Botan 3.8.1
Crypto and TLS for C&
kyber_keys.h
Go to the documentation of this file.
1/*
2 * Crystals Kyber Internal Key Types
3 *
4 * (C) 2021-2024 Jack Lloyd
5 * (C) 2021-2022 Manuel Glaser and Michael Boric, Rohde & Schwarz Cybersecurity
6 * (C) 2021-2022 René Meusel and Hannes Rantzsch, neXenio GmbH
7 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
8 *
9 * Botan is released under the Simplified BSD License (see license.txt)
10 */
11
12#ifndef BOTAN_KYBER_INTERNAL_KEYS_H_
13#define BOTAN_KYBER_INTERNAL_KEYS_H_
14
15#include <botan/internal/ct_utils.h>
16#include <botan/internal/kyber_algos.h>
17#include <botan/internal/kyber_constants.h>
18#include <botan/internal/kyber_types.h>
19
20namespace Botan {
21
23 public:
24 virtual ~Kyber_Keypair_Codec() = default;
26 virtual KyberInternalKeypair decode_keypair(std::span<const uint8_t> private_key, KyberConstants mode) const = 0;
27};
28
29/// Codec for expanded private keys (as specified in FIPS 203)
31 public:
32 KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;
34};
35
36/// Codec for private keys as 64-byte seeds: d || z
38 public:
39 KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;
41};
42
44 public:
47
51 const KyberPolyMat& At) const;
52
55 const KyberPolyMat& At) const {
56 KyberCompressedCiphertext ct(m_mode.ciphertext_bytes());
57 indcpa_encrypt(ct, m, r, At);
58 return ct;
59 }
60
61 const KyberPolyVecNTT& t() const { return m_t; }
62
63 const KyberSeedRho& rho() const { return m_rho; }
64
65 const KyberConstants& mode() const { return m_mode; }
66
67 const KyberSerializedPublicKey& public_key_bits_raw() const { return m_public_key_bits_raw; }
68
69 const KyberHashedPublicKey& H_public_key_bits_raw() const { return m_H_public_key_bits_raw; }
70
72
73 private:
74 const KyberConstants m_mode;
75 const KyberSerializedPublicKey m_public_key_bits_raw;
76 const KyberHashedPublicKey m_H_public_key_bits_raw;
78 const KyberSeedRho m_rho;
79};
80
82 public:
84 m_mode(std::move(mode)), m_s(std::move(s)), m_seed(std::move(seed)) {}
85
87
88 KyberPolyVecNTT& s() { return m_s; }
89
90 const KyberPolyVecNTT& s() const { return m_s; }
91
92 const KyberPrivateKeySeed& seed() const { return m_seed; }
93
94 const KyberImplicitRejectionValue& z() const { return m_seed.z; }
95
96 const KyberConstants& mode() const { return m_mode; }
97
99
100 void _const_time_poison() const { CT::poison_all(m_s, m_seed.d, m_seed.z); }
101
102 void _const_time_unpoison() const { CT::unpoison_all(m_s, m_seed.d, m_seed.z); }
103
104 private:
105 KyberConstants m_mode;
106 KyberPolyVecNTT m_s;
107 KyberPrivateKeySeed m_seed;
108};
109
110} // namespace Botan
111
112#endif
Codec for expanded private keys (as specified in FIPS 203)
Definition kyber_keys.h:30
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair private_key) const override
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
virtual secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const =0
virtual KyberInternalKeypair decode_keypair(std::span< const uint8_t > private_key, KyberConstants mode) const =0
virtual ~Kyber_Keypair_Codec()=default
KyberMessage indcpa_decrypt(StrongSpan< const KyberCompressedCiphertext > ct) const
const KyberConstants & mode() const
Definition kyber_keys.h:96
const KyberPrivateKeySeed & seed() const
Definition kyber_keys.h:92
Kyber_PrivateKeyInternal(KyberConstants mode, KyberPolyVecNTT s, KyberPrivateKeySeed seed)
Definition kyber_keys.h:83
const KyberPolyVecNTT & s() const
Definition kyber_keys.h:90
const KyberImplicitRejectionValue & z() const
Definition kyber_keys.h:94
Kyber_PublicKeyInternal(KyberConstants mode, KyberSerializedPublicKey public_key)
const KyberHashedPublicKey & H_public_key_bits_raw() const
Definition kyber_keys.h:69
const KyberPolyVecNTT & t() const
Definition kyber_keys.h:61
KyberCompressedCiphertext indcpa_encrypt(const KyberMessage &m, const KyberEncryptionRandomness &r, const KyberPolyMat &At) const
Definition kyber_keys.h:53
const KyberSeedRho & rho() const
Definition kyber_keys.h:63
void indcpa_encrypt(StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
const KyberConstants & mode() const
Definition kyber_keys.h:65
const KyberSerializedPublicKey & public_key_bits_raw() const
Definition kyber_keys.h:67
Codec for private keys as 64-byte seeds: d || z.
Definition kyber_keys.h:37
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const override
constexpr void unpoison_all(Ts &&... ts)
Definition ct_utils.h:202
constexpr void poison_all(Ts &&... ts)
Definition ct_utils.h:196
Strong< secure_vector< uint8_t >, struct KyberImplicitRejectionValue_ > KyberImplicitRejectionValue
Secret random value (called Z in the spec), used for implicit rejection in the decapsulation.
Definition kyber_types.h:42
Strong< secure_vector< uint8_t >, struct KyberEncryptionRandomness_ > KyberEncryptionRandomness
Random value used to generate the Kyber ciphertext.
Definition kyber_types.h:48
Strong< secure_vector< uint8_t >, struct KyberMessage_ > KyberMessage
Random message value to be encrypted by the CPA-secure Kyber encryption scheme.
Definition kyber_types.h:45
Botan::CRYSTALS::PolynomialVector< KyberPolyTraits, Botan::CRYSTALS::Domain::NTT > KyberPolyVecNTT
Definition kyber_types.h:26
Strong< std::vector< uint8_t >, struct KyberSeedRho_ > KyberSeedRho
Public seed value to generate the Kyber matrix A.
Definition kyber_types.h:36
std::pair< std::shared_ptr< Kyber_PublicKeyInternal >, std::shared_ptr< Kyber_PrivateKeyInternal > > KyberInternalKeypair
Definition kyber_types.h:73
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
Strong< std::vector< uint8_t >, struct KyberCompressedCiphertext_ > KyberCompressedCiphertext
Compressed and serialized ciphertext value.
Definition kyber_types.h:63
Botan::CRYSTALS::PolynomialMatrix< KyberPolyTraits > KyberPolyMat
Definition kyber_types.h:27
Strong< std::vector< uint8_t >, struct KyberHashedPublicKey_ > KyberHashedPublicKey
Hash value of the serialized public key.
Definition kyber_types.h:60
Strong< std::vector< uint8_t >, struct KyberSerializedPublicKey_ > KyberSerializedPublicKey
Public key in serialized form (t || rho)
Definition kyber_types.h:57