README
¶
filippo.io/mlkem768
https://pkg.go.dev/filippo.io/mlkem768
Package mlkem768 implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber).
Only the recommended ML-KEM-768 parameter set is provided.
The version currently implemented is the one specified by NIST FIPS 203 ipd, with the unintentional transposition of the matrix A reverted to match the behavior of Kyber version 3.0. Future v0 versions of this package might introduce backwards incompatible changes to implement changes to FIPS 203.
This package targets security, correctness, simplicity, readability, and reviewability as its primary goals. All critical operations are performed in constant time.
Variable and function names, as well as code layout, are selected to facilitate reviewing the implementation against the NIST FIPS 203 ipd document.
Reviewers unfamiliar with polynomials or linear algebra might find the background at https://words.filippo.io/kyber-math/ useful.
This code is aimed at being upstreamed in the standard library.
Documentation
¶
Overview ¶
Package mlkem768 implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber).
Only the recommended ML-KEM-768 parameter set is provided.
The version currently implemented is the one specified by NIST FIPS 203 ipd, with the unintentional transposition of the matrix A reverted to match the behavior of Kyber version 3.0. Future versions of this package might introduce backwards incompatible changes to implement changes to FIPS 203.
Index ¶
Constants ¶
const ( CiphertextSize = k*encodingSize10 + encodingSize4 EncapsulationKeySize = encryptionKeySize DecapsulationKeySize = decryptionKeySize + encryptionKeySize + 32 + 32 SeedSize = 32 + 32 )
Variables ¶
This section is empty.
Functions ¶
func Decapsulate ¶
func Decapsulate(dk *DecapsulationKey, ciphertext []byte) (sharedKey []byte, err error)
Decapsulate generates a shared key from a ciphertext and a decapsulation key. If the ciphertext is not valid, Decapsulate returns an error.
The shared key must be kept secret.
func Encapsulate ¶
Encapsulate generates a shared key and an associated ciphertext from an encapsulation key, drawing random bytes from crypto/rand. If the encapsulation key is not valid, Encapsulate returns an error.
The shared key must be kept secret.
Types ¶
type DecapsulationKey ¶
type DecapsulationKey struct {
// contains filtered or unexported fields
}
A DecapsulationKey is the secret key used to decapsulate a shared key from a ciphertext. It includes various precomputed values.
func GenerateKey ¶
func GenerateKey() (*DecapsulationKey, error)
GenerateKey generates a new decapsulation key, drawing random bytes from crypto/rand. The decapsulation key must be kept secret.
func NewKeyFromExtendedEncoding ¶
func NewKeyFromExtendedEncoding(decapsulationKey []byte) (*DecapsulationKey, error)
NewKeyFromExtendedEncoding parses a decapsulation key from its FIPS 203 (DRAFT) extended encoding.
func NewKeyFromSeed ¶
func NewKeyFromSeed(seed []byte) (*DecapsulationKey, error)
NewKeyFromSeed deterministically generates a decapsulation key from a 64-byte seed in the "d || z" form. The seed must be uniformly random.
func (*DecapsulationKey) Bytes ¶
func (dk *DecapsulationKey) Bytes() []byte
Bytes returns the extended encoding of the decapsulation key, according to FIPS 203 (DRAFT).
func (*DecapsulationKey) EncapsulationKey ¶
func (dk *DecapsulationKey) EncapsulationKey() []byte
EncapsulationKey returns the public encapsulation key necessary to produce ciphertexts.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package xwing implements the hybrid quantum-resistant key encapsulation method X-Wing, which combines X25519, ML-KEM-768, and SHA3-256 as specified in [draft-connolly-cfrg-xwing-kem-01].
|
Package xwing implements the hybrid quantum-resistant key encapsulation method X-Wing, which combines X25519, ML-KEM-768, and SHA3-256 as specified in [draft-connolly-cfrg-xwing-kem-01]. |