Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend Fuse/FE to 512-bits, Update HMAC384 to HMAC512 to meet PQC ML-DSA-87 requirement #581

Open
mojtaba-bisheh opened this issue Sep 3, 2024 · 0 comments
Open

Extend Fuse/FE to 512-bits, Update HMAC384 to HMAC512 to meet PQC ML-DSA-87 requirement #581

mojtaba-bisheh opened this issue Sep 3, 2024 · 0 comments
Assignees
@mojtaba-bisheh @Nitsirks
Labels
2.0 feature request

Comments

@mojtaba-bisheh
Copy link
Contributor

FIPS204 requires using SHA512 for pre-hash mode to maintain security level at category 5.
IETF Composite Keys and Signatures draft requires using SHA512 for hybrid mode between ML-DSA-87 and ECC Secp384r1.

Hence, HMAC384 needs to be updated to HMAC512 to maintain PQC flow at category 5. HMAC384 will be removed.

Since HMAC512 requires 512-bit key, UDS and FE needs to be extended to 512 bits.

KV needs to be extended to 512 bits as mentioned here: #580

Since PCR path needs to be implemented within hardware boundary, any IETF requirement for hybrid signature will be hardcoded.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mojtaba-bisheh mojtaba-bisheh

@Nitsirks Nitsirks

Labels
2.0 feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mojtaba-bisheh @Nitsirks