mlkem768

package standard library

go1.23.1 Latest Latest Go to latest Published: Sep 5, 2024 License: BSD-3-Clause Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

cs.opensource.google/go/go

Links

Report a Vulnerability

Documentation ¶

Overview ¶

Package mlkem768 implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber).

Only the recommended ML-KEM-768 parameter set is provided.

The version currently implemented is the one specified by NIST FIPS 203 ipd, with the unintentional transposition of the matrix A reverted to match the behavior of Kyber version 3.0. Future versions of this package might introduce backwards incompatible changes to implement changes to FIPS 203.

Index ¶

Constants
func Decapsulate(dk *DecapsulationKey, ciphertext []byte) (sharedKey []byte, err error)
func Encapsulate(encapsulationKey []byte) (ciphertext, sharedKey []byte, err error)
type DecapsulationKey
- func (dk *DecapsulationKey) Bytes() []byte
- func (dk *DecapsulationKey) EncapsulationKey() []byte

Constants ¶

View Source

const (
	CiphertextSize       = k*encodingSize10 + encodingSize4
	EncapsulationKeySize = encryptionKeySize
	DecapsulationKeySize = decryptionKeySize + encryptionKeySize + 32 + 32
	SharedKeySize        = 32
	SeedSize             = 32 + 32
)

Variables ¶

This section is empty.

Functions ¶

func Decapsulate ¶

func Decapsulate(dk *DecapsulationKey, ciphertext []byte) (sharedKey []byte, err error)

Decapsulate generates a shared key from a ciphertext and a decapsulation key. If the ciphertext is not valid, Decapsulate returns an error.

The shared key must be kept secret.

func Encapsulate ¶

func Encapsulate(encapsulationKey []byte) (ciphertext, sharedKey []byte, err error)

Encapsulate generates a shared key and an associated ciphertext from an encapsulation key, drawing random bytes from crypto/rand. If the encapsulation key is not valid, Encapsulate returns an error.

The shared key must be kept secret.

Types ¶

type DecapsulationKey ¶

type DecapsulationKey struct {
	// contains filtered or unexported fields
}

A DecapsulationKey is the secret key used to decapsulate a shared key from a ciphertext. It includes various precomputed values.

func GenerateKey ¶

func GenerateKey() (*DecapsulationKey, error)

GenerateKey generates a new decapsulation key, drawing random bytes from crypto/rand. The decapsulation key must be kept secret.

func NewKeyFromExtendedEncoding ¶

func NewKeyFromExtendedEncoding(decapsulationKey []byte) (*DecapsulationKey, error)

NewKeyFromExtendedEncoding parses a decapsulation key from its FIPS 203 (DRAFT) extended encoding.

func NewKeyFromSeed ¶

func NewKeyFromSeed(seed []byte) (*DecapsulationKey, error)

NewKeyFromSeed deterministically generates a decapsulation key from a 64-byte seed in the "d || z" form. The seed must be uniformly random.

func (*DecapsulationKey) Bytes ¶

func (dk *DecapsulationKey) Bytes() []byte

Bytes returns the extended encoding of the decapsulation key, according to FIPS 203 (DRAFT).

func (*DecapsulationKey) EncapsulationKey ¶

func (dk *DecapsulationKey) EncapsulationKey() []byte

EncapsulationKey returns the public encapsulation key necessary to produce ciphertexts.

Source Files ¶

View all Source files

mlkem768.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL