0588ce40b038aac353d1cf8c67a674b412985105794821013ef154f786c4d89d 0987fe72ad5ea58e73344f9a2a543f4131d9fdb7cf07474f501430a20f705b4d 0d7a8be1410cd68eed4845ab487b4b4cfaecd8ebad1a1166a84230499200ee20 160867d96032b640208c1c92174d0270bb89189d72320711acd221bbea2a26b6 16a22adbeced91ada60b5561611748edd2fedc51e0770f86d7394870062e7322 16f2aea8ec1ca277c04cc7b87681d7d38511a38f554775a8fc4de41aa76eb586 2fc0c8fcace9636c86d1ee1715a302819ad48c549579a462a33eed36627c532e 342e5db2de345215cb2c944f7102ffed3b9cf12d 3e8745a4bb488779e0f32480fa23f8d0bfd8c2f49d7f74e957e1c2ffc2ef4bfc 570a5bbab93169876a8240da35a1ada7ba8a640aabe3ab467c797214844df15f 5ac67eab192f25ac99d87543e6fcd3a4769cb02c9d1afdc79354c2baa2289e29 5bf078bf7977109db6dead92d3578b62d0ab0487ef84e8e0af08f4b4b229e590 5c5652a690b55d1e9545fbd722f838cd8ff4d3657af5a9026d02f3185ca74993 5dc60150f5f965ddc8014b6aa2ecae1831467e98fa315422f238984d6421a22e 65090e147a8116ab7f62ab4ec7aae59d9e6532feb2af230c73cdc869fbc60c8f 72fff84863aeba67f0d1d7691173247dd427533b9d7ee76011c6f77f2ce9fa7a 732860c8114ae84a964664b1f607785d11bc7d24d5324510adad89bd52db7ee0df9982ad0d1669bdd05556330c86f2dae9e2edea42e05bc5 7dae8fbce23022607167af72a002e774e0ca379a2d7ae072384e1e8fde3265e4 88f3e9a8de1917127b4b758f6e83bd4ce00faaae01bd8b6e412a43a710b26012 94a3b8c9784463bb96b682cddf549adb23579b75bcb646f989d7cfe3e6e14435 9d994741e0db5eacee44cb028c2ec48b1346feae2576aaac383bbcd64138c932 9dbd0f9bde7fef09817146e53a0b5ce7d27e79612670968fa0025422c578ab55 a3e2e14b6a493ff930fb27321f125e9a6880338be9fb7da3ae065ea65793242f a4904982f7caa9c9de690afd772d8bfe027a1ad6a5bbda00db68963fe303ae8e adee68618b302d4bfd7ae3d432bc63a1c1ad7f5fd6e7fd7bdedbb0d0b14a5c9a ae8ab57801911c04c7b4c2a2f665cf8d8a8188f948c2a65e39c292d9b1d86e32 AES-128 AES-256 AES-KeyWrap algId algID b0e45408d8c713f3941cd27276f879e557df013e05bcf43e37d4c60266a4b797 b4dc7197e1519822ca689da484643edf272934d98ae1974b5d88317a7a6a3c4f c1591d7511f9f0213bfd57cf316e5ec0d40c4ea826fa989ab606aa3b8a1a2c1f c789e17d9dbdca7b3c833a3c063feb0353f80ad911fe27868fb0645df803e947 C = AESKeyWrap(KEK, sessionKey) C ctx d54e0307021169f7b88beb2b76e3aad0e114be1a8f982d74dba9ca51d03537f4 d8875664256c382dd7f3a5ce05021088922811f5d0b1a1f8c7769944a51b7002 dafe0eebb2675ecfcdc20a23fe89ca5d12e83f527dfa354b6dcf662131a48b9d dataDigest domSep || len(domSep) domSep d e51dbfea51936988b5428fffa4f95f985ed61a51 e87567cad8fee5738f92090feed009d8af95437fa664f94da98776d966bbbc52 (ecdhCipherText, ecdhKeyShare) = ECDH-KEM.Encaps(ecdhPublicKey) ecdhCipherText || mlkemCipherText || len(C, symAlgId) (|| symAlgId) || C ecdhCipherText ECDH-KEM (ecdhKeyShare) = ECDH-KEM.Decaps(ecdhCipherText, ecdhSecretKey) ecdhKeyShare ecdhPublicKey ecdhSecretKey EdDSA.Sign() EdDSA.Verify() eed4d13fc36c78e48276a93233339c4dd230fd5f6f5c5b82c63d5c0b5e361d92 ef1e32906f67d39bc800d90cabb0033c77ca6dce8ffca3e96d9c7348e2e8c16e encryptedKey f18f161e617b8ce5968f109aadea1e7e1511d10165768d36127ba913c00637d2 KEK = multiKeyCombine(mlkemKeyShare, ecdhKeyShare, ecdhCipherText, ecdhPublicKey, algId) KEK len(C, symAlgId) len(domSep) MD5 ML-DSA.KeyGen_internal ML-DSA.KeyGen ML-DSA.Sign() ML-DSA.Sign ML-DSA.Verify() ML-DSA.Verify (mlkemCipherText, mlkemKeyShare) = ML-KEM.Encaps(mlkemPublicKey) mlkemCipherText ML-KEM.Decaps ML-KEM.Encaps ML-KEM.KeyGen_internal ML-KEM.KeyGen (mlkemKeyShare) = ML-KEM.Decaps(mlkemCipherText, mlkemSecretKey) mlkemKeyShare mlkemPublicKey mlkemSecretKey ML-KEM M multiKeyCombine n OCB OpenPGP Public Key Algorithms pkComposite RIPEMD-160 r R R = X25519(r, U(P)) R = X448(r, U(P)) sessionKey = AESKeyUnwrap(KEK, C) sessionKey SHA-1 slh_keygen slh_sign slh_verify symAlgId || U(P) v V V = X25519(v,U(P)) V = X448(v,U(P)) X25519-KEM.Decaps() X25519-KEM.Encaps() X25519-KEM X25519() X448-KEM.Decaps() X448-KEM.Encaps() X448-KEM X448() xi X X = X25519(r, V) X = X25519(v, R) X = X448(r, V) X = X448(v, R) z