doxygen/kyber__constants_8h_source.html

/*

 * Crystals Kyber Constants

 *

 * (C) 2021-2024 Jack Lloyd

 * (C) 2021-2022 Manuel Glaser and Michael Boric, Rohde & Schwarz Cybersecurity

 * (C) 2021-2022 René Meusel and Hannes Rantzsch, neXenio GmbH

 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#ifndef BOTAN_KYBER_CONSTANTS_H_

#define BOTAN_KYBER_CONSTANTS_H_


#include <botan/kyber.h>


namespace Botan {


class Kyber_Symmetric_Primitives;

class Kyber_Keypair_Codec;


class KyberConstants final {

   public:

      /// base data type for most calculations

      using T = int16_t;


      /// number of coefficients in a polynomial

      static constexpr T N = 256;


      /// modulus

      static constexpr T Q = 3329;


      /// as specified in FIPS 203 (see Algorithm 10 (NTT^-1), f = 128^-1 mod Q)

      static constexpr T F = 3303;


      /// the primitive 256-th root of unity modulo Q (see FIPS 203 Section 4.3)

      static constexpr T ROOT_OF_UNITY = 17;


      /// degree of the NTT polynomials

      static constexpr size_t NTT_Degree = 128;


   public:

      static constexpr size_t SEED_BYTES = 32;

      static constexpr size_t PUBLIC_KEY_HASH_BYTES = 32;

      static constexpr size_t SHARED_KEY_BYTES = 32;


      /// sampling limit for SampleNTT (in bytes), see FIPS 204, Apx B

      static constexpr uint16_t SAMPLE_NTT_POLY_FROM_XOF_BOUND = 280 * 3 /* XOF bytes per while iteration */;


   public:

      enum KyberEta : uint8_t { _2 = 2, _3 = 3 };


      enum KyberDu : uint8_t { _10 = 10, _11 = 11 };


      enum KyberDv : uint8_t { _4 = 4, _5 = 5 };


      enum KyberStrength : uint32_t { _128 = 128, _192 = 192, _256 = 256 };


   public:

      KyberConstants(KyberMode mode);


      ~KyberConstants();


      KyberConstants(const KyberConstants& other) : KyberConstants(other.m_mode) {}


      KyberConstants(KyberConstants&& other) = default;

      KyberConstants& operator=(const KyberConstants& other) = delete;

      KyberConstants& operator=(KyberConstants&& other) = default;


      KyberMode mode() const { return m_mode; }


      /// @returns one of {512, 768, 1024}

      size_t canonical_parameter_set_identifier() const { return k() * N; }


      /// \name Foundational constants

      /// @{


      uint8_t k() const { return m_k; }


      KyberEta eta1() const { return m_eta1; }


      constexpr KyberEta eta2() const { return KyberEta::_2; }


      KyberDu d_u() const { return m_du; }


      KyberDv d_v() const { return m_dv; }


      KyberStrength estimated_strength() const { return m_nist_strength; }


      /// @}


      /// \name Sizes of encoded data structures

      /// @{


      /// byte length of an encoded polynomial vector

      size_t polynomial_vector_bytes() const { return m_polynomial_vector_bytes; }


      /// byte length of an encoded compressed polynomial vector

      size_t polynomial_vector_compressed_bytes() const { return m_polynomial_vector_compressed_bytes; }


      /// byte length of an encoded compressed polynomial

      size_t polynomial_compressed_bytes() const { return m_polynomial_compressed_bytes; }


      /// byte length of an encoded ciphertext

      size_t ciphertext_bytes() const { return polynomial_vector_compressed_bytes() + polynomial_compressed_bytes(); }


      /// byte length of the shared key

      constexpr size_t shared_key_bytes() const { return SHARED_KEY_BYTES; }


      /// byte length of an encoded public key

      size_t public_key_bytes() const { return polynomial_vector_bytes() + SEED_BYTES; }


      /// byte length of an encoded private key

      size_t private_key_bytes() const { return m_private_key_bytes; }


      /// @}


      Kyber_Symmetric_Primitives& symmetric_primitives() const { return *m_symmetric_primitives; }


      Kyber_Keypair_Codec& keypair_codec() const { return *m_keypair_codec; }


   private:

      KyberMode m_mode;


      KyberStrength m_nist_strength;

      KyberEta m_eta1;

      KyberDu m_du;

      KyberDv m_dv;

      uint8_t m_k;


      uint32_t m_polynomial_vector_bytes;

      uint32_t m_polynomial_vector_compressed_bytes;

      uint32_t m_polynomial_compressed_bytes;

      uint32_t m_private_key_bytes;


      std::unique_ptr<Kyber_Keypair_Codec> m_keypair_codec;

      std::unique_ptr<Kyber_Symmetric_Primitives> m_symmetric_primitives;

};


}  // namespace Botan


#endif

Botan::KyberConstants
Definition kyber_constants.h:22

Botan::KyberConstants::polynomial_vector_compressed_bytes
size_t polynomial_vector_compressed_bytes() const
byte length of an encoded compressed polynomial vector
Definition kyber_constants.h:99

Botan::KyberConstants::N
static constexpr T N
number of coefficients in a polynomial
Definition kyber_constants.h:28

Botan::KyberConstants::eta2
constexpr KyberEta eta2() const
Definition kyber_constants.h:82

Botan::KyberConstants::d_v
KyberDv d_v() const
Definition kyber_constants.h:86

Botan::KyberConstants::polynomial_compressed_bytes
size_t polynomial_compressed_bytes() const
byte length of an encoded compressed polynomial
Definition kyber_constants.h:102

Botan::KyberConstants::Q
static constexpr T Q
modulus
Definition kyber_constants.h:31

Botan::KyberConstants::operator=
KyberConstants & operator=(const KyberConstants &other)=delete

Botan::KyberConstants::SEED_BYTES
static constexpr size_t SEED_BYTES
Definition kyber_constants.h:43

Botan::KyberConstants::ROOT_OF_UNITY
static constexpr T ROOT_OF_UNITY
the primitive 256-th root of unity modulo Q (see FIPS 203 Section 4.3)
Definition kyber_constants.h:37

Botan::KyberConstants::public_key_bytes
size_t public_key_bytes() const
byte length of an encoded public key
Definition kyber_constants.h:111

Botan::KyberConstants::KyberEta
KyberEta
Definition kyber_constants.h:51

Botan::KyberConstants::_3
@ _3
Definition kyber_constants.h:51

Botan::KyberConstants::_2
@ _2
Definition kyber_constants.h:51

Botan::KyberConstants::operator=
KyberConstants & operator=(KyberConstants &&other)=default

Botan::KyberConstants::F
static constexpr T F
as specified in FIPS 203 (see Algorithm 10 (NTT^-1), f = 128^-1 mod Q)
Definition kyber_constants.h:34

Botan::KyberConstants::KyberStrength
KyberStrength
Definition kyber_constants.h:57

Botan::KyberConstants::_256
@ _256
Definition kyber_constants.h:57

Botan::KyberConstants::_128
@ _128
Definition kyber_constants.h:57

Botan::KyberConstants::_192
@ _192
Definition kyber_constants.h:57

Botan::KyberConstants::KyberDv
KyberDv
Definition kyber_constants.h:55

Botan::KyberConstants::_5
@ _5
Definition kyber_constants.h:55

Botan::KyberConstants::_4
@ _4
Definition kyber_constants.h:55

Botan::KyberConstants::SAMPLE_NTT_POLY_FROM_XOF_BOUND
static constexpr uint16_t SAMPLE_NTT_POLY_FROM_XOF_BOUND
sampling limit for SampleNTT (in bytes), see FIPS 204, Apx B
Definition kyber_constants.h:48

Botan::KyberConstants::KyberConstants
KyberConstants(KyberMode mode)
Definition kyber_constants.cpp:34

Botan::KyberConstants::polynomial_vector_bytes
size_t polynomial_vector_bytes() const
byte length of an encoded polynomial vector
Definition kyber_constants.h:96

Botan::KyberConstants::shared_key_bytes
constexpr size_t shared_key_bytes() const
byte length of the shared key
Definition kyber_constants.h:108

Botan::KyberConstants::private_key_bytes
size_t private_key_bytes() const
byte length of an encoded private key
Definition kyber_constants.h:114

Botan::KyberConstants::ciphertext_bytes
size_t ciphertext_bytes() const
byte length of an encoded ciphertext
Definition kyber_constants.h:105

Botan::KyberConstants::SHARED_KEY_BYTES
static constexpr size_t SHARED_KEY_BYTES
Definition kyber_constants.h:45

Botan::KyberConstants::NTT_Degree
static constexpr size_t NTT_Degree
degree of the NTT polynomials
Definition kyber_constants.h:40

Botan::KyberConstants::estimated_strength
KyberStrength estimated_strength() const
Definition kyber_constants.h:88

Botan::KyberConstants::keypair_codec
Kyber_Keypair_Codec & keypair_codec() const
Definition kyber_constants.h:120

Botan::KyberConstants::KyberConstants
KyberConstants(KyberConstants &&other)=default

Botan::KyberConstants::~KyberConstants
~KyberConstants()

Botan::KyberConstants::KyberConstants
KyberConstants(const KyberConstants &other)
Definition kyber_constants.h:64

Botan::KyberConstants::k
uint8_t k() const
Definition kyber_constants.h:78

Botan::KyberConstants::mode
KyberMode mode() const
Definition kyber_constants.h:70

Botan::KyberConstants::eta1
KyberEta eta1() const
Definition kyber_constants.h:80

Botan::KyberConstants::symmetric_primitives
Kyber_Symmetric_Primitives & symmetric_primitives() const
Definition kyber_constants.h:118

Botan::KyberConstants::T
int16_t T
base data type for most calculations
Definition kyber_constants.h:25

Botan::KyberConstants::d_u
KyberDu d_u() const
Definition kyber_constants.h:84

Botan::KyberConstants::KyberDu
KyberDu
Definition kyber_constants.h:53

Botan::KyberConstants::_10
@ _10
Definition kyber_constants.h:53

Botan::KyberConstants::_11
@ _11
Definition kyber_constants.h:53

Botan::KyberConstants::canonical_parameter_set_identifier
size_t canonical_parameter_set_identifier() const
Definition kyber_constants.h:73

Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES
static constexpr size_t PUBLIC_KEY_HASH_BYTES
Definition kyber_constants.h:44

Botan::KyberMode
Definition kyber.h:32

Botan::Kyber_Keypair_Codec
Definition kyber_keys.h:22

Botan::Kyber_Symmetric_Primitives
Definition kyber_symmetric_primitives.h:30

final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29

Botan
Definition alg_id.cpp:13