|
Dear all,
I've written a KEM provider for TLS but do not understand one thing about the flow on the server. It seems that first a key gets generated, and then the public key from the client is decoded onto that key. However, the generation routine computes a keypair which is an expensive operation. Is there a way my generation routine can know (via some setting) that the generated keypair is going to be immediately overwritten/is there a settable context parameter with the public key that I should support? I've looked at OQS but haven't understood what I've been seeing.
I find this design perplexing: surely letting each algorithm provide allocation and freeing and then keypair generation, and decoding and encoding routines+the kem routines would have worked. I understand this wouldn't fit RSA as well, but generally that sort of design is a mistake and we've moved away from having these free floating parameters in newer schemes/it's accomadatable other ways.
Sincerely, Watson Ladd |
