#include <ml_kem_impl.h>

Inheritance diagram for Botan::ML_KEM_Symmetric_Primitives:

Public Member Functions
std::pair< KyberSharedSecret, KyberEncryptionRandomness >	G (StrongSpan< const KyberMessage > msg, StrongSpan< const KyberHashedPublicKey > pubkey_hash) const

std::pair< KyberSeedRho, KyberSeedSigma >	G (StrongSpan< const KyberSeedRandomness > seed, const KyberConstants &mode) const

KyberHashedCiphertext	H (StrongSpan< const KyberCompressedCiphertext > r) const

KyberMessage	H (StrongSpan< const KyberMessage > m) const

KyberHashedPublicKey	H (StrongSpan< const KyberSerializedPublicKey > pk) const

KyberSharedSecret	J (StrongSpan< const KyberImplicitRejectionValue > rejection_value, StrongSpan< const KyberCompressedCiphertext > ciphertext) const

void	KDF (StrongSpan< KyberSharedSecret > out, StrongSpan< const KyberSharedSecret > shared_secret, StrongSpan< const KyberHashedCiphertext > hashed_ciphertext) const

	ML_KEM_Symmetric_Primitives ()

KyberSamplingRandomness	PRF (KyberSigmaOrEncryptionRandomness seed, const uint8_t nonce, const size_t outlen) const

Botan::XOF &	XOF (StrongSpan< const KyberSeedRho > seed, std::tuple< uint8_t, uint8_t > matrix_position) const

Protected Member Functions
HashFunction &	get_G () const override

HashFunction &	get_H () const override

HashFunction &	get_J () const override

HashFunction &	get_KDF () const override

Botan::XOF &	get_PRF (std::span< const uint8_t > seed, const uint8_t nonce) const override

Botan::XOF &	get_XOF (std::span< const uint8_t > seed, std::tuple< uint8_t, uint8_t > matrix_position) const override

std::optional< std::array< uint8_t, 1 > >	seed_expansion_domain_separator (const KyberConstants &mode) const override

Detailed Description

Definition at line 60 of file ml_kem_impl.h.

Constructor & Destructor Documentation

◆ ML_KEM_Symmetric_Primitives()

Botan::ML_KEM_Symmetric_Primitives::ML_KEM_Symmetric_Primitives ( )

inline

Definition at line 62 of file ml_kem_impl.h.

                                    :
            m_sha3_512(HashFunction::create_or_throw("SHA-3(512)")),
            m_sha3_256(HashFunction::create_or_throw("SHA-3(256)")),
            m_shake256_256(HashFunction::create_or_throw("SHAKE-256(256)")),
            m_shake128(Botan::XOF::create_or_throw("SHAKE-128")),
            m_shake256(Botan::XOF::create_or_throw("SHAKE-256")) {}

Member Function Documentation

◆ G() [1/2]

std::pair< KyberSharedSecret, KyberEncryptionRandomness > Botan::Kyber_Symmetric_Primitives::G	(	StrongSpan< const KyberMessage >	msg,
		StrongSpan< const KyberHashedPublicKey >	pubkey_hash ) const

inlineinherited

Definition at line 55 of file kyber_symmetric_primitives.h.

                                                                                                       {
         return G_split<KyberSharedSecret, KyberEncryptionRandomness>(msg, pubkey_hash);
      }

◆ G() [2/2]

std::pair< KyberSeedRho, KyberSeedSigma > Botan::Kyber_Symmetric_Primitives::G	(	StrongSpan< const KyberSeedRandomness >	seed,
		const KyberConstants &	mode ) const

inlineinherited

Definition at line 46 of file kyber_symmetric_primitives.h.

                                                                                  {
         if(auto domsep = seed_expansion_domain_separator(mode)) {
            return G_split<KyberSeedRho, KyberSeedSigma>(seed, *domsep);
         } else {
            return G_split<KyberSeedRho, KyberSeedSigma>(seed);
         }
      }

References Botan::Kyber_Symmetric_Primitives::seed_expansion_domain_separator().

Referenced by Botan::Kyber_Algos::expand_keypair().

◆ get_G()

HashFunction & Botan::ML_KEM_Symmetric_Primitives::get_G ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 78 of file ml_kem_impl.h.

78{ return *m_sha3_512; }

◆ get_H()

HashFunction & Botan::ML_KEM_Symmetric_Primitives::get_H ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 80 of file ml_kem_impl.h.

80{ return *m_sha3_256; }

◆ get_J()

HashFunction & Botan::ML_KEM_Symmetric_Primitives::get_J ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 82 of file ml_kem_impl.h.

82{ return *m_shake256_256; }

◆ get_KDF()

HashFunction & Botan::ML_KEM_Symmetric_Primitives::get_KDF ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 84 of file ml_kem_impl.h.

84{ throw Invalid_State("ML-KEM does not support KDF()"); }

◆ get_PRF()

Botan::XOF & Botan::ML_KEM_Symmetric_Primitives::get_PRF	(	std::span< const uint8_t >	seed,
		const uint8_t	nonce ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 86 of file ml_kem_impl.h.

                                                                                         {
         m_shake256->clear();
         m_shake256->update(seed);
         m_shake256->update(store_be(nonce));
         return *m_shake256;
      }

References Botan::store_be().

◆ get_XOF()

Botan::XOF & Botan::ML_KEM_Symmetric_Primitives::get_XOF	(	std::span< const uint8_t >	seed,
		std::tuple< uint8_t, uint8_t >	matrix_position ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 93 of file ml_kem_impl.h.

                                                                                                                {
         m_shake128->clear();
         m_shake128->update(seed);
         m_shake128->update(store_be(make_uint16(std::get<0>(matrix_position), std::get<1>(matrix_position))));
         return *m_shake128;
      }

References Botan::make_uint16(), and Botan::store_be().

◆ H() [1/3]

KyberHashedCiphertext Botan::Kyber_Symmetric_Primitives::H ( StrongSpan< const KyberCompressedCiphertext > r ) const

inlineinherited

Definition at line 38 of file kyber_symmetric_primitives.h.

                                                                                   {
         return get_H().process<KyberHashedCiphertext>(r);
      }

References Botan::Kyber_Symmetric_Primitives::get_H(), and Botan::Buffered_Computation::process().

◆ H() [2/3]

KyberMessage Botan::Kyber_Symmetric_Primitives::H ( StrongSpan< const KyberMessage > m ) const

inlineinherited

Definition at line 35 of file kyber_symmetric_primitives.h.

35{ return get_H().process<KyberMessage>(m); }

Botan::KyberMessage

Strong< secure_vector< uint8_t >, struct KyberMessage_ > KyberMessage

Random message value to be encrypted by the CPA-secure Kyber encryption scheme.

Definition kyber_types.h:45

References Botan::Kyber_Symmetric_Primitives::get_H(), and Botan::Buffered_Computation::process().

◆ H() [3/3]

KyberHashedPublicKey Botan::Kyber_Symmetric_Primitives::H ( StrongSpan< const KyberSerializedPublicKey > pk ) const

inlineinherited

Definition at line 42 of file kyber_symmetric_primitives.h.

                                                                                  {
         return get_H().process<KyberHashedPublicKey>(pk);
      }

References Botan::Kyber_Symmetric_Primitives::get_H(), and Botan::Buffered_Computation::process().

◆ J()

KyberSharedSecret Botan::Kyber_Symmetric_Primitives::J	(	StrongSpan< const KyberImplicitRejectionValue >	rejection_value,
		StrongSpan< const KyberCompressedCiphertext >	ciphertext ) const

inlineinherited

Definition at line 60 of file kyber_symmetric_primitives.h.

                                                                                        {
         auto& j = get_J();
         j.update(rejection_value);
         j.update(ciphertext);
         return j.final<KyberSharedSecret>();
      }

References Botan::Kyber_Symmetric_Primitives::get_J().

◆ KDF()

void Botan::Kyber_Symmetric_Primitives::KDF	(	StrongSpan< KyberSharedSecret >	out,
		StrongSpan< const KyberSharedSecret >	shared_secret,
		StrongSpan< const KyberHashedCiphertext >	hashed_ciphertext ) const

inlineinherited

Definition at line 69 of file kyber_symmetric_primitives.h.

                                                                                {
         auto& kdf = get_KDF();
         kdf.update(shared_secret);
         kdf.update(hashed_ciphertext);
         kdf.final(out);
      }

References Botan::Kyber_Symmetric_Primitives::get_KDF().

◆ PRF()

KyberSamplingRandomness Botan::Kyber_Symmetric_Primitives::PRF	(	KyberSigmaOrEncryptionRandomness	seed,
		const uint8_t	nonce,
		const size_t	outlen ) const

inlineinherited

Definition at line 78 of file kyber_symmetric_primitives.h.

                                                             {
         auto bare_seed_span = std::visit([&](const auto s) { return s.get(); }, seed);
         return get_PRF(bare_seed_span, nonce).output<KyberSamplingRandomness>(outlen);
      }

References Botan::Kyber_Symmetric_Primitives::get_PRF(), and Botan::XOF::output().

◆ seed_expansion_domain_separator()

std::optional< std::array< uint8_t, 1 > > Botan::ML_KEM_Symmetric_Primitives::seed_expansion_domain_separator ( const KyberConstants & mode ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_Symmetric_Primitives.

Definition at line 70 of file ml_kem_impl.h.

                                                                                                                   {
         // NIST FIPS 203, Algorithm 13 (K-PKE.KeyGen)
         //    Byte 33 of the input to G is the module dimension k from {2,3,4}.
         //    This is included to establish domain separation between the three
         //    parameter sets
         return std::array{mode.k()};
      }

References Botan::KyberConstants::k().

◆ XOF()

Botan::XOF & Botan::Kyber_Symmetric_Primitives::XOF	(	StrongSpan< const KyberSeedRho >	seed,
		std::tuple< uint8_t, uint8_t >	matrix_position ) const

inlineinherited

Definition at line 85 of file kyber_symmetric_primitives.h.

                                                                                                           {
         return get_XOF(seed, matrix_position);
      }

References Botan::Kyber_Symmetric_Primitives::get_XOF().

Referenced by Botan::Kyber_Algos::sample_matrix().

The documentation for this class was generated from the following file:

src/lib/pubkey/kyber/ml_kem/ml_kem_impl.h

Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ ML_KEM_Symmetric_Primitives()

Member Function Documentation

◆ G() [1/2]

◆ G() [2/2]

◆ get_G()

◆ get_H()

◆ get_J()

◆ get_KDF()

◆ get_PRF()

◆ get_XOF()

◆ H() [1/3]

◆ H() [2/3]

◆ H() [3/3]

◆ J()

◆ KDF()

◆ PRF()

◆ seed_expansion_domain_separator()

◆ XOF()