Hi Valery,
Previously, I’ve reviewed this draft before the working group adoption. I’ve
reviewed the lasted version and I think it’s in the good shape.
Here I have only two questions for your confirmation.
1. If the initiator proposes USE_PPK_INT in the request but the responder
doesn’t includ
Hi all,
A few comments regarding the comparison below:
* I see no fundamental reason to exclude FrodoKEM-AES. AES is *not* used as
KDF in FrodoKEM, it is used as PRF to pseudorandomly generate the so-called
*public* matrix A (for everything else it does use SHAKE). On platforms with
AES ha
Hi William,
thank you for your review.
Hi Valery,
Previously, I’ve reviewed this draft before the working group adoption. I’ve
reviewed the lasted version and I think it’s in the good shape.
Here I have only two questions for your confirmation.
1. If the initiator proposes
