Botan 3.8.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Kyber_PublicKeyInternal Class Reference

#include <kyber_keys.h>

Public Member Functions

const KyberHashedPublicKeyH_public_key_bits_raw () const
 
KyberCompressedCiphertext indcpa_encrypt (const KyberMessage &m, const KyberEncryptionRandomness &r, const KyberPolyMat &At) const
 
void indcpa_encrypt (StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
 
 Kyber_PublicKeyInternal ()=delete
 
 Kyber_PublicKeyInternal (KyberConstants mode, KyberPolyVecNTT polynomials, KyberSeedRho seed)
 
 Kyber_PublicKeyInternal (KyberConstants mode, KyberSerializedPublicKey public_key)
 
const KyberConstantsmode () const
 
const KyberSerializedPublicKeypublic_key_bits_raw () const
 
const KyberSeedRhorho () const
 
const KyberPolyVecNTTt () const
 

Detailed Description

Definition at line 43 of file kyber_keys.h.

Constructor & Destructor Documentation

◆ Kyber_PublicKeyInternal() [1/3]

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal ( KyberConstants mode,
KyberSerializedPublicKey public_key )

Definition at line 104 of file kyber_keys.cpp.

104 :
105 m_mode(std::move(mode)),
106 m_public_key_bits_raw(validate_public_key_length(std::move(public_key), m_mode.public_key_bytes())),
107 m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)),
108 m_t(Kyber_Algos::decode_polynomial_vector(
109 std::span{m_public_key_bits_raw}.first(m_mode.polynomial_vector_bytes()), m_mode)),
110 m_rho(std::span{m_public_key_bits_raw}.last(Botan::KyberConstants::SEED_BYTES)) {}
Botan::KyberConstants::SEED_BYTES
static constexpr size_t SEED_BYTES
Definition kyber_constants.h:43
Botan::Kyber_PublicKeyInternal::mode
const KyberConstants & mode() const
Definition kyber_keys.h:65
Botan::Kyber_Algos::decode_polynomial_vector
KyberPolyVecNTT decode_polynomial_vector(std::span< const uint8_t > a, const KyberConstants &mode)
Definition kyber_algos.cpp:192

References mode().

◆ Kyber_PublicKeyInternal() [2/3]

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal ( KyberConstants mode,
KyberPolyVecNTT polynomials,
KyberSeedRho seed )

Definition at line 112 of file kyber_keys.cpp.

112 :
113 m_mode(std::move(mode)),
114 m_public_key_bits_raw(concat(Kyber_Algos::encode_polynomial_vector<std::vector<uint8_t>>(t, m_mode), rho)),
115 m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)),
116 m_t(std::move(t)),
117 m_rho(std::move(rho)) {}
Botan::Kyber_PublicKeyInternal::t
const KyberPolyVecNTT & t() const
Definition kyber_keys.h:61
Botan::Kyber_PublicKeyInternal::rho
const KyberSeedRho & rho() const
Definition kyber_keys.h:63
Botan::Kyber_Algos::encode_polynomial_vector
void encode_polynomial_vector(std::span< uint8_t > out, const KyberPolyVecNTT &vec)
Definition kyber_algos.cpp:184
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:264

References Botan::concat(), mode(), rho(), and t().

◆ Kyber_PublicKeyInternal() [3/3]

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal ( )
delete

Member Function Documentation

◆ H_public_key_bits_raw()

const KyberHashedPublicKey & Botan::Kyber_PublicKeyInternal::H_public_key_bits_raw ( ) const
inline

Definition at line 69 of file kyber_keys.h.

69{ return m_H_public_key_bits_raw; }

◆ indcpa_encrypt() [1/2]

KyberCompressedCiphertext Botan::Kyber_PublicKeyInternal::indcpa_encrypt ( const KyberMessage & m,
const KyberEncryptionRandomness & r,
const KyberPolyMat & At ) const
inline

Definition at line 53 of file kyber_keys.h.

55 {
56 KyberCompressedCiphertext ct(m_mode.ciphertext_bytes());
57 indcpa_encrypt(ct, m, r, At);
58 return ct;
59 }
Botan::Kyber_PublicKeyInternal::indcpa_encrypt
void indcpa_encrypt(StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
Definition kyber_keys.cpp:129
Botan::KyberCompressedCiphertext
Strong< std::vector< uint8_t >, struct KyberCompressedCiphertext_ > KyberCompressedCiphertext
Compressed and serialized ciphertext value.
Definition kyber_types.h:63

References indcpa_encrypt().

◆ indcpa_encrypt() [2/2]

void Botan::Kyber_PublicKeyInternal::indcpa_encrypt ( StrongSpan< KyberCompressedCiphertext > out_ct,
StrongSpan< const KyberMessage > m,
StrongSpan< const KyberEncryptionRandomness > r,
const KyberPolyMat & At ) const

NIST FIPS 203, Algorithm 14 (K-PKE.Encrypt)

In contrast to FIPS 203, the matrix At is not sampled for every invocation, instead it is precomputed and passed in as a parameter. Similarly, the t^T is already decoded and available as a member variable. This allows to reuse these structures for multiple encryptions.

The sampling loops spelled out in FIPS 203 are hidden in the sample_* functions.

Definition at line 129 of file kyber_keys.cpp.

132 {
133 // The nonce N is handled internally by the PolynomialSampler
134 Kyber_Algos::PolynomialSampler ps(r, m_mode);
135 const auto y = ntt(ps.sample_polynomial_vector_cbd_eta1());
136 const auto e1 = ps.sample_polynomial_vector_cbd_eta2();
137 const auto e2 = ps.sample_polynomial_cbd_eta2();
138
139 auto u = inverse_ntt(At * y);
140 u += e1;
141 u.reduce();
142
143 const auto mu = Kyber_Algos::polynomial_from_message(m);
144 auto v = inverse_ntt(m_t * y);
145 v += e2;
146 v += mu;
147 v.reduce();
148
149 Kyber_Algos::compress_ciphertext(out_ct, u, v, m_mode);
150}
Botan::CRYSTALS::ntt
Polynomial< Trait, Domain::NTT > ntt(Polynomial< Trait, Domain::Normal > p)
Definition pqcrystals.h:557
Botan::CRYSTALS::inverse_ntt
Polynomial< Trait, Domain::Normal > inverse_ntt(Polynomial< Trait, Domain::NTT > p_ntt)
Definition pqcrystals.h:564
Botan::Kyber_Algos::PolynomialSampler
PolynomialSampler(T, const KyberConstants &) -> PolynomialSampler< T >
Botan::Kyber_Algos::compress_ciphertext
void compress_ciphertext(StrongSpan< KyberCompressedCiphertext > out, const KyberPolyVec &u, const KyberPoly &v, const KyberConstants &m_mode)
Definition kyber_algos.cpp:352
Botan::Kyber_Algos::polynomial_from_message
KyberPoly polynomial_from_message(StrongSpan< const KyberMessage > msg)
Definition kyber_algos.cpp:204

References Botan::Kyber_Algos::compress_ciphertext(), Botan::Kyber_Algos::polynomial_from_message(), Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_cbd_eta2(), Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta1(), and Botan::Kyber_Algos::PolynomialSampler< SeedT >::sample_polynomial_vector_cbd_eta2().

Referenced by indcpa_encrypt().

◆ mode()

const KyberConstants & Botan::Kyber_PublicKeyInternal::mode ( ) const
inline

Definition at line 65 of file kyber_keys.h.

65{ return m_mode; }

Referenced by Kyber_PublicKeyInternal(), and Kyber_PublicKeyInternal().

◆ public_key_bits_raw()

const KyberSerializedPublicKey & Botan::Kyber_PublicKeyInternal::public_key_bits_raw ( ) const
inline

Definition at line 67 of file kyber_keys.h.

67{ return m_public_key_bits_raw; }

◆ rho()

const KyberSeedRho & Botan::Kyber_PublicKeyInternal::rho ( ) const
inline

Definition at line 63 of file kyber_keys.h.

63{ return m_rho; }

Referenced by Kyber_PublicKeyInternal().

◆ t()

const KyberPolyVecNTT & Botan::Kyber_PublicKeyInternal::t ( ) const
inline

Definition at line 61 of file kyber_keys.h.

61{ return m_t; }

Referenced by Kyber_PublicKeyInternal().

The documentation for this class was generated from the following files:
Generated by doxygen 1.13.2