From 01accb788c7e50ecd136d410287ca8692613249d Mon Sep 17 00:00:00 2001
From: agureev <artguril@proton.me>
Date: Wed, 24 Jun 2026 21:17:43 +0400
Subject: [PATCH] feat: add prefix to the ML KEM kdf

---
 .../core/src/encryption/shared_key_derivation.rs          | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lee/state_machine/core/src/encryption/shared_key_derivation.rs b/lee/state_machine/core/src/encryption/shared_key_derivation.rs
index 71bcf144..c476b71f 100644
--- a/lee/state_machine/core/src/encryption/shared_key_derivation.rs
+++ b/lee/state_machine/core/src/encryption/shared_key_derivation.rs
@@ -97,9 +97,11 @@ impl SharedSecretKey {
     ) -> (Self, EphemeralPublicKey) {
         use risc0_zkvm::sha::{Impl, Sha256 as _};
 
-        let mut input = [0_u8; 32 + 4];
-        input[0..32].copy_from_slice(message_hash);
-        input[32..36].copy_from_slice(&output_index.to_le_bytes());
+        const PREFIX: &[u8; 21] = b"/LEE/v0.3/KDF-ML-KEM/";
+        let mut input = [0; 21 + 32 + 4];
+        input[0..21].copy_from_slice(PREFIX);
+        input[21..53].copy_from_slice(message_hash);
+        input[53..57].copy_from_slice(&output_index.to_le_bytes());
         let hash = Impl::hash_bytes(&input);
         let m: ml_kem::B32 =
             ml_kem::array::Array::try_from(hash.as_bytes()).expect("SHA-256 output is 32 bytes");