + ), + combiner.New( + "CTIDH1024-X448", + []kem.Scheme{ + adapter.FromNIKE(ctidh1024.Scheme()), + adapter.FromNIKE(x448.Scheme(rand.Reader)), + }, + ), } var allSchemes = []kem.Scheme{ // classical KEM schemes (converted from NIKE via hashed elgamal construction) - adapter.FromNIKE(diffiehellman.Scheme()), + + // Classical DiffieHellman imeplementation has a bug with this ticket: + // https://github.com/katzenpost/hpqc/issues/39 + //adapter.FromNIKE(diffiehellman.Scheme()), + adapter.FromNIKE(x25519.Scheme(rand.Reader)), adapter.FromNIKE(x448.Scheme(rand.Reader)), @@ -78,7 +98,8 @@ var allSchemes = []kem.Scheme{ kyber768.Scheme(), ), - // An alternative to Xwing using a generic and secure KEM combiner. + // If Xwing is not the PQ Hybrid KEM you are looking for then we recommend + // using our secure generic KEM combiner: combiner.New( "MLKEM768-X25519", []kem.Scheme{ diff --git a/nike/hybrid/ctidh.go b/nike/hybrid/ctidh.go index 54d92c0..0c23d4b 100644 --- a/nike/hybrid/ctidh.go +++ b/nike/hybrid/ctidh.go @@ -10,6 +10,7 @@ import ( "github.com/katzenpost/hpqc/nike/ctidh/ctidh511" "github.com/katzenpost/hpqc/nike/ctidh/ctidh512" "github.com/katzenpost/hpqc/nike/x25519" + "github.com/katzenpost/hpqc/nike/x448" "github.com/katzenpost/hpqc/rand" ) @@ -25,14 +26,20 @@ var CTIDH512X25519 nike.Scheme = &Scheme{ second: x25519.Scheme(rand.Reader), } -var CTIDH1024X25519 nike.Scheme = &Scheme{ - name: "CTIDH1024-X25519", +var CTIDH512X448 nike.Scheme = &Scheme{ + name: "CTIDH512-X448", + second: ctidh512.Scheme(), + first: x448.Scheme(rand.Reader), +} + +var CTIDH1024X448 nike.Scheme = &Scheme{ + name: "CTIDH1024-X448", first: ctidh1024.Scheme(), - second: x25519.Scheme(rand.Reader), + second: x448.Scheme(rand.Reader), } -var CTIDH2048X25519 nike.Scheme = &Scheme{ - name: "CTIDH2048-X25519", +var CTIDH2048X448 nike.Scheme = &Scheme{ + name: "CTIDH2048-X448", first: ctidh2048.Scheme(), - second: x25519.Scheme(rand.Reader), + second: x448.Scheme(rand.Reader), } diff --git a/nike/schemes/schemes.go b/nike/schemes/schemes.go index d72f01f..9f33ed8 100644 --- a/nike/schemes/schemes.go +++ b/nike/schemes/schemes.go @@ -8,7 +8,6 @@ import ( "github.com/katzenpost/hpqc/nike/ctidh/ctidh2048" "github.com/katzenpost/hpqc/nike/ctidh/ctidh511" "github.com/katzenpost/hpqc/nike/ctidh/ctidh512" - "github.com/katzenpost/hpqc/nike/diffiehellman" "github.com/katzenpost/hpqc/nike/hybrid" "github.com/katzenpost/hpqc/nike/x25519" "github.com/katzenpost/hpqc/nike/x448" @@ -29,8 +28,8 @@ var potentialSchemes = [...]nike.Scheme{ //hybrid.CTIDH511X25519, hybrid.CTIDH512X25519, - hybrid.CTIDH1024X25519, - hybrid.CTIDH2048X25519, + hybrid.CTIDH1024X448, + hybrid.CTIDH2048X448, // NOBS CSIDH doesn't work on arm32 // XXX TODO: deprecate and remove. @@ -42,7 +41,10 @@ var allSchemes = []nike.Scheme{ // classical NIKE schemes x25519.Scheme(rand.Reader), x448.Scheme(rand.Reader), - diffiehellman.Scheme(), + + // Classical DiffieHellman imeplementation has a bug with this ticket: + // https://github.com/katzenpost/hpqc/issues/39 + //diffiehellman.Scheme(), } var allSchemeNames map[string]nike.Scheme