doxygen/kyber__keys_8h_source.html

/*

 * Crystals Kyber Internal Key Types

 *

 * (C) 2021-2024 Jack Lloyd

 * (C) 2021-2022 Manuel Glaser and Michael Boric, Rohde & Schwarz Cybersecurity

 * (C) 2021-2022 René Meusel and Hannes Rantzsch, neXenio GmbH

 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#ifndef BOTAN_KYBER_INTERNAL_KEYS_H_

#define BOTAN_KYBER_INTERNAL_KEYS_H_


#include <botan/internal/ct_utils.h>

#include <botan/internal/kyber_algos.h>

#include <botan/internal/kyber_constants.h>

#include <botan/internal/kyber_types.h>


namespace Botan {


class Kyber_Keypair_Codec /* NOLINT(*-special-member-functions) */ {

   public:

      virtual ~Kyber_Keypair_Codec() = default;

      virtual secure_vector<uint8_t> encode_keypair(KyberInternalKeypair keypair) const = 0;

      virtual KyberInternalKeypair decode_keypair(std::span<const uint8_t> private_key, KyberConstants mode) const = 0;

};


/// Codec for expanded private keys (as specified in FIPS 203)


class Expanded_Keypair_Codec final : public Kyber_Keypair_Codec {

   public:

      KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;

      secure_vector<uint8_t> encode_keypair(KyberInternalKeypair private_key) const override;

};


/// Codec for private keys as 64-byte seeds: d || z


class Seed_Expanding_Keypair_Codec final : public Kyber_Keypair_Codec {

   public:

      KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;

      secure_vector<uint8_t> encode_keypair(KyberInternalKeypair keypair) const override;

};


class Kyber_PublicKeyInternal final {

   public:

      Kyber_PublicKeyInternal(KyberConstants mode, KyberSerializedPublicKey public_key);

      Kyber_PublicKeyInternal(KyberConstants mode, KyberPolyVecNTT polynomials, KyberSeedRho seed);


      void indcpa_encrypt(StrongSpan<KyberCompressedCiphertext> out_ct,

                          StrongSpan<const KyberMessage> m,

                          StrongSpan<const KyberEncryptionRandomness> r,

                          const KyberPolyMat& At,

                          const KyberConstants& mode) const;


      KyberCompressedCiphertext indcpa_encrypt(const KyberMessage& m,

                                               const KyberEncryptionRandomness& r,

                                               const KyberPolyMat& At,

                                               const KyberConstants& mode) const {

         KyberCompressedCiphertext ct(m_mode.ciphertext_bytes());

         indcpa_encrypt(ct, m, r, At, mode);

         return ct;

      }


      const KyberPolyVecNTT& t() const { return m_t; }


      const KyberSeedRho& rho() const { return m_rho; }


      const KyberConstants& mode() const { return m_mode; }


      const KyberSerializedPublicKey& public_key_bits_raw() const { return m_public_key_bits_raw; }


      const KyberHashedPublicKey& H_public_key_bits_raw() const { return m_H_public_key_bits_raw; }


      Kyber_PublicKeyInternal() = delete;


   private:

      const KyberConstants m_mode;

      const KyberSerializedPublicKey m_public_key_bits_raw;

      const KyberHashedPublicKey m_H_public_key_bits_raw;

      KyberPolyVecNTT m_t;

      const KyberSeedRho m_rho;

};


class Kyber_PrivateKeyInternal {

   public:


      Kyber_PrivateKeyInternal(KyberConstants mode, KyberPolyVecNTT s, KyberPrivateKeySeed seed) :

            m_mode(std::move(mode)), m_s(std::move(s)), m_seed(std::move(seed)) {}


      KyberMessage indcpa_decrypt(StrongSpan<const KyberCompressedCiphertext> ct) const;


      KyberPolyVecNTT& s() { return m_s; }


      const KyberPolyVecNTT& s() const { return m_s; }


      const KyberPrivateKeySeed& seed() const { return m_seed; }


      const KyberImplicitRejectionValue& z() const { return m_seed.z; }


      const KyberConstants& mode() const { return m_mode; }


      Kyber_PrivateKeyInternal() = delete;


      void _const_time_poison() const { CT::poison_all(m_s, m_seed.d, m_seed.z); }


      void _const_time_unpoison() const { CT::unpoison_all(m_s, m_seed.d, m_seed.z); }


   private:

      KyberConstants m_mode;

      KyberPolyVecNTT m_s;

      KyberPrivateKeySeed m_seed;

};


}  // namespace Botan


#endif

Botan::Expanded_Keypair_Codec
Codec for expanded private keys (as specified in FIPS 203).
Definition kyber_keys.h:30

Botan::Expanded_Keypair_Codec::encode_keypair
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair private_key) const override
Definition kyber_keys.cpp:74

Botan::Expanded_Keypair_Codec::decode_keypair
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
Definition kyber_keys.cpp:40

Botan::KyberConstants
Definition kyber_constants.h:21

Botan::Kyber_Keypair_Codec
Definition kyber_keys.h:22

Botan::Kyber_Keypair_Codec::encode_keypair
virtual secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const =0

Botan::Kyber_Keypair_Codec::decode_keypair
virtual KyberInternalKeypair decode_keypair(std::span< const uint8_t > private_key, KyberConstants mode) const =0

Botan::Kyber_Keypair_Codec::~Kyber_Keypair_Codec
virtual ~Kyber_Keypair_Codec()=default

Botan::Kyber_PrivateKeyInternal::indcpa_decrypt
KyberMessage indcpa_decrypt(StrongSpan< const KyberCompressedCiphertext > ct) const
Definition kyber_keys.cpp:160

Botan::Kyber_PrivateKeyInternal::mode
const KyberConstants & mode() const
Definition kyber_keys.h:98

Botan::Kyber_PrivateKeyInternal::_const_time_poison
void _const_time_poison() const
Definition kyber_keys.h:102

Botan::Kyber_PrivateKeyInternal::seed
const KyberPrivateKeySeed & seed() const
Definition kyber_keys.h:94

Botan::Kyber_PrivateKeyInternal::Kyber_PrivateKeyInternal
Kyber_PrivateKeyInternal(KyberConstants mode, KyberPolyVecNTT s, KyberPrivateKeySeed seed)
Definition kyber_keys.h:85

Botan::Kyber_PrivateKeyInternal::s
KyberPolyVecNTT & s()
Definition kyber_keys.h:90

Botan::Kyber_PrivateKeyInternal::s
const KyberPolyVecNTT & s() const
Definition kyber_keys.h:92

Botan::Kyber_PrivateKeyInternal::Kyber_PrivateKeyInternal
Kyber_PrivateKeyInternal()=delete

Botan::Kyber_PrivateKeyInternal::z
const KyberImplicitRejectionValue & z() const
Definition kyber_keys.h:96

Botan::Kyber_PrivateKeyInternal::_const_time_unpoison
void _const_time_unpoison() const
Definition kyber_keys.h:104

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal
Kyber_PublicKeyInternal(KyberConstants mode, KyberSerializedPublicKey public_key)
Definition kyber_keys.cpp:105

Botan::Kyber_PublicKeyInternal::H_public_key_bits_raw
const KyberHashedPublicKey & H_public_key_bits_raw() const
Definition kyber_keys.h:71

Botan::Kyber_PublicKeyInternal::t
const KyberPolyVecNTT & t() const
Definition kyber_keys.h:63

Botan::Kyber_PublicKeyInternal::rho
const KyberSeedRho & rho() const
Definition kyber_keys.h:65

Botan::Kyber_PublicKeyInternal::indcpa_encrypt
KyberCompressedCiphertext indcpa_encrypt(const KyberMessage &m, const KyberEncryptionRandomness &r, const KyberPolyMat &At, const KyberConstants &mode) const
Definition kyber_keys.h:54

Botan::Kyber_PublicKeyInternal::indcpa_encrypt
void indcpa_encrypt(StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At, const KyberConstants &mode) const
Definition kyber_keys.cpp:130

Botan::Kyber_PublicKeyInternal::mode
const KyberConstants & mode() const
Definition kyber_keys.h:67

Botan::Kyber_PublicKeyInternal::public_key_bits_raw
const KyberSerializedPublicKey & public_key_bits_raw() const
Definition kyber_keys.h:69

Botan::Kyber_PublicKeyInternal::Kyber_PublicKeyInternal
Kyber_PublicKeyInternal()=delete

Botan::Seed_Expanding_Keypair_Codec
Codec for private keys as 64-byte seeds: d || z.
Definition kyber_keys.h:37

Botan::Seed_Expanding_Keypair_Codec::decode_keypair
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
Definition kyber_keys.cpp:87

Botan::Seed_Expanding_Keypair_Codec::encode_keypair
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const override
Definition kyber_keys.cpp:98

Botan::StrongSpan
Definition strong_type.h:659

Botan::CT::poison_all
constexpr void poison_all(const Ts &... ts)
Definition ct_utils.h:201

Botan::CT::unpoison_all
constexpr void unpoison_all(const Ts &... ts)
Definition ct_utils.h:207

Botan
Definition alg_id.cpp:13

Botan::KyberImplicitRejectionValue
Strong< secure_vector< uint8_t >, struct KyberImplicitRejectionValue_ > KyberImplicitRejectionValue
Secret random value (called Z in the spec), used for implicit rejection in the decapsulation.
Definition kyber_types.h:42

Botan::KyberEncryptionRandomness
Strong< secure_vector< uint8_t >, struct KyberEncryptionRandomness_ > KyberEncryptionRandomness
Random value used to generate the Kyber ciphertext.
Definition kyber_types.h:48

Botan::KyberMessage
Strong< secure_vector< uint8_t >, struct KyberMessage_ > KyberMessage
Random message value to be encrypted by the CPA-secure Kyber encryption scheme.
Definition kyber_types.h:45

Botan::KyberPolyVecNTT
Botan::CRYSTALS::PolynomialVector< KyberPolyTraits, Botan::CRYSTALS::Domain::NTT > KyberPolyVecNTT
Definition kyber_types.h:26

Botan::KyberSeedRho
Strong< std::vector< uint8_t >, struct KyberSeedRho_ > KyberSeedRho
Public seed value to generate the Kyber matrix A.
Definition kyber_types.h:36

Botan::KyberInternalKeypair
std::pair< std::shared_ptr< Kyber_PublicKeyInternal >, std::shared_ptr< Kyber_PrivateKeyInternal > > KyberInternalKeypair
Definition kyber_types.h:73

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

Botan::KyberCompressedCiphertext
Strong< std::vector< uint8_t >, struct KyberCompressedCiphertext_ > KyberCompressedCiphertext
Compressed and serialized ciphertext value.
Definition kyber_types.h:63

Botan::KyberPolyMat
Botan::CRYSTALS::PolynomialMatrix< KyberPolyTraits > KyberPolyMat
Definition kyber_types.h:27

Botan::KyberHashedPublicKey
Strong< std::vector< uint8_t >, struct KyberHashedPublicKey_ > KyberHashedPublicKey
Hash value of the serialized public key.
Definition kyber_types.h:60

Botan::KyberSerializedPublicKey
Strong< std::vector< uint8_t >, struct KyberSerializedPublicKey_ > KyberSerializedPublicKey
Public key in serialized form (t || rho).
Definition kyber_types.h:57

Botan::KyberPrivateKeySeed
Definition kyber_types.h:79