%% You should probably cite draft-ounsworth-cfrg-kem-combiners-05 instead of this revision.
@techreport{ounsworth-cfrg-kem-combiners-04,
    number =    {draft-ounsworth-cfrg-kem-combiners-04},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ounsworth-cfrg-kem-combiners/04/},
    author =    {Mike Ounsworth and Aron Wussler and Stavros Kousidis},
    title =     {{Combiner function for hybrid key encapsulation mechanisms (Hybrid KEMs)}},
    pagetotal = 14,
    year =      2023,
    month =     jul,
    day =       8,
    abstract =  {The migration to post-quantum cryptography often calls for performing multiple key encapsulations in parallel and then combining their outputs to derive a single shared secret. This document defines a comprehensible and easy to implement Keccak- based KEM combiner to join an arbitrary number of key shares, that is compatible with NIST SP 800-56Cr2 {[}SP800-56C{]} when viewed as a key derivation function. The combiners defined here are practical split- key PRFs and are CCA-secure as long as at least one of the ingredient KEMs is.},
}