pub fn binding_digest<P>(
ephemeral_ec_public_key: &X25519Public,
pq_ciphertext: &MlKemCiphertext,
hashable_bytes: Vec<Box<dyn AsRef<[u8]> + '_>>,
participant: &P,
) -> CoreWrapper<Sha3_512Core>where
P: ParticipantPublicKeys,Expand description
Cryptographic bind ephemeral material and participant keys.
Generates a SIGMA-I-style binding digest for authenticated encryption to prove that the material involved belong to the same cryptographic operation:
- Ephemeral cryptographic material (EC public key + PQ ciphertext)
- The data being authenticated
- The participant public keys
This prevents substitution attacks where valid components are mixed and matched in unauthorized ways.