doxygen/kyber__keys_8cpp_source.html

/*

 * Crystals Kyber Internal Key Types

 *

 * (C) 2021-2024 Jack Lloyd

 * (C) 2021-2022 Manuel Glaser and Michael Boric, Rohde & Schwarz Cybersecurity

 * (C) 2021-2022 René Meusel and Hannes Rantzsch, neXenio GmbH

 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#include <botan/internal/kyber_keys.h>


#include <botan/internal/kyber_symmetric_primitives.h>

#include <botan/internal/stl_util.h>


namespace Botan {


Kyber_PublicKeyInternal::Kyber_PublicKeyInternal(KyberConstants mode, PolynomialVector t, KyberSeedRho rho) :

      m_mode(std::move(mode)),

      m_t(std::move(t)),

      m_rho(std::move(rho)),

      m_public_key_bits_raw(concat(m_t.to_bytes(), m_rho)),

      m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)) {}


/**

 * NIST FIPS 203 IPD, Algorithm 13 (K-PKE.Encrypt)

 */


Ciphertext Kyber_PublicKeyInternal::indcpa_encrypt(StrongSpan<const KyberMessage> m,

                                                   StrongSpan<const KyberEncryptionRandomness> r) const {

   auto at = PolynomialMatrix::generate(m_rho, true /* transposed */, m_mode);


   auto rv = PolynomialVector::getnoise_eta1(r, 0, m_mode);

   auto e1 = PolynomialVector::getnoise_eta2(r, m_mode.k(), m_mode);

   auto e2 = Polynomial::getnoise_eta2(r, 2 * m_mode.k(), m_mode);


   rv.ntt();


   auto u = at.pointwise_acc_montgomery(rv);

   u.invntt_tomont();

   u += e1;

   u.reduce();


   auto mu = Polynomial::from_message(m);

   auto v = PolynomialVector::pointwise_acc_montgomery(m_t, rv);

   v.invntt_tomont();

   v += e2;

   v += mu;

   v.reduce();


   return Ciphertext(std::move(u), v, m_mode);

}


/**

 * NIST FIPS 203 IPD, Algorithm 14 (K-PKE.Decrypt)

 */


KyberMessage Kyber_PrivateKeyInternal::indcpa_decrypt(Ciphertext ct) const {

   auto& u = ct.b();

   const auto& v = ct.v();


   u.ntt();

   auto w = PolynomialVector::pointwise_acc_montgomery(m_s, u);

   w.invntt_tomont();


   w -= v;

   w.reduce();

   return w.to_message();

}


}  // namespace Botan

Botan::Ciphertext
Definition kyber_structures.h:554

Botan::Ciphertext::v
Polynomial & v()
Definition kyber_structures.h:592

Botan::Ciphertext::b
PolynomialVector & b()
Definition kyber_structures.h:590

Botan::KyberConstants
Definition kyber_constants.h:23

Botan::KyberConstants::k
uint8_t k() const
Definition kyber_constants.h:70

Botan::Kyber_PrivateKeyInternal::indcpa_decrypt
KyberMessage indcpa_decrypt(Ciphertext ct) const
Definition kyber_keys.cpp:57

Botan::Kyber_PublicKeyInternal::indcpa_encrypt
Ciphertext indcpa_encrypt(StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r) const
Definition kyber_keys.cpp:29

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal
Kyber_PublicKeyInternal()=delete

Botan::PolynomialMatrix::generate
static PolynomialMatrix generate(StrongSpan< const KyberSeedRho > seed, const bool transposed, const KyberConstants &mode)
Definition kyber_structures.h:517

Botan::PolynomialVector
Definition kyber_structures.h:391

Botan::PolynomialVector::getnoise_eta1
static PolynomialVector getnoise_eta1(KyberSigmaOrEncryptionRandomness seed, uint8_t nonce, const KyberConstants &mode)
Definition kyber_structures.h:438

Botan::PolynomialVector::pointwise_acc_montgomery
static Polynomial pointwise_acc_montgomery(const PolynomialVector &a, const PolynomialVector &b)
Definition kyber_structures.h:415

Botan::PolynomialVector::getnoise_eta2
static PolynomialVector getnoise_eta2(StrongSpan< const KyberEncryptionRandomness > seed, uint8_t nonce, const KyberConstants &mode)
Definition kyber_structures.h:428

Botan::Polynomial::getnoise_eta2
static Polynomial getnoise_eta2(StrongSpan< const KyberEncryptionRandomness > seed, uint8_t nonce, const KyberConstants &mode)
Definition kyber_structures.h:159

Botan::Polynomial::ntt
void ntt()
Definition kyber_structures.h:318

Botan::Polynomial::from_message
static Polynomial from_message(StrongSpan< const KyberMessage > msg)
Definition kyber_structures.h:193

Botan::StrongSpan
Definition strong_type.h:544

Botan::Strong
Definition strong_type.h:168

Botan
Definition alg_id.cpp:13

Botan::rho
constexpr T rho(T x)
Definition rotate.h:51

Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:262