%% You should probably cite draft-ietf-lamps-pq-composite-kem instead of this I-D.
@techreport{ounsworth-pq-composite-kem-00,
    number =    {draft-ounsworth-pq-composite-kem-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-kem/00/},
    author =    {Mike Ounsworth and John Gray},
    title =     {{Composite KEM For Use In Internet PKI}},
    pagetotal = 24,
    year =      2022,
    month =     jul,
    day =       11,
    abstract =  {The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for the required data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptanalysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics as well as hardware and software implementations that have not had sufficient maturing time to rule out classical cryptanalytic attacks and implementation bugs. Cautious Implementers may wish to layer cryptographic algorithms such that an attacker would need to break all of them in order to compromise the data being protected. For digital signatures, this is referred to as "dual", and for encryption key establishment this as referred to as "hybrid". This document, and its companions, defines a specific instantiation of the dual and hybrid paradigm called "composite" where multiple cryptographic algorithms are combined to form a single key, signature, or key encapsulation mechanism (KEM) such that they can be treated as a single atomic object at the protocol level. EDNOTE: the terms "dual" and "hybrid" are currently in flux. We anticipate an Informational draft to normalize terminology, and will update this draft accordingly. This document defines a Composite key encapsulation mechanism (KEM) procedure, for use with Composite keys which consist of combinations of Encryption or KEM algorithms for each composite component algorithm. This document also introduces the idea of assigning an Object Identifier (OID) to a shared secret combiner so that stronger combiners can be implemented in the future without needing to re- issue this specification. This document is intended to be coupled with the composite keys structure define in {[}I-D.ounsworth-pq-composite-keys{]} and the CMS KEM-TRANS mechanism in {[}I-D.perret-prat-lamps-cms-pq-kem{]}.},
}