Add more hybrid NIKEs and KEMs

kem/schemes/schemes.go

@@ -27,26 +27,46 @@ import (
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh2048"
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh511"
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh512"
-	"github.com/katzenpost/hpqc/nike/diffiehellman"
 	"github.com/katzenpost/hpqc/nike/x25519"
 	"github.com/katzenpost/hpqc/nike/x448"
 	"github.com/katzenpost/hpqc/rand"
 )
 
 var potentialSchemes = [...]kem.Scheme{
 
-	// post quantum KEM schemes
+	// PQ KEMs
 
 	adapter.FromNIKE(ctidh511.Scheme()),
 	adapter.FromNIKE(ctidh512.Scheme()),
 	adapter.FromNIKE(ctidh1024.Scheme()),
 	adapter.FromNIKE(ctidh2048.Scheme()),
+
+	// hybrid KEMs
+
+	combiner.New(
+		"CTIDH512-X25519",
+		[]kem.Scheme{
+			adapter.FromNIKE(ctidh512.Scheme()),
+			adapter.FromNIKE(x25519.Scheme(rand.Reader)),
+		},
+	),
+	combiner.New(
+		"CTIDH1024-X448",
+		[]kem.Scheme{
+			adapter.FromNIKE(ctidh1024.Scheme()),
+			adapter.FromNIKE(x448.Scheme(rand.Reader)),
+		},
+	),
 }
 
 var allSchemes = []kem.Scheme{
 
 	// classical KEM schemes (converted from NIKE via hashed elgamal construction)
-	adapter.FromNIKE(diffiehellman.Scheme()),
+
+	// Classical DiffieHellman imeplementation has a bug with this ticket:
+	// https://github.com/katzenpost/hpqc/issues/39
+	//adapter.FromNIKE(diffiehellman.Scheme()),
+
 	adapter.FromNIKE(x25519.Scheme(rand.Reader)),
 	adapter.FromNIKE(x448.Scheme(rand.Reader)),
 
@@ -78,7 +98,8 @@ var allSchemes = []kem.Scheme{
 		kyber768.Scheme(),
 	),
 
-	// An alternative to Xwing using a generic and secure KEM combiner.
+	// If Xwing is not the PQ Hybrid KEM you are looking for then we recommend
+	// using our secure generic KEM combiner:
 	combiner.New(
 		"MLKEM768-X25519",
 		[]kem.Scheme{

nike/hybrid/ctidh.go

@@ -10,6 +10,7 @@ import (
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh511"
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh512"
 	"github.com/katzenpost/hpqc/nike/x25519"
+	"github.com/katzenpost/hpqc/nike/x448"
 	"github.com/katzenpost/hpqc/rand"
 )
 
@@ -25,14 +26,20 @@ var CTIDH512X25519 nike.Scheme = &Scheme{
 	second: x25519.Scheme(rand.Reader),
 }
 
-var CTIDH1024X25519 nike.Scheme = &Scheme{
-	name:   "CTIDH1024-X25519",
+var CTIDH512X448 nike.Scheme = &Scheme{
+	name:   "CTIDH512-X448",
+	second: ctidh512.Scheme(),
+	first:  x448.Scheme(rand.Reader),
+}
+
+var CTIDH1024X448 nike.Scheme = &Scheme{
+	name:   "CTIDH1024-X448",
 	first:  ctidh1024.Scheme(),
-	second: x25519.Scheme(rand.Reader),
+	second: x448.Scheme(rand.Reader),
 }
 
-var CTIDH2048X25519 nike.Scheme = &Scheme{
-	name:   "CTIDH2048-X25519",
+var CTIDH2048X448 nike.Scheme = &Scheme{
+	name:   "CTIDH2048-X448",
 	first:  ctidh2048.Scheme(),
-	second: x25519.Scheme(rand.Reader),
+	second: x448.Scheme(rand.Reader),
 }

nike/schemes/schemes.go

@@ -8,7 +8,6 @@ import (
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh2048"
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh511"
 	"github.com/katzenpost/hpqc/nike/ctidh/ctidh512"
-	"github.com/katzenpost/hpqc/nike/diffiehellman"
 	"github.com/katzenpost/hpqc/nike/hybrid"
 	"github.com/katzenpost/hpqc/nike/x25519"
 	"github.com/katzenpost/hpqc/nike/x448"
@@ -29,8 +28,8 @@ var potentialSchemes = [...]nike.Scheme{
 	//hybrid.CTIDH511X25519,
 
 	hybrid.CTIDH512X25519,
-	hybrid.CTIDH1024X25519,
-	hybrid.CTIDH2048X25519,
+	hybrid.CTIDH1024X448,
+	hybrid.CTIDH2048X448,
 
 	// NOBS CSIDH doesn't work on arm32
 	// XXX TODO: deprecate and remove.
@@ -42,7 +41,10 @@ var allSchemes = []nike.Scheme{
 	// classical NIKE schemes
 	x25519.Scheme(rand.Reader),
 	x448.Scheme(rand.Reader),
-	diffiehellman.Scheme(),
+
+	// Classical DiffieHellman imeplementation has a bug with this ticket:
+	// https://github.com/katzenpost/hpqc/issues/39
+	//diffiehellman.Scheme(),
 }
 
 var allSchemeNames map[string]nike.Scheme