RFR: 8347938: Switch to latest ML-KEM private key encoding [v5]
Ben Perez
bperez at openjdk.org
Mon Aug 4 21:50:09 UTC 2025
On Wed, 30 Jul 2025 15:45:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IETF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-11 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-10. New security/system properties are introduced to determine which CHOICE a private key is encoded when a new key pair is generated or when `KeyFactory::translateKey` is called.
>>
>> By default, the choice is "seed".
>>
>> Both the encoding and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS #8 key, the expanded format is calculated from the input if it's seed only.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> combine security properties description; remove one test
src/java.base/share/classes/sun/security/provider/ML_DSA.java line 593:
> 591: var s1 = deepClone(sk.s1);
> 592: mlDsaVectorNtt(s1); //s1 now in NTT domain
> 593: int[][] As1 = new int[mlDsa_k][ML_DSA_N];
Multiarray allocations like this are quite slow - for better performance consider using the `integerMatrixAlloc` method. This also applies to the allocations on L598 and L599
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24969#discussion_r2252637672
More information about the security-dev
mailing list