Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Kyber_PublicKeyInternal Class Reference

#include <kyber_keys.h>

Public Member Functions

const KyberHashedPublicKeyH_public_key_bits_raw () const
 
KyberCompressedCiphertext indcpa_encrypt (const KyberMessage &m, const KyberEncryptionRandomness &r, const KyberPolyMat &At) const
 
void indcpa_encrypt (StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
 
 Kyber_PublicKeyInternal ()=delete
 
 Kyber_PublicKeyInternal (KyberConstants mode, KyberPolyVecNTT polynomials, KyberSeedRho seed)
 
 Kyber_PublicKeyInternal (KyberConstants mode, KyberSerializedPublicKey public_key)
 
const KyberConstantsmode () const
 
const KyberSerializedPublicKeypublic_key_bits_raw () const
 
const KyberSeedRhorho () const
 
const KyberPolyVecNTTt () const
 

Detailed Description

Definition at line 29 of file kyber_keys.h.

Constructor & Destructor Documentation

◆ Kyber_PublicKeyInternal() [1/3]

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal ( KyberConstants mode,
KyberSerializedPublicKey public_key )

Definition at line 30 of file kyber_keys.cpp.

30 :
31 m_mode(std::move(mode)),
32 m_public_key_bits_raw(validate_public_key_length(std::move(public_key), m_mode.public_key_bytes())),
33 m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)),
34 m_t(Kyber_Algos::decode_polynomial_vector(
35 std::span{m_public_key_bits_raw}.first(m_mode.polynomial_vector_bytes()), m_mode)),
36 m_rho(std::span{m_public_key_bits_raw}.last(Botan::KyberConstants::SEED_BYTES)) {}
Botan::KyberConstants::SEED_BYTES
static constexpr size_t SEED_BYTES
Definition kyber_constants.h:43
Botan::KyberConstants::public_key_bytes
size_t public_key_bytes() const
byte length of an encoded public key
Definition kyber_constants.h:111
Botan::KyberConstants::polynomial_vector_bytes
size_t polynomial_vector_bytes() const
byte length of an encoded polynomial vector
Definition kyber_constants.h:96
Botan::KyberConstants::symmetric_primitives
Kyber_Symmetric_Primitives & symmetric_primitives() const
Definition kyber_constants.h:118
Botan::Kyber_PublicKeyInternal::mode
const KyberConstants & mode() const
Definition kyber_keys.h:51
Botan::Kyber_Symmetric_Primitives::H
KyberMessage H(StrongSpan< const KyberMessage > m) const
Definition kyber_symmetric_primitives.h:35
Botan::Kyber_Algos::decode_polynomial_vector
KyberPolyVecNTT decode_polynomial_vector(std::span< const uint8_t > a, const KyberConstants &mode)
Definition kyber_algos.cpp:192

◆ Kyber_PublicKeyInternal() [2/3]

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal ( KyberConstants mode,
KyberPolyVecNTT polynomials,
KyberSeedRho seed )

Definition at line 38 of file kyber_keys.cpp.

38 :
39 m_mode(std::move(mode)),
40 m_public_key_bits_raw(concat(Kyber_Algos::encode_polynomial_vector<std::vector<uint8_t>>(t, m_mode), rho)),
41 m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)),
42 m_t(std::move(t)),
43 m_rho(std::move(rho)) {}
Botan::Kyber_PublicKeyInternal::t
const KyberPolyVecNTT & t() const
Definition kyber_keys.h:47
Botan::Kyber_PublicKeyInternal::rho
const KyberSeedRho & rho() const
Definition kyber_keys.h:49
Botan::Kyber_Algos::encode_polynomial_vector
void encode_polynomial_vector(std::span< uint8_t > out, const KyberPolyVecNTT &vec)
Definition kyber_algos.cpp:184
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263

◆ Kyber_PublicKeyInternal() [3/3]

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal ( )
delete

Member Function Documentation

◆ H_public_key_bits_raw()

const KyberHashedPublicKey & Botan::Kyber_PublicKeyInternal::H_public_key_bits_raw ( ) const
inline

Definition at line 55 of file kyber_keys.h.

55{ return m_H_public_key_bits_raw; }

◆ indcpa_encrypt() [1/2]

KyberCompressedCiphertext Botan::Kyber_PublicKeyInternal::indcpa_encrypt ( const KyberMessage & m,
const KyberEncryptionRandomness & r,
const KyberPolyMat & At ) const
inline

Definition at line 39 of file kyber_keys.h.

41 {
42 KyberCompressedCiphertext ct(m_mode.ciphertext_bytes());
43 indcpa_encrypt(ct, m, r, At);
44 return ct;
45 }
Botan::KyberConstants::ciphertext_bytes
size_t ciphertext_bytes() const
byte length of an encoded ciphertext
Definition kyber_constants.h:105
Botan::Kyber_PublicKeyInternal::indcpa_encrypt
void indcpa_encrypt(StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
Definition kyber_keys.cpp:55
Botan::KyberCompressedCiphertext
Strong< std::vector< uint8_t >, struct KyberCompressedCiphertext_ > KyberCompressedCiphertext
Compressed and serialized ciphertext value.
Definition kyber_types.h:63

References Botan::KyberConstants::ciphertext_bytes(), and indcpa_encrypt().

◆ indcpa_encrypt() [2/2]

void Botan::Kyber_PublicKeyInternal::indcpa_encrypt ( StrongSpan< KyberCompressedCiphertext > out_ct,
StrongSpan< const KyberMessage > m,
StrongSpan< const KyberEncryptionRandomness > r,
const KyberPolyMat & At ) const

NIST FIPS 203, Algorithm 14 (K-PKE.Encrypt)

In contrast to FIPS 203, the matrix At is not sampled for every invocation, instead it is precomputed and passed in as a parameter. Similarly, the t^T is already decoded and available as a member variable. This allows to reuse these structures for multiple encryptions.

The sampling loops spelled out in FIPS 203 are hidden in the sample_* functions.

Definition at line 55 of file kyber_keys.cpp.

58 {
59 // The nonce N is handled internally by the PolynomialSampler
60 Kyber_Algos::PolynomialSampler ps(r, m_mode);
61 const auto y = ntt(ps.sample_polynomial_vector_cbd_eta1());
62 const auto e1 = ps.sample_polynomial_vector_cbd_eta2();
63 const auto e2 = ps.sample_polynomial_cbd_eta2();
64
65 auto u = inverse_ntt(At * y);
66 u += e1;
67 u.reduce();
68
69 const auto mu = Kyber_Algos::polynomial_from_message(m);
70 auto v = inverse_ntt(m_t * y);
71 v += e2;
72 v += mu;
73 v.reduce();
74
75 Kyber_Algos::compress_ciphertext(out_ct, u, v, m_mode);
76}
Botan::CRYSTALS::ntt
Polynomial< Trait, Domain::NTT > ntt(Polynomial< Trait, Domain::Normal > p)
Definition pqcrystals.h:557
Botan::CRYSTALS::inverse_ntt
Polynomial< Trait, Domain::Normal > inverse_ntt(Polynomial< Trait, Domain::NTT > p_ntt)
Definition pqcrystals.h:564
Botan::Kyber_Algos::PolynomialSampler
PolynomialSampler(T, const KyberConstants &) -> PolynomialSampler< T >
Botan::Kyber_Algos::compress_ciphertext
void compress_ciphertext(StrongSpan< KyberCompressedCiphertext > out, const KyberPolyVec &u, const KyberPoly &v, const KyberConstants &m_mode)
Definition kyber_algos.cpp:352
Botan::Kyber_Algos::polynomial_from_message
KyberPoly polynomial_from_message(StrongSpan< const KyberMessage > msg)
Definition kyber_algos.cpp:204

References Botan::Kyber_Algos::compress_ciphertext(), Botan::Kyber_Algos::polynomial_from_message(), Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_cbd_eta2(), Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta1(), and Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta2().

Referenced by indcpa_encrypt().

◆ mode()

const KyberConstants & Botan::Kyber_PublicKeyInternal::mode ( ) const
inline

Definition at line 51 of file kyber_keys.h.

51{ return m_mode; }

◆ public_key_bits_raw()

const KyberSerializedPublicKey & Botan::Kyber_PublicKeyInternal::public_key_bits_raw ( ) const
inline

Definition at line 53 of file kyber_keys.h.

53{ return m_public_key_bits_raw; }

◆ rho()

const KyberSeedRho & Botan::Kyber_PublicKeyInternal::rho ( ) const
inline

Definition at line 49 of file kyber_keys.h.

49{ return m_rho; }

◆ t()

const KyberPolyVecNTT & Botan::Kyber_PublicKeyInternal::t ( ) const
inline

Definition at line 47 of file kyber_keys.h.

47{ return m_t; }
The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0