crypto.mlkem: return J(z||c) on implicit rejection - zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software. https://ziglang.org

diff options

author	Frank Denis <github@pureftpd.org>	2025-12-09 00:37:19 +0100
committer	Frank Denis <github@pureftpd.org>	2025-12-09 00:55:59 +0100
commit	a0e9130b894f6eeb810f5ad25ff34fe9782b24ba (patch)
tree	f92117fb594d1c19aa889ea905686da4b16d6433 /lib/libcxx/src/string.cpp
parent	7f36c4c7d3c8f3bfabb49a922a6156e4f1c61f67 (diff)
download	zig-a0e9130b894f6eeb810f5ad25ff34fe9782b24ba.tar.gz zig-a0e9130b894f6eeb810f5ad25ff34fe9782b24ba.zip

crypto.mlkem: return J(z||c) on implicit rejection

The ML-KEM decapsulation was returning z directly when implicit rejection was triggered, but FIPS 203 specifies it should return J(z || c) = SHAKE256(z || c).

Diffstat (limited to 'lib/libcxx/src/string.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: