Skip to content

Only sender pubkey in hpke.base metadata seal #116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 29, 2025
Merged

Only sender pubkey in hpke.base metadata seal #116

merged 3 commits into from
Oct 29, 2025

Conversation

@rocodes
Copy link
Contributor

@rocodes rocodes commented Oct 21, 2025
edited by cfm
Loading

Refs #86 (comment)

Description

Changes to benchmarking code:

  • Moved the DH-AKEM encaps shared secret and the PQ PSK encaps shared secret out of the hpke.base encrypted "metadata" and directly into the Envelope (the message payload to the server) per followup discussion with ethz - no need to double-encrypt them. (This matches the manuscript).
    • That means there's no "metadata" type now
    • It theoretically means that there should be a wrapper type for the ciphertext in the Envelope (to keep with the C, X, Z format), but since it's a quick benchmark implementation I have left all the bytes as separate types rather than concatenating them and them parsing them. edit: there's a wrapper type. :)
    • (There's the CombinedCiphertext type for serializing/deserializing all the parts, but I kept the type signature and even variable name in the Envelope struct unchanged, to avoid having to make any wasm-bindgen changes).
  • bonus: Include keygen for journalist reply keys (they aren't used because we aren't benching replies yet, but for more completeness).

Test plan

  • Visual review
  • CI
  • Compare with manuscript and discussion
  • make bench

@rocodes rocodes moved this to Ready For Review in SecureDrop Oct 21, 2025
@rocodes rocodes requested review from cfm and lsd-cat October 21, 2025 18:46
@rocodes rocodes moved this from Ready For Review to In Progress in SecureDrop Oct 21, 2025
@rocodes rocodes moved this from In Progress to Ready For Review in SecureDrop Oct 21, 2025
@rocodes rocodes force-pushed the hpke-base-only-for-dhakem-key branch from 1cec88c to 5f6508c Compare October 21, 2025 20:31
@rocodes
feat: Only sender pubkey is part of hpke.base metadata seal, dhakem_s…
1956861 
…s_encaps and pq_psk_ss_encaps are attached as bytes in Envelope.
@rocodes
refactor: Combine authenc message ct, dhakem shared secret encaps, pq…
d0106fe 
…kem shared secret encaps into Vec<u8> for consistency with wasm_bindgen
@rocodes
chore: clean up comments
ed7c3a4
@rocodes rocodes force-pushed the hpke-base-only-for-dhakem-key branch from b35f50e to ed7c3a4 Compare October 22, 2025 16:11
@rocodes rocodes changed the base branch from jen-scaffold to main October 22, 2025 16:12
@rocodes rocodes marked this pull request as ready for review October 22, 2025 16:12
@rocodes
Copy link
Contributor Author

rocodes commented Oct 22, 2025

(rebased, force-pushed, base branch now main)

@cfm cfm self-assigned this Oct 27, 2025
@rocodes rocodes mentioned this pull request Oct 27, 2025
Open
@cfm cfm moved this from Ready For Review to Under Review in SecureDrop Oct 29, 2025
cfm
cfm approved these changes Oct 29, 2025
View reviewed changes
Copy link
Member

@cfm cfm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @rocodes.

@cfm cfm added this pull request to the merge queue Oct 29, 2025
Merged via the queue into main with commit 171098f Oct 29, 2025
10 checks passed
@github-project-automation github-project-automation bot moved this from Under Review to Done in SecureDrop Oct 29, 2025
@nathandyer nathandyer removed this from SecureDrop Nov 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfm cfm cfm approved these changes

@lsd-cat lsd-cat Awaiting requested review from lsd-cat

Assignees

@cfm cfm

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rocodes @cfm