Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-11-TGBT] Question of 11-25/1592

 

  Hi Nehru,

 

  Thank you very much for this email to the reflector!

 

  The PTK is always generated using a hash algorithm from 12.X. Since the PAKE has 2 messages sent prior to establishment of the ML-KEM parameter which fixes the hash algorithm, it notes in 12.X.4.2 that the hash algorithm for the transcript generation is SHA512. But the PTK stuff remains bound to the ML-KEM parameter.

 

  I'm reworking the PAKE exchange to align with the 11bi method of password identifier privacy and, serendipitously, this issue goes away. I will strive to ensure that the wording is clear though. And if you do find anything that isn't, please do send a note to the reflector.

 

  regards,

 

  Dan.

 

--

"the object of life is not to be on the side of the majority, but to

escape finding oneself in the ranks of the insane." – Marcus Aurelius

 

On 10/13/25, 3:14 PM, "Nehru Bhandaru" <00000a7a761100fa-dmarc-request@xxxxxxxxxxxxxxxxx> wrote:

 

Hi Dan,

 

Hope all is well. 

 

We’ve been looking at the 802.11 Authentication frame sequences for PQC PAKE from 11-25/1592r0, and have a question regarding which hash function gets used while computing the PTK (by hKDF). Not sure if we are missing something or if 11-25/1592r2 addresses this.

 

From the text, it is clear that for exchanges that are related to KEM, when parameters are known, Table 12.X maps the KEM level to the hash function (SHA256/384/512) - this includes PMK caching, OWE replacement, ID privacy exchange, and NOIC Exchange. It is also specified to use SHA-512 for computing the transcript T from the auth frame bodies which are exchanged before KEM parameters for NOIC are. What is the hash function used for computing the PTK - which is specified as -

  PTK = HKDF-expand(HKDF-extract(T, PMK), “IEEE 802.11 PQC PTK Derivation”, PTKLen) ?

 

This comes after the two exchanges for PQC PAKE that may have different KEM parameters? Should it use the hash function as per NOIC KEM parameter or SHA-512 or something else.

 

Thanks

 

-N

 

To unsubscribe from the STDS-802-11-TGBT list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBT&A=1

To unsubscribe from the STDS-802-11-TGBT list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBT&A=1