B Algorithm and key type encoding

These are encodings for PQC algorithms and keys defined in this extension. This information should be read in conjunction with [PSA-CRYPT] Appendix B.

Note

These encodings will be integrated into a future version of [PSA-CRYPT].

B.1 Algorithm encoding

B.1.1 Hash algorithm encoding

Additional hash algorithms defined by this extension are shown in Table 4. See also Hash algorithm encoding in [PSA-CRYPT] Appendix B.

Table 4 Hash algorithm sub-type values

Hash algorithm

HASH-TYPE

Algorithm identifier

Algorithm value

SHA-256/192

0x0E

PSA_ALG_SHA_256_192

0x0200000E

SHAKE128/256

0x16

PSA_ALG_SHAKE128_256

0x02000016

SHAKE256/192

0x17

PSA_ALG_SHAKE256_192

0x02000017

SHAKE256/256

0x18

PSA_ALG_SHAKE256_256

0x02000018

B.1.2 Asymmetric signature algorithm encoding

Additional signature algorithms defined by this extension are shown in Table 5. See also Asymmetric signature algorithm encoding in [PSA-CRYPT] Appendix B.

Table 5 Asymmetric signature algorithm sub-type values

Signature algorithm

SIGN-TYPE

Algorithm identifier

Algorithm value

Hedged SLH-DSA

0x40

PSA_ALG_SLH_DSA

0x06004000

Deterministic SLH-DSA

0x41

PSA_ALG_DETERMINISTIC_SLH_DSA

0x06004100

Hedged HashSLH-DSA

0x42

PSA_ALG_HASH_SLH_DSA(hash)

0x060042hh a

Deterministic HashSLH-DSA

0x43

PSA_ALG_DETERMINISTIC_HASH_SLH_DSA(hash)

0x060043hh a

Hedged ML-DSA

0x44

PSA_ALG_ML_DSA

0x06004400

Deterministic ML-DSA

0x45

PSA_ALG_DETERMINISTIC_ML_DSA

0x06004500

Hedged HashML-DSA

0x46

PSA_ALG_HASH_ML_DSA(hash)

0x060046hh a

Deterministic HashML-DSA

0x47

PSA_ALG_DETERMINISTIC_HASH_ML_DSA(hash)

0x060047hh a

LMS

0x48

PSA_ALG_LMS

0x06004800

HSS

0x49

PSA_ALG_HSS

0x06004900

XMSS

0x4A

PSA_ALG_XMSS

0x06004A00

XMSSMT

0x4B

PSA_ALG_XMSS_MT

0x06004B00

  1. hh is the HASH-TYPE for the hash algorithm, hash, used to construct the signature algorithm.

B.1.3 Key-encapsulation algorithm encoding

Additional key-encapsulation algorithms defined by this extension are shown in Table 6.

Table 6 Encapsulation algorithm sub-type values

Encapsulation algorithm

ENCAPS-TYPE

Algorithm identifier

Algorithm value

ML-KEM

0x02

PSA_ALG_ML_KEM

0x0C000200

B.2 Key encoding

Additional asymmetric key types defined by this extension are shown in Table 7. See also Asymmetric key encoding in [PSA-CRYPT] Appendix B.

Table 7 Asymmetric key sub-type values

Asymmetric key type

ASYM-TYPE

Details

SLH-DSA

3

See SLH-DSA key encoding

B.2.1 Non-parameterized asymmetric key encoding

Additional non-parameterized asymmetric key types defined by this extension are shown in Table 8. See also Non-parameterized asymmetric key encoding in [PSA-CRYPT] Appendix B.

Table 8 Non-parameterized asymmetric key family values

Key family

Public/pair

PAIR

NP-FAMILY

P

Key type

Key value

ML-DSA

Public key

0

1

0

PSA_KEY_TYPE_ML_DSA_PUBLIC_KEY

0x4002

Key pair

3

1

0

PSA_KEY_TYPE_ML_DSA_KEY_PAIR

0x7002

ML-KEM

Public key

0

2

0

PSA_KEY_TYPE_ML_KEM_PUBLIC_KEY

0x4004

Key pair

3

2

0

PSA_KEY_TYPE_ML_KEM_KEY_PAIR

0x7004

LMS

Public key

0

3

1

PSA_KEY_TYPE_LMS_PUBLIC_KEY

0x4007

HSS

Public key

0

4

0

PSA_KEY_TYPE_HSS_PUBLIC_KEY

0x4008

XMSS

Public key

0

5

1

PSA_KEY_TYPE_XMSS_PUBLIC_KEY

0x400B

XMSSMT

Public key

0

6

1

PSA_KEY_TYPE_XMSS_MT_PUBLIC_KEY

0x400D

B.2.2 SLH-DSA key encoding

The key type for SLH-DSA keys defined in this specification are encoded as shown in Figure 1.

../_images/slh_dsa_key.svg

Figure 1 SLH-DSA key encoding

PAIR is either 0 for a public key, or 3 for a key pair.

The defined values for FAMILY and P are shown in Table 9.

Table 9 SLH-DSA key family values

SLH-DSA key family

FAMILY

P

SLH-DSA family a

Public-key value

Key-pair value

SLH-DSA-SHA2-Ns

0x01

0

PSA_SLH_DSA_FAMILY_SHA2_S

0x4182

0x7182

SLH-DSA-SHA2-Nf

0x02

0

PSA_SLH_DSA_FAMILY_SHA2_F

0x4184

0x7184

SLH-DSA-SHAKE-Ns

0x05

1

PSA_SLH_DSA_FAMILY_SHAKE_S

0x418B

0x718B

SLH-DSA-SHAKE-Nf

0x06

1

PSA_SLH_DSA_FAMILY_SHAKE_F

0x418D

0x718D

  1. The SLH-DSA family values defined in the API also include the parity bit. The key type value is constructed from the SLH-DSA family using either PSA_KEY_TYPE_SLH_DSA_PUBLIC_KEY(family) or PSA_KEY_TYPE_SLH_DSA_KEY_PAIR(family) as required.