Next: GOST R 34.10+HKDF KEM, Up: Key encapsulation mechanisms [Index]
balloon-cost {
{field s {int} >0} {# space cost}
{field t {int} >0} {# time cost}
{field p {int} >0} {# parallel cost}
}
kem-balloon-blake2b-hkdf {
{field a {str} =balloon-blake2b-hkdf}
{field cek {bin} >0} {# wrapped CEK}
{field salt {bin} >0}
{field cost {with balloon-cost}}
}
Balloon memory-hardened password hasher must be used with BLAKE2b hash.
H = BLAKE2b
KEK = HKDF-Expand(H,
prk=balloon(H, passphrase, /kem/salt, s, t, p),
info="cm/encrypted/balloon-blake2b-hkdf" || /id)
/kem/*/cek is wrapped with XChaCha20-Poly1305 key wrapping mechanism mechanism.
HKDF is KDF algorithm, RFC 5869. BLAKE2b is hashing algorithm, RFC 7693.