[gnutls-devel] GnuTLS | Support seed-only private keys for ML-DSA/ML-KEM (#1665)

[Read-only notification of GnuTLS library development activities]

Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1665



After a [discussion](https://mailarchive.ietf.org/arch/msg/spasm/vaAKtzW3BVHN8cm_JbwIaX-ypms/) in the IETF LAMPS working group, the current consensus is to only support seed-only private keys for ML-DSA and ML-KEM, though GnuTLS currently only support expanded private keys. We may, at least optionally, want to support the seed-only format for private keys.

At the library API level, there is an existing mechanism used for provable key generation for RSA:
- `gnutls_privkey_generate2` with `GNUTLS_KEYGEN_SEED` parameter to generate a private key from/through a seed
- `gnutls_privkey_get_seed` to retrieve the seed to generate a private key

As for the file format, when writing a private key, we probably should use the seed-only format by default specified in [section 6](https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-private-key-format) of draft-ietf-lamps-dilithium-certificates-07. When reading, on the other hand, we may also support a expanded-only format which I would propose as signified by the presence of a "publicKey" field in a OneAsymmetricKey structure (with the "version" field set to 1), so it is mutually exclusive with the seed-only format.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1665
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250214/c0ab9ae6/attachment.html>