LP-175 mirrors HIP-0088 into Lux. The Lux ZAP handshake under
LUX_STRICT_PQ performs an ML-KEM-768 (FIPS 203 NIST PQ Cat 3,
default) or ML-KEM-1024 (Cat 5, high-value) encapsulation, with
mutual ML-DSA-65 signatures over the handshake transcript. The derived
shared secret is run through KMAC256 (SP 800-185) to produce a 256-bit
AEAD key.
ProfileID: 0x01 (ProfileLuxStrictPQ)
ProfileName: LUX_STRICT_PQ
HashSuiteID: SHA3_NIST (0x01)
IdentitySchemeID: ML_DSA_65 (0x42)
KEMSchemeIDDefault: ML_KEM_768 (0x01)
KEMSchemeIDHighValue: ML_KEM_1024 (0x02)
MinSoundnessBits: 128
MinHashOutputBits: 384
RequireTransparent: true
ForbidPairings: true
ForbidKZG: true
ForbidTrustedSetup: true
ForbidClassicalSNARKs: true
ForbidDevProofs: true
ForbidFallbacks: true
luxfi/consensus/config/pq_mode.go (KeyExchangeID). The auth-package surface re-exports the same
bytes via type alias (luxfi/consensus/protocol/auth/scheme_ids.go).
luxfi/node/network/kem/scheme.go + mlkem.go. Handshake state machine: luxfi/node/network/peer/handshake.go.
LUX_STRICT_PQ MUST useML-KEM-768 minimum; high-value mesh roles (bridge, governance MPC)
use ML-KEM-1024.
LUX_STRICT_PQ; hybridconstructions are admissible only on permissive profiles for legacy
interop.
A Lux node on LUX_STRICT_PQ MUST NOT negotiate X25519 or ECDH. The
KEM scheme byte is bound into the handshake transcript and into the
AEAD-key derivation; substitution is detected at the TupleHash256
binding step.
luxfi/consensus/config/pq_mode.go — canonical KeyExchangeID.luxfi/node/network/kem/, luxfi/node/network/peer/handshake.go.