Botan 3.8.1
Crypto and TLS for C&
kyber_constants.cpp
Go to the documentation of this file.
1/*
2 * Crystals Kyber Constants
3 *
4 * (C) 2021-2024 Jack Lloyd
5 * (C) 2021-2022 Manuel Glaser and Michael Boric, Rohde & Schwarz Cybersecurity
6 * (C) 2021-2022 René Meusel and Hannes Rantzsch, neXenio GmbH
7 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
8 *
9 * Botan is released under the Simplified BSD License (see license.txt)
10 */
11
12#include <botan/internal/kyber_constants.h>
13
14#include <botan/internal/pqcrystals_helpers.h>
15
16#if defined(BOTAN_HAS_KYBER)
17 #include <botan/internal/kyber_modern.h>
18#endif
19
20#if defined(BOTAN_HAS_KYBER_90S)
21 #include <botan/internal/kyber_90s.h>
22#endif
23
24#if defined(BOTAN_HAS_KYBER) || defined(BOTAN_HAS_KYBER_90S)
25 #include <botan/internal/kyber_round3_impl.h>
26#endif
27
28#if defined(BOTAN_HAS_ML_KEM)
29 #include <botan/internal/ml_kem_impl.h>
30#endif
31
32namespace Botan {
33
34KyberConstants::KyberConstants(KyberMode mode) : m_mode(mode) {
35 switch(mode.mode()) {
36 case KyberMode::Kyber512_R3:
37 case KyberMode::Kyber512_90s:
38 case KyberMode::ML_KEM_512:
39 m_nist_strength = KyberStrength::_128;
40 m_k = 2;
41 m_eta1 = KyberEta::_3;
42 m_du = KyberDu::_10;
43 m_dv = KyberDv::_4;
44 break;
45
46 case KyberMode::Kyber768_R3:
47 case KyberMode::Kyber768_90s:
48 case KyberMode::ML_KEM_768:
49 m_nist_strength = KyberStrength::_192;
50 m_k = 3;
51 m_eta1 = KyberEta::_2;
52 m_du = KyberDu::_10;
53 m_dv = KyberDv::_4;
54 break;
55
56 case KyberMode::Kyber1024_R3:
57 case KyberMode::Kyber1024_90s:
58 case KyberMode::ML_KEM_1024:
59 m_nist_strength = KyberStrength::_256;
60 m_k = 4;
61 m_eta1 = KyberEta::_2;
62 m_du = KyberDu::_11;
63 m_dv = KyberDv::_5;
64 break;
65
66 default:
67 BOTAN_ASSERT_UNREACHABLE();
68 }
69
70#ifdef BOTAN_HAS_KYBER_90S
71 if(mode.is_kyber_round3() && mode.is_90s()) {
72 m_symmetric_primitives = std::make_unique<Kyber_90s_Symmetric_Primitives>();
73 }
74#endif
75
76#ifdef BOTAN_HAS_KYBER
77 if(mode.is_kyber_round3() && mode.is_modern()) {
78 m_symmetric_primitives = std::make_unique<Kyber_Modern_Symmetric_Primitives>();
79 }
80#endif
81
82#ifdef BOTAN_HAS_ML_KEM
83 if(mode.is_ml_kem()) {
84 m_symmetric_primitives = std::make_unique<ML_KEM_Symmetric_Primitives>();
85 }
86#endif
87
88 static_assert(N % 8 == 0);
89 m_polynomial_vector_bytes = (bitlen(Q) * (N / 8)) * k();
90 m_polynomial_vector_compressed_bytes = d_u() * k() * (N / 8);
91 m_polynomial_compressed_bytes = d_v() * (N / 8);
92 m_expanded_private_key_bytes =
93 static_cast<uint32_t>(m_polynomial_vector_bytes + public_key_bytes() + PUBLIC_KEY_HASH_BYTES + SEED_BYTES);
94 m_seed_private_key_bytes = 2 * SEED_BYTES;
95
96 if(!m_symmetric_primitives) {
97 throw Not_Implemented("requested Kyber mode is not enabled in this build");
98 }
99}
100
101KyberConstants::~KyberConstants() = default;
102
103} // namespace Botan
Botan::KyberConstants::N
static constexpr T N
number of coefficients in a polynomial
Definition kyber_constants.h:28
Botan::KyberConstants::Q
static constexpr T Q
modulus
Definition kyber_constants.h:31
Botan::KyberConstants::SEED_BYTES
static constexpr size_t SEED_BYTES
Definition kyber_constants.h:43
Botan::KyberConstants::public_key_bytes
size_t public_key_bytes() const
byte length of an encoded public key
Definition kyber_constants.h:111
Botan::KyberConstants::KyberConstants
KyberConstants(KyberMode mode)
Definition kyber_constants.cpp:34
Botan::KyberConstants::mode
KyberMode mode() const
Definition kyber_constants.h:70
Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES
static constexpr size_t PUBLIC_KEY_HASH_BYTES
Definition kyber_constants.h:44
Botan::Not_Implemented
Definition exceptn.h:334
BOTAN_HAS_KYBER_90S
#define BOTAN_HAS_KYBER_90S
Definition build.h:249
BOTAN_HAS_ML_KEM
#define BOTAN_HAS_ML_KEM
Definition build.h:263
BOTAN_HAS_KYBER
#define BOTAN_HAS_KYBER
Definition build.h:248
Botan::bitlen
constexpr auto bitlen(size_t x)
Definition pqcrystals_helpers.h:98
Generated by doxygen 1.13.2