About the plaintext length of CPAPKE

Question

About the plaintext length of CPAPKE

qinleiyong opened this issue 7 months ago · 1 comments

May I ask why CPAPKE can only encrypt data with a fixed length of 32 bytes? I don't seem to have found any explanation about this in the document. Does this mean that I cannot consider CPAPKE as a public key encryption scheme that can replace RSA?

Answer 1 · 2024-01-31T12:17:02.000Z

You should not use the PKE as a standalone primitive at all. Kyber is a KEM and the entry points are the crypto_kem_* functions. You can use the KEM to build a PKE using the KEM/DEM construction.