#include <ml_kem_impl.h>

Inheritance diagram for Botan::ML_KEM_Decryptor:

Public Member Functions
size_t	encapsulated_key_length () const override

void	kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key, size_t desired_shared_key_len, std::span< const uint8_t > salt) final

	ML_KEM_Decryptor (std::shared_ptr< const Kyber_PrivateKeyInternal > private_key, std::shared_ptr< const Kyber_PublicKeyInternal > public_key, std::string_view kdf)

void	raw_kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key) final

size_t	raw_kem_shared_key_length () const override

size_t	shared_key_length (size_t desired_shared_key_len) const final

Protected Member Functions
void	decapsulate (StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key) override

const KyberConstants &	mode () const override

const KyberPolyMat &	precomputed_matrix_At () const

Detailed Description

Definition at line 40 of file ml_kem_impl.h.

Constructor & Destructor Documentation

◆ ML_KEM_Decryptor()

Botan::ML_KEM_Decryptor::ML_KEM_Decryptor	(	std::shared_ptr< const Kyber_PrivateKeyInternal >	private_key,
		std::shared_ptr< const Kyber_PublicKeyInternal >	public_key,
		std::string_view	kdf )

inline

Definition at line 42 of file ml_kem_impl.h.

                                           :
            Kyber_KEM_Decryptor_Base(kdf, *public_key),
            m_public_key(std::move(public_key)),
            m_private_key(std::move(private_key)) {}

Member Function Documentation

◆ decapsulate()

void Botan::ML_KEM_Decryptor::decapsulate	(	StrongSpan< KyberSharedSecret >	out_shared_key,
		StrongSpan< const KyberCompressedCiphertext >	c )

overrideprotectedvirtual

NIST FIPS 203, Algorithm 18 (ML-KEM.Decaps_internal) and 21 (ML-KEM.Decaps)

The public and private keys are readily available as member variables and don't need to be decoded. The checks stated in FIPS 203, Section 7.3 are performed before decoding the keys and the ciphertext.

Implements Botan::Kyber_KEM_Decryptor_Base.

Definition at line 48 of file ml_kem_impl.cpp.

                                                                                  {
   auto scope = CT::scoped_poison(*m_private_key);
 
   const auto& sym = m_public_key->mode().symmetric_primitives();
 
   const auto& h = m_public_key->H_public_key_bits_raw();
   const auto& z = m_private_key->z();
 
   const auto m_prime = m_private_key->indcpa_decrypt(c);
   const auto [K_prime, r_prime] = sym.G(m_prime, h);
 
   const auto K_bar = sym.J(z, c);
   const auto c_prime = m_public_key->indcpa_encrypt(m_prime, r_prime, precomputed_matrix_At());
 
   BOTAN_ASSERT_NOMSG(c.size() == c_prime.size());
   BOTAN_ASSERT_NOMSG(K_prime.size() == K_bar.size() && out_shared_key.size() == K_bar.size());
   const auto reencrypt_success = CT::is_equal(c.data(), c_prime.data(), c.size());
   CT::conditional_copy_mem(reencrypt_success, out_shared_key.data(), K_prime.data(), K_bar.data(), K_prime.size());
 
   CT::unpoison(out_shared_key);
}

References BOTAN_ASSERT_NOMSG, Botan::CT::conditional_copy_mem(), Botan::StrongSpan< T >::data(), Botan::CT::is_equal(), Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At(), Botan::CT::scoped_poison(), Botan::StrongSpan< T >::size(), and Botan::CT::unpoison().

◆ encapsulated_key_length()

size_t Botan::Kyber_KEM_Decryptor_Base::encapsulated_key_length ( ) const

inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 63 of file kyber_encaps_base.h.

63{ return mode().ciphertext_bytes(); }

Botan::KyberConstants::ciphertext_bytes

size_t ciphertext_bytes() const

byte length of an encoded ciphertext

Definition kyber_constants.h:105

Botan::Kyber_KEM_Decryptor_Base::mode

virtual const KyberConstants & mode() const =0

References Botan::KyberConstants::ciphertext_bytes(), and Botan::Kyber_KEM_Decryptor_Base::mode().

◆ kem_decrypt()

void Botan::PK_Ops::KEM_Decryption_with_KDF::kem_decrypt	(	std::span< uint8_t >	out_shared_key,
		std::span< const uint8_t >	encapsulated_key,
		size_t	desired_shared_key_len,
		std::span< const uint8_t >	salt )

finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 219 of file pk_ops.cpp.

                                                                               {
   BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Decryptor::decrypt requires a KDF to use a salt");
 
   if(m_kdf) {
      BOTAN_ASSERT_EQUAL(
         out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
 
      secure_vector<uint8_t> raw_shared(raw_kem_shared_key_length());
      this->raw_kem_decrypt(raw_shared, encapsulated_key);
      m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
   } else {
      BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
      this->raw_kem_decrypt(out_shared_key, encapsulated_key);
   }
}

References BOTAN_ARG_CHECK, and BOTAN_ASSERT_EQUAL.

◆ mode()

const KyberConstants & Botan::ML_KEM_Decryptor::mode ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_KEM_Decryptor_Base.

Definition at line 53 of file ml_kem_impl.h.

53{ return m_private_key->mode(); }

◆ precomputed_matrix_At()

const KyberPolyMat & Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At ( ) const

inlineprotectedinherited

Definition at line 23 of file kyber_encaps_base.h.

23{ return m_At; }

Referenced by Botan::Kyber_KEM_Decryptor::decapsulate(), decapsulate(), Botan::Kyber_KEM_Encryptor::encapsulate(), and Botan::ML_KEM_Encryptor::encapsulate().

◆ raw_kem_decrypt()

void Botan::Kyber_KEM_Decryptor_Base::raw_kem_decrypt	(	std::span< uint8_t >	out_shared_key,
		std::span< const uint8_t >	encapsulated_key )

inlinefinalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 65 of file kyber_encaps_base.h.

                                                                                                           {
         decapsulate(StrongSpan<KyberSharedSecret>(out_shared_key),
                     StrongSpan<const KyberCompressedCiphertext>(encapsulated_key));
      }

References Botan::Kyber_KEM_Decryptor_Base::decapsulate().

◆ raw_kem_shared_key_length()

size_t Botan::Kyber_KEM_Decryptor_Base::raw_kem_shared_key_length ( ) const

inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 61 of file kyber_encaps_base.h.

61{ return mode().shared_key_bytes(); }

Botan::KyberConstants::shared_key_bytes

constexpr size_t shared_key_bytes() const

byte length of the shared key

Definition kyber_constants.h:108

References Botan::Kyber_KEM_Decryptor_Base::mode(), and Botan::KyberConstants::shared_key_bytes().

◆ shared_key_length()

size_t Botan::PK_Ops::KEM_Decryption_with_KDF::shared_key_length ( size_t desired_shared_key_len ) const

finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 211 of file pk_ops.cpp.

                                                                                           {
   if(m_kdf) {
      return desired_shared_key_len;
   } else {
      return this->raw_kem_shared_key_length();
   }
}

The documentation for this class was generated from the following files:

src/lib/pubkey/kyber/ml_kem/ml_kem_impl.h
src/lib/pubkey/kyber/ml_kem/ml_kem_impl.cpp

Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ ML_KEM_Decryptor()

Member Function Documentation

◆ decapsulate()

◆ encapsulated_key_length()

◆ kem_decrypt()

◆ mode()

◆ precomputed_matrix_At()

◆ raw_kem_decrypt()

◆ raw_kem_shared_key_length()

◆ shared_key_length()