Botan 3.6.1
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Attributes | List of all members
Botan::KyberConstants Class Referencefinal

#include <kyber_constants.h>

Public Types

enum  KyberDu : uint8_t { _10 = 10 , _11 = 11 }
 
enum  KyberDv : uint8_t { _4 = 4 , _5 = 5 }
 
enum  KyberEta : uint8_t { _2 = 2 , _3 = 3 }
 
enum  KyberStrength : uint32_t { _128 = 128 , _192 = 192 , _256 = 256 }
 
using T = int16_t
 base data type for most calculations
 

Public Member Functions

size_t canonical_parameter_set_identifier () const
 
Kyber_Keypair_Codeckeypair_codec () const
 
 KyberConstants (const KyberConstants &other)
 
 KyberConstants (KyberConstants &&other)=default
 
 KyberConstants (KyberMode mode)
 
KyberMode mode () const
 
KyberConstantsoperator= (const KyberConstants &other)=delete
 
KyberConstantsoperator= (KyberConstants &&other)=default
 
Kyber_Symmetric_Primitivessymmetric_primitives () const
 
 ~KyberConstants ()
 
Foundational constants
uint8_t k () const
 
KyberEta eta1 () const
 
constexpr KyberEta eta2 () const
 
KyberDu d_u () const
 
KyberDv d_v () const
 
KyberStrength estimated_strength () const
 
Sizes of encoded data structures
size_t polynomial_vector_bytes () const
 byte length of an encoded polynomial vector
 
size_t polynomial_vector_compressed_bytes () const
 byte length of an encoded compressed polynomial vector
 
size_t polynomial_compressed_bytes () const
 byte length of an encoded compressed polynomial
 
size_t ciphertext_bytes () const
 byte length of an encoded ciphertext
 
constexpr size_t shared_key_bytes () const
 byte length of the shared key
 
size_t public_key_bytes () const
 byte length of an encoded public key
 
size_t private_key_bytes () const
 byte length of an encoded private key
 

Static Public Attributes

static constexpr T F = 3303
 as specified in FIPS 203 (see Algorithm 10 (NTT^-1), f = 128^-1 mod Q)
 
static constexpr T N = 256
 number of coefficients in a polynomial
 
static constexpr size_t NTT_Degree = 128
 degree of the NTT polynomials
 
static constexpr size_t PUBLIC_KEY_HASH_BYTES = 32
 
static constexpr T Q = 3329
 modulus
 
static constexpr T ROOT_OF_UNITY = 17
 the primitive 256-th root of unity modulo Q (see FIPS 203 Section 4.3)
 
static constexpr uint16_t SAMPLE_NTT_POLY_FROM_XOF_BOUND = 280 * 3
 sampling limit for SampleNTT (in bytes), see FIPS 204, Apx B
 
static constexpr size_t SEED_BYTES = 32
 
static constexpr size_t SHARED_KEY_BYTES = 32
 

Detailed Description

Definition at line 22 of file kyber_constants.h.

Member Typedef Documentation

◆ T

using Botan::KyberConstants::T = int16_t

base data type for most calculations

Definition at line 25 of file kyber_constants.h.

Member Enumeration Documentation

◆ KyberDu

enum Botan::KyberConstants::KyberDu : uint8_t
Enumerator
_10 
_11 

Definition at line 53 of file kyber_constants.h.

53: uint8_t { _10 = 10, _11 = 11 };

◆ KyberDv

enum Botan::KyberConstants::KyberDv : uint8_t
Enumerator
_4 
_5 

Definition at line 55 of file kyber_constants.h.

55: uint8_t { _4 = 4, _5 = 5 };

◆ KyberEta

enum Botan::KyberConstants::KyberEta : uint8_t
Enumerator
_2 
_3 

Definition at line 51 of file kyber_constants.h.

51: uint8_t { _2 = 2, _3 = 3 };

◆ KyberStrength

enum Botan::KyberConstants::KyberStrength : uint32_t
Enumerator
_128 
_192 
_256 

Definition at line 57 of file kyber_constants.h.

57: uint32_t { _128 = 128, _192 = 192, _256 = 256 };

Constructor & Destructor Documentation

◆ KyberConstants() [1/3]

Botan::KyberConstants::KyberConstants ( KyberMode mode)

Definition at line 34 of file kyber_constants.cpp.

34 : m_mode(mode) {
35 switch(mode.mode()) {
36 case KyberMode::Kyber512_R3:
37 case KyberMode::Kyber512_90s:
38 case KyberMode::ML_KEM_512:
39 m_nist_strength = KyberStrength::_128;
40 m_k = 2;
41 m_eta1 = KyberEta::_3;
42 m_du = KyberDu::_10;
43 m_dv = KyberDv::_4;
44 break;
45
46 case KyberMode::Kyber768_R3:
47 case KyberMode::Kyber768_90s:
48 case KyberMode::ML_KEM_768:
49 m_nist_strength = KyberStrength::_192;
50 m_k = 3;
51 m_eta1 = KyberEta::_2;
52 m_du = KyberDu::_10;
53 m_dv = KyberDv::_4;
54 break;
55
56 case KyberMode::Kyber1024_R3:
57 case KyberMode::Kyber1024_90s:
58 case KyberMode::ML_KEM_1024:
59 m_nist_strength = KyberStrength::_256;
60 m_k = 4;
61 m_eta1 = KyberEta::_2;
62 m_du = KyberDu::_11;
63 m_dv = KyberDv::_5;
64 break;
65
66 default:
67 BOTAN_ASSERT_UNREACHABLE();
68 }
69
70#ifdef BOTAN_HAS_KYBER_90S
71 if(mode.is_kyber_round3() && mode.is_90s()) {
72 m_symmetric_primitives = std::make_unique<Kyber_90s_Symmetric_Primitives>();
73 m_keypair_codec = std::make_unique<Kyber_Expanded_Keypair_Codec>();
74 }
75#endif
76
77#ifdef BOTAN_HAS_KYBER
78 if(mode.is_kyber_round3() && mode.is_modern()) {
79 m_symmetric_primitives = std::make_unique<Kyber_Modern_Symmetric_Primitives>();
80 m_keypair_codec = std::make_unique<Kyber_Expanded_Keypair_Codec>();
81 }
82#endif
83
84#ifdef BOTAN_HAS_ML_KEM
85 if(mode.is_ml_kem()) {
86 m_symmetric_primitives = std::make_unique<ML_KEM_Symmetric_Primitives>();
87 m_keypair_codec = std::make_unique<ML_KEM_Expanding_Keypair_Codec>();
88 }
89#endif
90
91 static_assert(N % 8 == 0);
92 m_polynomial_vector_bytes = (bitlen(Q) * (N / 8)) * k();
93 m_polynomial_vector_compressed_bytes = d_u() * k() * (N / 8);
94 m_polynomial_compressed_bytes = d_v() * (N / 8);
95 m_private_key_bytes = static_cast<uint32_t>([this] {
96 if(m_mode.is_ml_kem()) {
97 // ML-KEM's private keys are simply expanded from their seeds.
98 return 2 * SEED_BYTES;
99 } else {
100 return m_polynomial_vector_bytes + public_key_bytes() + PUBLIC_KEY_HASH_BYTES + SEED_BYTES;
101 }
102 }());
103
104 if(!m_symmetric_primitives) {
105 throw Not_Implemented("requested Kyber mode is not enabled in this build");
106 }
107}
BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137
Botan::KyberConstants::N
static constexpr T N
number of coefficients in a polynomial
Definition kyber_constants.h:28
Botan::KyberConstants::Q
static constexpr T Q
modulus
Definition kyber_constants.h:31
Botan::KyberConstants::SEED_BYTES
static constexpr size_t SEED_BYTES
Definition kyber_constants.h:43
Botan::KyberConstants::public_key_bytes
size_t public_key_bytes() const
byte length of an encoded public key
Definition kyber_constants.h:111
Botan::KyberConstants::mode
KyberMode mode() const
Definition kyber_constants.h:70
Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES
static constexpr size_t PUBLIC_KEY_HASH_BYTES
Definition kyber_constants.h:44
Botan::KyberMode::is_kyber_round3
bool is_kyber_round3() const
Definition kyber.cpp:136
Botan::KyberMode::is_modern
bool is_modern() const
Definition kyber.cpp:128
Botan::KyberMode::is_90s
bool is_90s() const
Definition kyber.cpp:124
Botan::KyberMode::is_ml_kem
bool is_ml_kem() const
Definition kyber.cpp:132
Botan::KyberMode::mode
Mode mode() const
Definition kyber.h:62
Botan::bitlen
constexpr auto bitlen(size_t x)
Definition pqcrystals_helpers.h:98

References Botan::bitlen(), BOTAN_HAS_KYBER, BOTAN_HAS_KYBER_90S, BOTAN_HAS_ML_KEM, d_u(), d_v(), Botan::KyberMode::is_90s(), Botan::KyberMode::is_kyber_round3(), Botan::KyberMode::is_ml_kem(), Botan::KyberMode::is_modern(), k(), mode(), Botan::KyberMode::mode(), N, public_key_bytes(), PUBLIC_KEY_HASH_BYTES, Q, and SEED_BYTES.

◆ ~KyberConstants()

Botan::KyberConstants::~KyberConstants ( )
default

◆ KyberConstants() [2/3]

Botan::KyberConstants::KyberConstants ( const KyberConstants & other)
inline

Definition at line 64 of file kyber_constants.h.

64: KyberConstants(other.m_mode) {}
Botan::KyberConstants::KyberConstants
KyberConstants(KyberMode mode)
Definition kyber_constants.cpp:34

◆ KyberConstants() [3/3]

Botan::KyberConstants::KyberConstants ( KyberConstants && other)
default

Member Function Documentation

◆ canonical_parameter_set_identifier()

size_t Botan::KyberConstants::canonical_parameter_set_identifier ( ) const
inline
Returns
one of {512, 768, 1024}

Definition at line 73 of file kyber_constants.h.

73{ return k() * N; }

References k(), and N.

◆ ciphertext_bytes()

size_t Botan::KyberConstants::ciphertext_bytes ( ) const
inline

byte length of an encoded ciphertext

Definition at line 105 of file kyber_constants.h.

105{ return polynomial_vector_compressed_bytes() + polynomial_compressed_bytes(); }
Botan::KyberConstants::polynomial_vector_compressed_bytes
size_t polynomial_vector_compressed_bytes() const
byte length of an encoded compressed polynomial vector
Definition kyber_constants.h:99
Botan::KyberConstants::polynomial_compressed_bytes
size_t polynomial_compressed_bytes() const
byte length of an encoded compressed polynomial
Definition kyber_constants.h:102

References polynomial_compressed_bytes(), and polynomial_vector_compressed_bytes().

Referenced by Botan::Kyber_KEM_Decryptor_Base::encapsulated_key_length(), Botan::Kyber_KEM_Encryptor_Base::encapsulated_key_length(), and Botan::Kyber_PublicKeyInternal::indcpa_encrypt().

◆ d_u()

KyberDu Botan::KyberConstants::d_u ( ) const
inline

Definition at line 84 of file kyber_constants.h.

84{ return m_du; }

Referenced by KyberConstants().

◆ d_v()

KyberDv Botan::KyberConstants::d_v ( ) const
inline

Definition at line 86 of file kyber_constants.h.

86{ return m_dv; }

Referenced by KyberConstants().

◆ estimated_strength()

KyberStrength Botan::KyberConstants::estimated_strength ( ) const
inline

Definition at line 88 of file kyber_constants.h.

88{ return m_nist_strength; }

◆ eta1()

KyberEta Botan::KyberConstants::eta1 ( ) const
inline

Definition at line 80 of file kyber_constants.h.

80{ return m_eta1; }

Referenced by Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta1().

◆ eta2()

KyberEta Botan::KyberConstants::eta2 ( ) const
inlineconstexpr

Definition at line 82 of file kyber_constants.h.

82{ return KyberEta::_2; }

References _2.

Referenced by Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_cbd_eta2(), and Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta2().

◆ k()

uint8_t Botan::KyberConstants::k ( ) const
inline

Definition at line 78 of file kyber_constants.h.

78{ return m_k; }

Referenced by canonical_parameter_set_identifier(), Botan::Kyber_Algos::decode_polynomial_vector(), KyberConstants(), Botan::Kyber_Algos::sample_matrix(), Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta1(), Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta2(), and Botan::ML_KEM_Symmetric_Primitives::seed_expansion_domain_separator().

◆ keypair_codec()

Kyber_Keypair_Codec & Botan::KyberConstants::keypair_codec ( ) const
inline

Definition at line 120 of file kyber_constants.h.

120{ return *m_keypair_codec; }

◆ mode()

KyberMode Botan::KyberConstants::mode ( ) const
inline

Definition at line 70 of file kyber_constants.h.

70{ return m_mode; }

Referenced by KyberConstants().

◆ operator=() [1/2]

KyberConstants & Botan::KyberConstants::operator= ( const KyberConstants & other)
delete

◆ operator=() [2/2]

KyberConstants & Botan::KyberConstants::operator= ( KyberConstants && other)
default

◆ polynomial_compressed_bytes()

size_t Botan::KyberConstants::polynomial_compressed_bytes ( ) const
inline

byte length of an encoded compressed polynomial

Definition at line 102 of file kyber_constants.h.

102{ return m_polynomial_compressed_bytes; }

Referenced by ciphertext_bytes(), Botan::Kyber_Algos::compress_ciphertext(), and Botan::Kyber_Algos::decompress_ciphertext().

◆ polynomial_vector_bytes()

size_t Botan::KyberConstants::polynomial_vector_bytes ( ) const
inline

byte length of an encoded polynomial vector

Definition at line 96 of file kyber_constants.h.

96{ return m_polynomial_vector_bytes; }

Referenced by Botan::Kyber_Expanded_Keypair_Codec::decode_keypair(), Botan::Kyber_Algos::encode_polynomial_vector(), and public_key_bytes().

◆ polynomial_vector_compressed_bytes()

size_t Botan::KyberConstants::polynomial_vector_compressed_bytes ( ) const
inline

byte length of an encoded compressed polynomial vector

Definition at line 99 of file kyber_constants.h.

99{ return m_polynomial_vector_compressed_bytes; }

Referenced by ciphertext_bytes(), Botan::Kyber_Algos::compress_ciphertext(), and Botan::Kyber_Algos::decompress_ciphertext().

◆ private_key_bytes()

size_t Botan::KyberConstants::private_key_bytes ( ) const
inline

byte length of an encoded private key

Definition at line 114 of file kyber_constants.h.

114{ return m_private_key_bytes; }

◆ public_key_bytes()

size_t Botan::KyberConstants::public_key_bytes ( ) const
inline

byte length of an encoded public key

Definition at line 111 of file kyber_constants.h.

111{ return polynomial_vector_bytes() + SEED_BYTES; }
Botan::KyberConstants::polynomial_vector_bytes
size_t polynomial_vector_bytes() const
byte length of an encoded polynomial vector
Definition kyber_constants.h:96

References polynomial_vector_bytes(), and SEED_BYTES.

Referenced by Botan::Kyber_Expanded_Keypair_Codec::decode_keypair(), and KyberConstants().

◆ shared_key_bytes()

size_t Botan::KyberConstants::shared_key_bytes ( ) const
inlineconstexpr

byte length of the shared key

Definition at line 108 of file kyber_constants.h.

108{ return SHARED_KEY_BYTES; }
Botan::KyberConstants::SHARED_KEY_BYTES
static constexpr size_t SHARED_KEY_BYTES
Definition kyber_constants.h:45

References SHARED_KEY_BYTES.

Referenced by Botan::Kyber_KEM_Decryptor_Base::raw_kem_shared_key_length(), and Botan::Kyber_KEM_Encryptor_Base::raw_kem_shared_key_length().

◆ symmetric_primitives()

Kyber_Symmetric_Primitives & Botan::KyberConstants::symmetric_primitives ( ) const
inline

Definition at line 118 of file kyber_constants.h.

118{ return *m_symmetric_primitives; }

Referenced by Botan::Kyber_Algos::expand_keypair(), and Botan::Kyber_Algos::sample_matrix().

Member Data Documentation

◆ F

T Botan::KyberConstants::F = 3303
staticconstexpr

as specified in FIPS 203 (see Algorithm 10 (NTT^-1), f = 128^-1 mod Q)

Definition at line 34 of file kyber_constants.h.

◆ N

T Botan::KyberConstants::N = 256
staticconstexpr

number of coefficients in a polynomial

Definition at line 28 of file kyber_constants.h.

Referenced by canonical_parameter_set_identifier(), KyberConstants(), and Botan::Kyber_Algos::polynomial_from_message().

◆ NTT_Degree

size_t Botan::KyberConstants::NTT_Degree = 128
staticconstexpr

degree of the NTT polynomials

Definition at line 40 of file kyber_constants.h.

◆ PUBLIC_KEY_HASH_BYTES

size_t Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES = 32
staticconstexpr

Definition at line 44 of file kyber_constants.h.

Referenced by Botan::Kyber_Expanded_Keypair_Codec::decode_keypair(), and KyberConstants().

◆ Q

T Botan::KyberConstants::Q = 3329
staticconstexpr

modulus

Definition at line 31 of file kyber_constants.h.

Referenced by Botan::Kyber_Algos::compress(), Botan::Kyber_Algos::decompress(), and KyberConstants().

◆ ROOT_OF_UNITY

T Botan::KyberConstants::ROOT_OF_UNITY = 17
staticconstexpr

the primitive 256-th root of unity modulo Q (see FIPS 203 Section 4.3)

Definition at line 37 of file kyber_constants.h.

◆ SAMPLE_NTT_POLY_FROM_XOF_BOUND

uint16_t Botan::KyberConstants::SAMPLE_NTT_POLY_FROM_XOF_BOUND = 280 * 3
staticconstexpr

sampling limit for SampleNTT (in bytes), see FIPS 204, Apx B

Definition at line 48 of file kyber_constants.h.

◆ SEED_BYTES

size_t Botan::KyberConstants::SEED_BYTES = 32
staticconstexpr

Definition at line 43 of file kyber_constants.h.

Referenced by Botan::Kyber_KEM_Decryptor::decapsulate(), Botan::Kyber_Expanded_Keypair_Codec::decode_keypair(), Botan::ML_KEM_Expanding_Keypair_Codec::decode_keypair(), Botan::Kyber_KEM_Encryptor::encapsulate(), Botan::ML_KEM_Encryptor::encapsulate(), Botan::Kyber_PrivateKey::Kyber_PrivateKey(), KyberConstants(), public_key_bytes(), and Botan::Kyber_Algos::sample_matrix().

◆ SHARED_KEY_BYTES

size_t Botan::KyberConstants::SHARED_KEY_BYTES = 32
staticconstexpr

Definition at line 45 of file kyber_constants.h.

Referenced by shared_key_bytes().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0