draft-ietf-lamps-dilithium-certificates-07 => RFC 9881

peterdettman · peterdettman · commit 1c6d12a177d0 · 2025-11-20T23:43:49.000+07:00
diff --git a/crypto/src/crypto/parameters/MLDsaPrivateKeyParameters.cs b/crypto/src/crypto/parameters/MLDsaPrivateKeyParameters.cs
@@ -11,6 +11,11 @@ public sealed class MLDsaPrivateKeyParameters
     {
         public enum Format { SeedOnly, EncodingOnly, SeedAndEncoding };
 
+        /*
+         * RFC 9881 8.1. [..] the seed format is RECOMMENDED for storage efficiency.
+         */
+        public static readonly Format DefaultFormat = Format.SeedOnly;
+
         public static MLDsaPrivateKeyParameters FromEncoding(MLDsaParameters parameters, byte[] encoding)
         {
             if (parameters == null)
@@ -52,7 +57,7 @@ public static MLDsaPrivateKeyParameters FromEncoding(MLDsaParameters parameters,
         }
 
         public static MLDsaPrivateKeyParameters FromSeed(MLDsaParameters parameters, byte[] seed) =>
-            FromSeed(parameters, seed, preferredFormat: Format.SeedOnly);
+            FromSeed(parameters, seed, preferredFormat: DefaultFormat);
 
         public static MLDsaPrivateKeyParameters FromSeed(MLDsaParameters parameters, byte[] seed,
             Format preferredFormat)
diff --git a/crypto/src/security/PrivateKeyFactory.cs b/crypto/src/security/PrivateKeyFactory.cs
@@ -338,6 +338,12 @@ public static AsymmetricKeyParameter CreateKey(PrivateKeyInfo keyInfo)
                             var fromSeed = MLDsaPrivateKeyParameters.FromSeed(mlDsaParameters, seed,
                                 preferredFormat: MLDsaPrivateKeyParameters.Format.SeedAndEncoding);
 
+                            /*
+                             * RFC 9881 8.2. When receiving a private key that contains both the seed and the
+                             * expandedKey, the recipient SHOULD perform a seed consistency check to ensure that the
+                             * sender properly generated the private key. [..] If the check is done and the seed and the
+                             * expandedKey are not consistent, the recipient MUST reject the private key as malformed.
+                             */
                             if (!Arrays.FixedTimeEquals(fromSeed.GetEncoded(), encoding))
                                 throw new ArgumentException("inconsistent " + mlDsaParameters.Name + " private key");
 

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,11 @@ public sealed class MLDsaPrivateKeyParameters`
`11`	`11`	`{`
`12`	`12`	`public enum Format { SeedOnly, EncodingOnly, SeedAndEncoding };`
`13`	`13`
	`14`	`+ /*`
	`15`	`+ * RFC 9881 8.1. [..] the seed format is RECOMMENDED for storage efficiency.`
	`16`	`+ */`
	`17`	`+ public static readonly Format DefaultFormat = Format.SeedOnly;`
	`18`	`+`
`14`	`19`	`public static MLDsaPrivateKeyParameters FromEncoding(MLDsaParameters parameters, byte[] encoding)`
`15`	`20`	`{`
`16`	`21`	`if (parameters == null)`
`@@ -52,7 +57,7 @@ public static MLDsaPrivateKeyParameters FromEncoding(MLDsaParameters parameters,`
`52`	`57`	`}`
`53`	`58`
`54`	`59`	`public static MLDsaPrivateKeyParameters FromSeed(MLDsaParameters parameters, byte[] seed) =>`
`55`		`- FromSeed(parameters, seed, preferredFormat: Format.SeedOnly);`
	`60`	`+ FromSeed(parameters, seed, preferredFormat: DefaultFormat);`
`56`	`61`
`57`	`62`	`public static MLDsaPrivateKeyParameters FromSeed(MLDsaParameters parameters, byte[] seed,`
`58`	`63`	`Format preferredFormat)`