Fabian Albert
Fabian Albert
> I don't know how Botan usually handles this, but maybe you could include the draft 13 string somewhere? Just to be prepared in case this needs to be distinguishable...
This MR is ready for review.
I moved the ML-DSA IPD dilithium instances into a separate module, `ml_dsa_ipd`, so that users can configure Botan only to use these instances. There are no different headers between dilithium...
Update: I have now implemented SLH-DSA (without context and without prehash). However, I already prepared contexts and pre-hashes for the next iteration. Also, I did not rename the classes and...
Update: Test vectors and double-checks are integrated. Next week, I will look into SLH-DSA with X.509. Otherwise, this PR should be ready for review (and side-channel analysis (@aewag)) :)
Thanks for your review, @reneme! I applied your review suggestions and sprinkled in some StrongTypes. Regarding the logic separation between SLH-DSA and SPHINCS+: The total difference between both versions is...
>What do other implementations do here? At least for OpenSSL and Bouncycastle, only one type of EC public key is used for KEX (ECDH) and signatures (ECDSA). For Botan, we...
Sounds reasonable! We'll go with an opt-in Path_Validation_Restriction then. Thanks 👍