Botan 3.8.1
Crypto and TLS for C&
kyber_keys.h
Go to the documentation of this file.
1/*
2 * Crystals Kyber Internal Key Types
3 *
4 * (C) 2021-2024 Jack Lloyd
5 * (C) 2021-2022 Manuel Glaser and Michael Boric, Rohde & Schwarz Cybersecurity
6 * (C) 2021-2022 René Meusel and Hannes Rantzsch, neXenio GmbH
7 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
8 *
9 * Botan is released under the Simplified BSD License (see license.txt)
10 */
11
12#ifndef BOTAN_KYBER_INTERNAL_KEYS_H_
13#define BOTAN_KYBER_INTERNAL_KEYS_H_
14
15#include <botan/internal/ct_utils.h>
16#include <botan/internal/kyber_algos.h>
17#include <botan/internal/kyber_constants.h>
18#include <botan/internal/kyber_types.h>
19
20namespace Botan {
21
22class Kyber_Keypair_Codec {
23 public:
24 virtual ~Kyber_Keypair_Codec() = default;
25 virtual secure_vector<uint8_t> encode_keypair(KyberInternalKeypair keypair) const = 0;
26 virtual KyberInternalKeypair decode_keypair(std::span<const uint8_t> private_key, KyberConstants mode) const = 0;
27};
28
29/// Codec for expanded private keys (as specified in FIPS 203)
30class Expanded_Keypair_Codec final : public Kyber_Keypair_Codec {
31 public:
32 KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;
33 secure_vector<uint8_t> encode_keypair(KyberInternalKeypair private_key) const override;
34};
35
36/// Codec for private keys as 64-byte seeds: d || z
37class Seed_Expanding_Keypair_Codec final : public Kyber_Keypair_Codec {
38 public:
39 KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;
40 secure_vector<uint8_t> encode_keypair(KyberInternalKeypair keypair) const override;
41};
42
43class Kyber_PublicKeyInternal {
44 public:
45 Kyber_PublicKeyInternal(KyberConstants mode, KyberSerializedPublicKey public_key);
46 Kyber_PublicKeyInternal(KyberConstants mode, KyberPolyVecNTT polynomials, KyberSeedRho seed);
47
48 void indcpa_encrypt(StrongSpan<KyberCompressedCiphertext> out_ct,
49 StrongSpan<const KyberMessage> m,
50 StrongSpan<const KyberEncryptionRandomness> r,
51 const KyberPolyMat& At) const;
52
53 KyberCompressedCiphertext indcpa_encrypt(const KyberMessage& m,
54 const KyberEncryptionRandomness& r,
55 const KyberPolyMat& At) const {
56 KyberCompressedCiphertext ct(m_mode.ciphertext_bytes());
57 indcpa_encrypt(ct, m, r, At);
58 return ct;
59 }
60
61 const KyberPolyVecNTT& t() const { return m_t; }
62
63 const KyberSeedRho& rho() const { return m_rho; }
64
65 const KyberConstants& mode() const { return m_mode; }
66
67 const KyberSerializedPublicKey& public_key_bits_raw() const { return m_public_key_bits_raw; }
68
69 const KyberHashedPublicKey& H_public_key_bits_raw() const { return m_H_public_key_bits_raw; }
70
71 Kyber_PublicKeyInternal() = delete;
72
73 private:
74 const KyberConstants m_mode;
75 const KyberSerializedPublicKey m_public_key_bits_raw;
76 const KyberHashedPublicKey m_H_public_key_bits_raw;
77 KyberPolyVecNTT m_t;
78 const KyberSeedRho m_rho;
79};
80
81class Kyber_PrivateKeyInternal {
82 public:
83 Kyber_PrivateKeyInternal(KyberConstants mode, KyberPolyVecNTT s, KyberPrivateKeySeed seed) :
84 m_mode(std::move(mode)), m_s(std::move(s)), m_seed(std::move(seed)) {}
85
86 KyberMessage indcpa_decrypt(StrongSpan<const KyberCompressedCiphertext> ct) const;
87
88 KyberPolyVecNTT& s() { return m_s; }
89
90 const KyberPolyVecNTT& s() const { return m_s; }
91
92 const KyberPrivateKeySeed& seed() const { return m_seed; }
93
94 const KyberImplicitRejectionValue& z() const { return m_seed.z; }
95
96 const KyberConstants& mode() const { return m_mode; }
97
98 Kyber_PrivateKeyInternal() = delete;
99
100 void _const_time_poison() const { CT::poison_all(m_s, m_seed.d, m_seed.z); }
101
102 void _const_time_unpoison() const { CT::unpoison_all(m_s, m_seed.d, m_seed.z); }
103
104 private:
105 KyberConstants m_mode;
106 KyberPolyVecNTT m_s;
107 KyberPrivateKeySeed m_seed;
108};
109
110} // namespace Botan
111
112#endif
Botan::Expanded_Keypair_Codec
Codec for expanded private keys (as specified in FIPS 203)
Definition kyber_keys.h:30
Botan::Expanded_Keypair_Codec::encode_keypair
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair private_key) const override
Definition kyber_keys.cpp:73
Botan::Expanded_Keypair_Codec::decode_keypair
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
Definition kyber_keys.cpp:39
Botan::Kyber_Keypair_Codec
Definition kyber_keys.h:22
Botan::Kyber_Keypair_Codec::encode_keypair
virtual secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const =0
Botan::Kyber_Keypair_Codec::decode_keypair
virtual KyberInternalKeypair decode_keypair(std::span< const uint8_t > private_key, KyberConstants mode) const =0
Botan::Kyber_Keypair_Codec::~Kyber_Keypair_Codec
virtual ~Kyber_Keypair_Codec()=default
Botan::Kyber_PrivateKeyInternal::indcpa_decrypt
KyberMessage indcpa_decrypt(StrongSpan< const KyberCompressedCiphertext > ct) const
Definition kyber_keys.cpp:158
Botan::Kyber_PrivateKeyInternal::mode
const KyberConstants & mode() const
Definition kyber_keys.h:96
Botan::Kyber_PrivateKeyInternal::_const_time_poison
void _const_time_poison() const
Definition kyber_keys.h:100
Botan::Kyber_PrivateKeyInternal::seed
const KyberPrivateKeySeed & seed() const
Definition kyber_keys.h:92
Botan::Kyber_PrivateKeyInternal::Kyber_PrivateKeyInternal
Kyber_PrivateKeyInternal(KyberConstants mode, KyberPolyVecNTT s, KyberPrivateKeySeed seed)
Definition kyber_keys.h:83
Botan::Kyber_PrivateKeyInternal::s
KyberPolyVecNTT & s()
Definition kyber_keys.h:88
Botan::Kyber_PrivateKeyInternal::s
const KyberPolyVecNTT & s() const
Definition kyber_keys.h:90
Botan::Kyber_PrivateKeyInternal::Kyber_PrivateKeyInternal
Kyber_PrivateKeyInternal()=delete
Botan::Kyber_PrivateKeyInternal::z
const KyberImplicitRejectionValue & z() const
Definition kyber_keys.h:94
Botan::Kyber_PrivateKeyInternal::_const_time_unpoison
void _const_time_unpoison() const
Definition kyber_keys.h:102
Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal
Kyber_PublicKeyInternal(KyberConstants mode, KyberSerializedPublicKey public_key)
Definition kyber_keys.cpp:104
Botan::Kyber_PublicKeyInternal::H_public_key_bits_raw
const KyberHashedPublicKey & H_public_key_bits_raw() const
Definition kyber_keys.h:69
Botan::Kyber_PublicKeyInternal::t
const KyberPolyVecNTT & t() const
Definition kyber_keys.h:61
Botan::Kyber_PublicKeyInternal::indcpa_encrypt
KyberCompressedCiphertext indcpa_encrypt(const KyberMessage &m, const KyberEncryptionRandomness &r, const KyberPolyMat &At) const
Definition kyber_keys.h:53
Botan::Kyber_PublicKeyInternal::rho
const KyberSeedRho & rho() const
Definition kyber_keys.h:63
Botan::Kyber_PublicKeyInternal::indcpa_encrypt
void indcpa_encrypt(StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
Definition kyber_keys.cpp:129
Botan::Kyber_PublicKeyInternal::mode
const KyberConstants & mode() const
Definition kyber_keys.h:65
Botan::Kyber_PublicKeyInternal::public_key_bits_raw
const KyberSerializedPublicKey & public_key_bits_raw() const
Definition kyber_keys.h:67
Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal
Kyber_PublicKeyInternal()=delete
Botan::Seed_Expanding_Keypair_Codec
Codec for private keys as 64-byte seeds: d || z.
Definition kyber_keys.h:37
Botan::Seed_Expanding_Keypair_Codec::decode_keypair
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
Definition kyber_keys.cpp:86
Botan::Seed_Expanding_Keypair_Codec::encode_keypair
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const override
Definition kyber_keys.cpp:97
Botan::CT::unpoison_all
constexpr void unpoison_all(Ts &&... ts)
Definition ct_utils.h:202
Botan::CT::poison_all
constexpr void poison_all(Ts &&... ts)
Definition ct_utils.h:196
Botan::KyberImplicitRejectionValue
Strong< secure_vector< uint8_t >, struct KyberImplicitRejectionValue_ > KyberImplicitRejectionValue
Secret random value (called Z in the spec), used for implicit rejection in the decapsulation.
Definition kyber_types.h:42
Botan::KyberEncryptionRandomness
Strong< secure_vector< uint8_t >, struct KyberEncryptionRandomness_ > KyberEncryptionRandomness
Random value used to generate the Kyber ciphertext.
Definition kyber_types.h:48
Botan::KyberMessage
Strong< secure_vector< uint8_t >, struct KyberMessage_ > KyberMessage
Random message value to be encrypted by the CPA-secure Kyber encryption scheme.
Definition kyber_types.h:45
Botan::KyberPolyVecNTT
Botan::CRYSTALS::PolynomialVector< KyberPolyTraits, Botan::CRYSTALS::Domain::NTT > KyberPolyVecNTT
Definition kyber_types.h:26
Botan::KyberSeedRho
Strong< std::vector< uint8_t >, struct KyberSeedRho_ > KyberSeedRho
Public seed value to generate the Kyber matrix A.
Definition kyber_types.h:36
Botan::KyberInternalKeypair
std::pair< std::shared_ptr< Kyber_PublicKeyInternal >, std::shared_ptr< Kyber_PrivateKeyInternal > > KyberInternalKeypair
Definition kyber_types.h:73
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
Botan::KyberCompressedCiphertext
Strong< std::vector< uint8_t >, struct KyberCompressedCiphertext_ > KyberCompressedCiphertext
Compressed and serialized ciphertext value.
Definition kyber_types.h:63
Botan::KyberPolyMat
Botan::CRYSTALS::PolynomialMatrix< KyberPolyTraits > KyberPolyMat
Definition kyber_types.h:27
Botan::KyberHashedPublicKey
Strong< std::vector< uint8_t >, struct KyberHashedPublicKey_ > KyberHashedPublicKey
Hash value of the serialized public key.
Definition kyber_types.h:60
Botan::KyberSerializedPublicKey
Strong< std::vector< uint8_t >, struct KyberSerializedPublicKey_ > KyberSerializedPublicKey
Public key in serialized form (t || rho)
Definition kyber_types.h:57
Generated by doxygen 1.13.2