package mlkem

import "crypto/internal/fips140/mlkem"

Package mlkem implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber), as specified in NIST FIPS 203.

Index ¶

• Constants
• type DecapsulationKey1024
• func GenerateKey1024() (*DecapsulationKey1024, error)
• func GenerateKeyInternal1024(d, z *[32]byte) *DecapsulationKey1024
• func NewDecapsulationKey1024(seed []byte) (*DecapsulationKey1024, error)
• func (dk *DecapsulationKey1024) Bytes() []byte
• func (dk *DecapsulationKey1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error)
• func (dk *DecapsulationKey1024) EncapsulationKey() *EncapsulationKey1024
• type DecapsulationKey768
• func GenerateKey768() (*DecapsulationKey768, error)
• func GenerateKeyInternal768(d, z *[32]byte) *DecapsulationKey768
• func NewDecapsulationKey768(seed []byte) (*DecapsulationKey768, error)
• func (dk *DecapsulationKey768) Bytes() []byte
• func (dk *DecapsulationKey768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error)
• func (dk *DecapsulationKey768) EncapsulationKey() *EncapsulationKey768
• type EncapsulationKey1024
• func NewEncapsulationKey1024(encapsulationKey []byte) (*EncapsulationKey1024, error)
• func (ek *EncapsulationKey1024) Bytes() []byte
• func (ek *EncapsulationKey1024) Encapsulate() (ciphertext, sharedKey []byte)
• func (ek *EncapsulationKey1024) EncapsulateInternal(m *[32]byte) (ciphertext, sharedKey []byte)
• type EncapsulationKey768
• func NewEncapsulationKey768(encapsulationKey []byte) (*EncapsulationKey768, error)
• func (ek *EncapsulationKey768) Bytes() []byte
• func (ek *EncapsulationKey768) Encapsulate() (ciphertext, sharedKey []byte)
• func (ek *EncapsulationKey768) EncapsulateInternal(m *[32]byte) (ciphertext, sharedKey []byte)

Constants ¶

const (
	SharedKeySize = 32
	SeedSize      = 32 + 32
)

const (
	CiphertextSize768       = k*encodingSize10 + encodingSize4
	EncapsulationKeySize768 = k*encodingSize12 + 32
)

ML-KEM-768 parameters.

const (
	CiphertextSize1024       = k1024*encodingSize11 + encodingSize5
	EncapsulationKeySize1024 = k1024*encodingSize12 + 32
)

ML-KEM-1024 parameters.

Types ¶

type DecapsulationKey1024 ¶

type DecapsulationKey1024 struct {
	// contains filtered or unexported fields
}

A DecapsulationKey1024 is the secret key used to decapsulate a shared key from a ciphertext. It includes various precomputed values.

func GenerateKey1024 ¶

func GenerateKey1024() (*DecapsulationKey1024, error)

GenerateKey1024 generates a new decapsulation key, drawing random bytes from a DRBG. The decapsulation key must be kept secret.

func GenerateKeyInternal1024 ¶

func GenerateKeyInternal1024(d, z *[32]byte) *DecapsulationKey1024

GenerateKeyInternal1024 is a derandomized version of GenerateKey1024, exclusively for use in tests.

func NewDecapsulationKey1024 ¶

func NewDecapsulationKey1024(seed []byte) (*DecapsulationKey1024, error)

NewDecapsulationKey1024 parses a decapsulation key from a 64-byte seed in the "d || z" form. The seed must be uniformly random.

func (*DecapsulationKey1024) Bytes ¶

func (dk *DecapsulationKey1024) Bytes() []byte

Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form.

The decapsulation key must be kept secret.

func (*DecapsulationKey1024) Decapsulate ¶

func (dk *DecapsulationKey1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error)

Decapsulate generates a shared key from a ciphertext and a decapsulation key. If the ciphertext is not valid, Decapsulate returns an error.

The shared key must be kept secret.

func (*DecapsulationKey1024) EncapsulationKey ¶

func (dk *DecapsulationKey1024) EncapsulationKey() *EncapsulationKey1024

EncapsulationKey returns the public encapsulation key necessary to produce ciphertexts.

type DecapsulationKey768 ¶

type DecapsulationKey768 struct {
	// contains filtered or unexported fields
}

A DecapsulationKey768 is the secret key used to decapsulate a shared key from a ciphertext. It includes various precomputed values.

func GenerateKey768 ¶

func GenerateKey768() (*DecapsulationKey768, error)

GenerateKey768 generates a new decapsulation key, drawing random bytes from a DRBG. The decapsulation key must be kept secret.

func GenerateKeyInternal768 ¶

func GenerateKeyInternal768(d, z *[32]byte) *DecapsulationKey768

GenerateKeyInternal768 is a derandomized version of GenerateKey768, exclusively for use in tests.

func NewDecapsulationKey768 ¶

func NewDecapsulationKey768(seed []byte) (*DecapsulationKey768, error)

NewDecapsulationKey768 parses a decapsulation key from a 64-byte seed in the "d || z" form. The seed must be uniformly random.

func (*DecapsulationKey768) Bytes ¶

func (dk *DecapsulationKey768) Bytes() []byte

Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form.

The decapsulation key must be kept secret.

func (*DecapsulationKey768) Decapsulate ¶

func (dk *DecapsulationKey768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error)

Decapsulate generates a shared key from a ciphertext and a decapsulation key. If the ciphertext is not valid, Decapsulate returns an error.

The shared key must be kept secret.

func (*DecapsulationKey768) EncapsulationKey ¶

func (dk *DecapsulationKey768) EncapsulationKey() *EncapsulationKey768

EncapsulationKey returns the public encapsulation key necessary to produce ciphertexts.

type EncapsulationKey1024 ¶

type EncapsulationKey1024 struct {
	// contains filtered or unexported fields
}

An EncapsulationKey1024 is the public key used to produce ciphertexts to be decapsulated by the corresponding DecapsulationKey1024.

func NewEncapsulationKey1024 ¶

func NewEncapsulationKey1024(encapsulationKey []byte) (*EncapsulationKey1024, error)

NewEncapsulationKey1024 parses an encapsulation key from its encoded form. If the encapsulation key is not valid, NewEncapsulationKey1024 returns an error.

func (*EncapsulationKey1024) Bytes ¶

func (ek *EncapsulationKey1024) Bytes() []byte

Bytes returns the encapsulation key as a byte slice.

func (*EncapsulationKey1024) Encapsulate ¶

func (ek *EncapsulationKey1024) Encapsulate() (ciphertext, sharedKey []byte)

Encapsulate generates a shared key and an associated ciphertext from an encapsulation key, drawing random bytes from a DRBG.

The shared key must be kept secret.

func (*EncapsulationKey1024) EncapsulateInternal ¶

func (ek *EncapsulationKey1024) EncapsulateInternal(m *[32]byte) (ciphertext, sharedKey []byte)

EncapsulateInternal is a derandomized version of Encapsulate, exclusively for use in tests.

type EncapsulationKey768 ¶

type EncapsulationKey768 struct {
	// contains filtered or unexported fields
}

An EncapsulationKey768 is the public key used to produce ciphertexts to be decapsulated by the corresponding DecapsulationKey768.

func NewEncapsulationKey768 ¶

func NewEncapsulationKey768(encapsulationKey []byte) (*EncapsulationKey768, error)

NewEncapsulationKey768 parses an encapsulation key from its encoded form. If the encapsulation key is not valid, NewEncapsulationKey768 returns an error.

func (*EncapsulationKey768) Bytes ¶

func (ek *EncapsulationKey768) Bytes() []byte

Bytes returns the encapsulation key as a byte slice.

func (*EncapsulationKey768) Encapsulate ¶

func (ek *EncapsulationKey768) Encapsulate() (ciphertext, sharedKey []byte)

Encapsulate generates a shared key and an associated ciphertext from an encapsulation key, drawing random bytes from a DRBG.

The shared key must be kept secret.

func (*EncapsulationKey768) EncapsulateInternal ¶

func (ek *EncapsulationKey768) EncapsulateInternal(m *[32]byte) (ciphertext, sharedKey []byte)

EncapsulateInternal is a derandomized version of Encapsulate, exclusively for use in tests.

Source Files ¶

cast.go field.go mlkem1024.go mlkem768.go