Botan::KyberConstants Class Reference

#include <kyber_constants.h>

Public Types
enum	KyberDu : uint8_t { _10 = 10 , _11 = 11 }
enum	KyberDv : uint8_t { _4 = 4 , _5 = 5 }
enum	KyberEta : uint8_t { _2 = 2 , _3 = 3 }
enum	KyberStrength : uint16_t { _128 = 128 , _192 = 192 , _256 = 256 }
using	T = int16_t
	base data type for most calculations

Public Member Functions
size_t	canonical_parameter_set_identifier () const
	KyberConstants (const KyberConstants &other)
	KyberConstants (KyberConstants &&other)=default
	KyberConstants (KyberMode mode)
KyberMode	mode () const
KyberConstants &	operator= (const KyberConstants &other)=delete
KyberConstants &	operator= (KyberConstants &&other)=default
Kyber_Symmetric_Primitives &	symmetric_primitives () const
	~KyberConstants ()
Foundational constants
uint8_t	k () const
KyberEta	eta1 () const
constexpr KyberEta	eta2 () const
KyberDu	d_u () const
KyberDv	d_v () const
KyberStrength	estimated_strength () const
Sizes of encoded data structures
size_t	polynomial_vector_bytes () const
	byte length of an encoded polynomial vector
size_t	polynomial_vector_compressed_bytes () const
	byte length of an encoded compressed polynomial vector
size_t	polynomial_compressed_bytes () const
	byte length of an encoded compressed polynomial
size_t	ciphertext_bytes () const
	byte length of an encoded ciphertext
constexpr size_t	shared_key_bytes () const
	byte length of the shared key
size_t	public_key_bytes () const
	byte length of an encoded public key
size_t	expanded_private_key_bytes () const
	byte length of a private key with expanded encoding as defined
size_t	seed_private_key_bytes () const
	byte length of an private key encoded as the seed: d || z

Static Public Attributes
static constexpr T	F = 3303
	as specified in FIPS 203 (see Algorithm 10 (NTT^-1), f = 128^-1 mod Q)
static constexpr T	N = 256
	number of coefficients in a polynomial
static constexpr size_t	NTT_Degree = 128
	degree of the NTT polynomials
static constexpr size_t	PUBLIC_KEY_HASH_BYTES = 32
static constexpr T	Q = 3329
	modulus
static constexpr T	ROOT_OF_UNITY = 17
	the primitive 256-th root of unity modulo Q (see FIPS 203 Section 4.3)
static constexpr uint16_t	SAMPLE_NTT_POLY_FROM_XOF_BOUND = 280 * 3
	sampling limit for SampleNTT (in bytes), see FIPS 204, Apx B
static constexpr size_t	SEED_BYTES = 32
static constexpr size_t	SHARED_KEY_BYTES = 32

Detailed Description

Definition at line 22 of file kyber_constants.h.

Member Typedef Documentation

T

using Botan::KyberConstants::T = int16_t

base data type for most calculations

Definition at line 25 of file kyber_constants.h.

Member Enumeration Documentation

KyberDu

enum Botan::KyberConstants::KyberDu : uint8_t

Enumerator
_10
_11

Definition at line 55 of file kyber_constants.h.

: uint8_t { _10 = 10, _11 = 11 };

KyberDv

enum Botan::KyberConstants::KyberDv : uint8_t

Enumerator
_4
_5

Definition at line 57 of file kyber_constants.h.

: uint8_t { _4 = 4, _5 = 5 };

KyberEta

enum Botan::KyberConstants::KyberEta : uint8_t

Enumerator
_2
_3

Definition at line 53 of file kyber_constants.h.

: uint8_t { _2 = 2, _3 = 3 };

KyberStrength

enum Botan::KyberConstants::KyberStrength : uint16_t

Enumerator
_128
_192
_256

Definition at line 59 of file kyber_constants.h.

: uint16_t { _128 = 128, _192 = 192, _256 = 256 };

Constructor & Destructor Documentation

KyberConstants() [1/3]

Botan::KyberConstants::KyberConstants

(

KyberMode

mode

)

Definition at line 30 of file kyber_constants.cpp.

                                             : m_mode(mode) {
   switch(mode.mode()) {
      case KyberMode::Kyber512_R3:
      case KyberMode::Kyber512_90s:
      case KyberMode::ML_KEM_512:
         m_nist_strength = KyberStrength::_128;
         m_k = 2;
         m_eta1 = KyberEta::_3;
         m_du = KyberDu::_10;
         m_dv = KyberDv::_4;
         break;
 
      case KyberMode::Kyber768_R3:
      case KyberMode::Kyber768_90s:
      case KyberMode::ML_KEM_768:
         m_nist_strength = KyberStrength::_192;
         m_k = 3;
         m_eta1 = KyberEta::_2;
         m_du = KyberDu::_10;
         m_dv = KyberDv::_4;
         break;
 
      case KyberMode::Kyber1024_R3:
      case KyberMode::Kyber1024_90s:
      case KyberMode::ML_KEM_1024:
         m_nist_strength = KyberStrength::_256;
         m_k = 4;
         m_eta1 = KyberEta::_2;
         m_du = KyberDu::_11;
         m_dv = KyberDv::_5;
         break;
 
      default:
         BOTAN_ASSERT_UNREACHABLE();
   }
 
#ifdef BOTAN_HAS_KYBER_90S
   if(mode.is_kyber_round3() && mode.is_90s()) {
      m_symmetric_primitives = std::make_unique<Kyber_90s_Symmetric_Primitives>();
   }
#endif
 
#ifdef BOTAN_HAS_KYBER
   if(mode.is_kyber_round3() && mode.is_modern()) {
      m_symmetric_primitives = std::make_unique<Kyber_Modern_Symmetric_Primitives>();
   }
#endif
 
#ifdef BOTAN_HAS_ML_KEM
   if(mode.is_ml_kem()) {
      m_symmetric_primitives = std::make_unique<ML_KEM_Symmetric_Primitives>();
   }
#endif
 
   static_assert(N % 8 == 0);
   m_polynomial_vector_bytes = (bitlen(Q) * (N / 8)) * k();
   m_polynomial_vector_compressed_bytes = d_u() * k() * (N / 8);
   m_polynomial_compressed_bytes = d_v() * (N / 8);
   m_expanded_private_key_bytes =
      static_cast<uint32_t>(m_polynomial_vector_bytes + public_key_bytes() + PUBLIC_KEY_HASH_BYTES + SEED_BYTES);
   m_seed_private_key_bytes = 2 * SEED_BYTES;
 
   if(!m_symmetric_primitives) {
      throw Not_Implemented("requested Kyber mode is not enabled in this build");
   }
}

References Botan::bitlen(), BOTAN_HAS_KYBER, BOTAN_HAS_KYBER_90S, BOTAN_HAS_ML_KEM, d_u(), d_v(), k(), mode(), N, public_key_bytes(), PUBLIC_KEY_HASH_BYTES, Q, and SEED_BYTES.

Referenced by KyberConstants(), KyberConstants(), operator=(), and operator=().

~KyberConstants()

Botan::KyberConstants::~KyberConstants ( )

default

KyberConstants() [2/3]

Botan::KyberConstants::KyberConstants ( const KyberConstants & other )

inline

Definition at line 68 of file kyber_constants.h.

: KyberConstants(other.m_mode) {}

References KyberConstants().

KyberConstants() [3/3]

Botan::KyberConstants::KyberConstants ( KyberConstants && other )

default

References KyberConstants().

Member Function Documentation

canonical_parameter_set_identifier()

size_t Botan::KyberConstants::canonical_parameter_set_identifier ( ) const

inline

Returns

one of {512, 768, 1024}

Definition at line 77 of file kyber_constants.h.

{ return k() * N; }

References k(), and N.

ciphertext_bytes()

size_t Botan::KyberConstants::ciphertext_bytes ( ) const

inline

byte length of an encoded ciphertext

Definition at line 109 of file kyber_constants.h.

{ return polynomial_vector_compressed_bytes() + polynomial_compressed_bytes(); }

References polynomial_compressed_bytes(), and polynomial_vector_compressed_bytes().

Referenced by Botan::Kyber_KEM_Decryptor_Base::encapsulated_key_length(), and Botan::Kyber_KEM_Encryptor_Base::encapsulated_key_length().

d_u()

KyberDu Botan::KyberConstants::d_u ( ) const

inline

Definition at line 88 of file kyber_constants.h.

{ return m_du; }

Referenced by KyberConstants().

d_v()

KyberDv Botan::KyberConstants::d_v ( ) const

inline

Definition at line 90 of file kyber_constants.h.

{ return m_dv; }

Referenced by KyberConstants().

estimated_strength()

KyberStrength Botan::KyberConstants::estimated_strength ( ) const

inline

Definition at line 92 of file kyber_constants.h.

{ return m_nist_strength; }

eta1()

KyberEta Botan::KyberConstants::eta1 ( ) const

inline

Definition at line 84 of file kyber_constants.h.

{ return m_eta1; }

eta2()

KyberEta Botan::KyberConstants::eta2 ( ) const

inlineconstexpr

Definition at line 86 of file kyber_constants.h.

{ return KyberEta::_2; }

References _2.

expanded_private_key_bytes()

size_t Botan::KyberConstants::expanded_private_key_bytes ( ) const

inline

byte length of a private key with expanded encoding as defined

Definition at line 119 of file kyber_constants.h.

{ return m_expanded_private_key_bytes; }

k()

uint8_t Botan::KyberConstants::k ( ) const

inline

Definition at line 82 of file kyber_constants.h.

{ return m_k; }

Referenced by canonical_parameter_set_identifier(), Botan::Kyber_Algos::decode_polynomial_vector(), KyberConstants(), Botan::Kyber_Algos::sample_matrix(), and Botan::ML_KEM_Symmetric_Primitives::seed_expansion_domain_separator().

mode()

KyberMode Botan::KyberConstants::mode ( ) const

inline

Definition at line 74 of file kyber_constants.h.

{ return m_mode; }

Referenced by KyberConstants(), Botan::Kyber_KEM_Decryptor::mode(), Botan::Kyber_KEM_Encryptor::mode(), Botan::ML_KEM_Decryptor::mode(), and Botan::ML_KEM_Encryptor::mode().

operator=() [1/2]

KyberConstants & Botan::KyberConstants::operator= ( const KyberConstants & other )

delete

References KyberConstants().

operator=() [2/2]

KyberConstants & Botan::KyberConstants::operator= ( KyberConstants && other )

default

References KyberConstants().

polynomial_compressed_bytes()

size_t Botan::KyberConstants::polynomial_compressed_bytes ( ) const

inline

byte length of an encoded compressed polynomial

Definition at line 106 of file kyber_constants.h.

{ return m_polynomial_compressed_bytes; }

Referenced by ciphertext_bytes(), Botan::Kyber_Algos::compress_ciphertext(), and Botan::Kyber_Algos::decompress_ciphertext().

polynomial_vector_bytes()

size_t Botan::KyberConstants::polynomial_vector_bytes ( ) const

inline

byte length of an encoded polynomial vector

Definition at line 100 of file kyber_constants.h.

{ return m_polynomial_vector_bytes; }

Referenced by Botan::Expanded_Keypair_Codec::decode_keypair(), Botan::Kyber_Algos::encode_polynomial_vector(), and public_key_bytes().

polynomial_vector_compressed_bytes()

size_t Botan::KyberConstants::polynomial_vector_compressed_bytes ( ) const

inline

byte length of an encoded compressed polynomial vector

Definition at line 103 of file kyber_constants.h.

{ return m_polynomial_vector_compressed_bytes; }

Referenced by ciphertext_bytes(), Botan::Kyber_Algos::compress_ciphertext(), and Botan::Kyber_Algos::decompress_ciphertext().

public_key_bytes()

size_t Botan::KyberConstants::public_key_bytes ( ) const

inline

byte length of an encoded public key

Definition at line 115 of file kyber_constants.h.

{ return polynomial_vector_bytes() + SEED_BYTES; }

References polynomial_vector_bytes(), and SEED_BYTES.

Referenced by Botan::Expanded_Keypair_Codec::decode_keypair(), and KyberConstants().

seed_private_key_bytes()

size_t Botan::KyberConstants::seed_private_key_bytes ( ) const

inline

byte length of an private key encoded as the seed: d || z

Definition at line 122 of file kyber_constants.h.

{ return m_seed_private_key_bytes; }

shared_key_bytes()

size_t Botan::KyberConstants::shared_key_bytes ( ) const

inlineconstexpr

byte length of the shared key

Definition at line 112 of file kyber_constants.h.

{ return SHARED_KEY_BYTES; }

References SHARED_KEY_BYTES.

Referenced by Botan::Kyber_KEM_Decryptor_Base::raw_kem_shared_key_length(), and Botan::Kyber_KEM_Encryptor_Base::raw_kem_shared_key_length().

symmetric_primitives()

Kyber_Symmetric_Primitives & Botan::KyberConstants::symmetric_primitives ( ) const

inline

Definition at line 126 of file kyber_constants.h.

{ return *m_symmetric_primitives; }

Referenced by Botan::Kyber_Algos::expand_keypair(), and Botan::Kyber_Algos::sample_matrix().

Member Data Documentation

F

T Botan::KyberConstants::F = 3303

staticconstexpr

as specified in FIPS 203 (see Algorithm 10 (NTT^-1), f = 128^-1 mod Q)

Definition at line 34 of file kyber_constants.h.

N

T Botan::KyberConstants::N = 256

staticconstexpr

number of coefficients in a polynomial

Definition at line 28 of file kyber_constants.h.

Referenced by canonical_parameter_set_identifier(), KyberConstants(), and Botan::Kyber_Algos::polynomial_from_message().

NTT_Degree

size_t Botan::KyberConstants::NTT_Degree = 128

staticconstexpr

degree of the NTT polynomials

Definition at line 40 of file kyber_constants.h.

PUBLIC_KEY_HASH_BYTES

size_t Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES = 32

staticconstexpr

Definition at line 44 of file kyber_constants.h.

Referenced by Botan::Expanded_Keypair_Codec::decode_keypair(), and KyberConstants().

Q

T Botan::KyberConstants::Q = 3329

staticconstexpr

modulus

Definition at line 31 of file kyber_constants.h.

Referenced by Botan::Kyber_Algos::compress(), Botan::Kyber_Algos::decompress(), and KyberConstants().

ROOT_OF_UNITY

T Botan::KyberConstants::ROOT_OF_UNITY = 17

staticconstexpr

the primitive 256-th root of unity modulo Q (see FIPS 203 Section 4.3)

Definition at line 37 of file kyber_constants.h.

SAMPLE_NTT_POLY_FROM_XOF_BOUND

uint16_t Botan::KyberConstants::SAMPLE_NTT_POLY_FROM_XOF_BOUND = 280 * 3

staticconstexpr

sampling limit for SampleNTT (in bytes), see FIPS 204, Apx B

Definition at line 48 of file kyber_constants.h.

SEED_BYTES

size_t Botan::KyberConstants::SEED_BYTES = 32

staticconstexpr

Definition at line 43 of file kyber_constants.h.

Referenced by Botan::Kyber_KEM_Decryptor::decapsulate(), Botan::Expanded_Keypair_Codec::decode_keypair(), Botan::Seed_Expanding_Keypair_Codec::decode_keypair(), Botan::Kyber_KEM_Encryptor::encapsulate(), Botan::ML_KEM_Encryptor::encapsulate(), Botan::Kyber_PrivateKey::Kyber_PrivateKey(), KyberConstants(), public_key_bytes(), and Botan::Kyber_Algos::sample_matrix().

SHARED_KEY_BYTES

size_t Botan::KyberConstants::SHARED_KEY_BYTES = 32

staticconstexpr

Definition at line 45 of file kyber_constants.h.

Referenced by shared_key_bytes().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/kyber/kyber_common/kyber_constants.h
• src/lib/pubkey/kyber/kyber_common/kyber_constants.cpp