#include <kyber_round3_impl.h>

Inheritance diagram for Botan::Kyber_KEM_Decryptor:

Public Member Functions
size_t	encapsulated_key_length () const override

void	kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key, size_t desired_shared_key_len, std::span< const uint8_t > salt) final

	Kyber_KEM_Decryptor (std::shared_ptr< const Kyber_PrivateKeyInternal > private_key, std::shared_ptr< const Kyber_PublicKeyInternal > public_key, std::string_view kdf)

void	raw_kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key) final

size_t	raw_kem_shared_key_length () const override

size_t	shared_key_length (size_t desired_shared_key_len) const final

Protected Member Functions
void	decapsulate (StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key) override

const KyberConstants &	mode () const override

const KyberPolyMat &	precomputed_matrix_At () const

Detailed Description

Definition at line 36 of file kyber_round3_impl.h.

Constructor & Destructor Documentation

◆ Kyber_KEM_Decryptor()

Botan::Kyber_KEM_Decryptor::Kyber_KEM_Decryptor	(	std::shared_ptr< const Kyber_PrivateKeyInternal >	private_key,
		std::shared_ptr< const Kyber_PublicKeyInternal >	public_key,
		std::string_view	kdf )

inline

Definition at line 38 of file kyber_round3_impl.h.

                                              :
            Kyber_KEM_Decryptor_Base(kdf, *public_key),
            m_public_key(std::move(public_key)),
            m_private_key(std::move(private_key)) {}

Member Function Documentation

◆ decapsulate()

void Botan::Kyber_KEM_Decryptor::decapsulate	(	StrongSpan< KyberSharedSecret >	out_shared_key,
		StrongSpan< const KyberCompressedCiphertext >	encapsulated_key )

overrideprotectedvirtual

Crystals Kyber (Version 3.01), Algorithm 9 (Kyber.CCAKEM.Dec())

Implements Botan::Kyber_KEM_Decryptor_Base.

Definition at line 41 of file kyber_round3_impl.cpp.

                                                                                                    {
   auto scope = CT::scoped_poison(*m_private_key);
 
   const auto& sym = m_public_key->mode().symmetric_primitives();
 
   const auto& h = m_public_key->H_public_key_bits_raw();
   const auto& z = m_private_key->z();
 
   const auto m_prime = m_private_key->indcpa_decrypt(encapsulated_key);
   const auto [K_bar_prime, r_prime] = sym.G(m_prime, h);
 
   const auto c_prime = m_public_key->indcpa_encrypt(m_prime, r_prime, precomputed_matrix_At());
 
   KyberSharedSecret K(KyberConstants::SEED_BYTES);
   BOTAN_ASSERT_NOMSG(encapsulated_key.size() == c_prime.size());
   BOTAN_ASSERT_NOMSG(K_bar_prime.size() == K.size());
   const auto reencrypt_success = CT::is_equal(encapsulated_key.data(), c_prime.data(), encapsulated_key.size());
   CT::conditional_copy_mem(reencrypt_success, K.data(), K_bar_prime.data(), z.data(), K_bar_prime.size());
 
   sym.KDF(out_shared_key, K, sym.H(encapsulated_key));
   CT::unpoison(out_shared_key);
}

References BOTAN_ASSERT_NOMSG, Botan::CT::conditional_copy_mem(), Botan::StrongSpan< T >::data(), Botan::CT::is_equal(), Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At(), Botan::CT::scoped_poison(), Botan::KyberConstants::SEED_BYTES, Botan::StrongSpan< T >::size(), and Botan::CT::unpoison().

◆ encapsulated_key_length()

size_t Botan::Kyber_KEM_Decryptor_Base::encapsulated_key_length ( ) const

inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 63 of file kyber_encaps_base.h.

63{ return mode().ciphertext_bytes(); }

Botan::KyberConstants::ciphertext_bytes

size_t ciphertext_bytes() const

byte length of an encoded ciphertext

Definition kyber_constants.h:105

Botan::Kyber_KEM_Decryptor_Base::mode

virtual const KyberConstants & mode() const =0

References Botan::KyberConstants::ciphertext_bytes(), and Botan::Kyber_KEM_Decryptor_Base::mode().

◆ kem_decrypt()

void Botan::PK_Ops::KEM_Decryption_with_KDF::kem_decrypt	(	std::span< uint8_t >	out_shared_key,
		std::span< const uint8_t >	encapsulated_key,
		size_t	desired_shared_key_len,
		std::span< const uint8_t >	salt )

finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 219 of file pk_ops.cpp.

                                                                               {
   BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Decryptor::decrypt requires a KDF to use a salt");
 
   if(m_kdf) {
      BOTAN_ASSERT_EQUAL(
         out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
 
      secure_vector<uint8_t> raw_shared(raw_kem_shared_key_length());
      this->raw_kem_decrypt(raw_shared, encapsulated_key);
      m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
   } else {
      BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
      this->raw_kem_decrypt(out_shared_key, encapsulated_key);
   }
}

References BOTAN_ARG_CHECK, and BOTAN_ASSERT_EQUAL.

◆ mode()

const KyberConstants & Botan::Kyber_KEM_Decryptor::mode ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_KEM_Decryptor_Base.

Definition at line 49 of file kyber_round3_impl.h.

49{ return m_private_key->mode(); }

◆ precomputed_matrix_At()

const KyberPolyMat & Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At ( ) const

inlineprotectedinherited

Definition at line 23 of file kyber_encaps_base.h.

23{ return m_At; }

Referenced by decapsulate(), Botan::ML_KEM_Decryptor::decapsulate(), Botan::Kyber_KEM_Encryptor::encapsulate(), and Botan::ML_KEM_Encryptor::encapsulate().

◆ raw_kem_decrypt()

void Botan::Kyber_KEM_Decryptor_Base::raw_kem_decrypt	(	std::span< uint8_t >	out_shared_key,
		std::span< const uint8_t >	encapsulated_key )

inlinefinalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 65 of file kyber_encaps_base.h.

                                                                                                           {
         decapsulate(StrongSpan<KyberSharedSecret>(out_shared_key),
                     StrongSpan<const KyberCompressedCiphertext>(encapsulated_key));
      }

References Botan::Kyber_KEM_Decryptor_Base::decapsulate().

◆ raw_kem_shared_key_length()

size_t Botan::Kyber_KEM_Decryptor_Base::raw_kem_shared_key_length ( ) const

inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 61 of file kyber_encaps_base.h.

61{ return mode().shared_key_bytes(); }

Botan::KyberConstants::shared_key_bytes

constexpr size_t shared_key_bytes() const

byte length of the shared key

Definition kyber_constants.h:108

References Botan::Kyber_KEM_Decryptor_Base::mode(), and Botan::KyberConstants::shared_key_bytes().

◆ shared_key_length()

size_t Botan::PK_Ops::KEM_Decryption_with_KDF::shared_key_length ( size_t desired_shared_key_len ) const

finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 211 of file pk_ops.cpp.

                                                                                           {
   if(m_kdf) {
      return desired_shared_key_len;
   } else {
      return this->raw_kem_shared_key_length();
   }
}

The documentation for this class was generated from the following files:

src/lib/pubkey/kyber/kyber_round3/kyber_round3_impl.h
src/lib/pubkey/kyber/kyber_round3/kyber_round3_impl.cpp

Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ Kyber_KEM_Decryptor()

Member Function Documentation

◆ decapsulate()

◆ encapsulated_key_length()

◆ kem_decrypt()

◆ mode()

◆ precomputed_matrix_At()

◆ raw_kem_decrypt()

◆ raw_kem_shared_key_length()

◆ shared_key_length()