hybrid

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2024 License: BSD-3-Clause Imports: 15 Imported by: 28

Documentation

Overview

Package hybrid defines several hybrid classical/quantum KEMs for use in TLS.

Hybrid KEMs in TLS are created by simple concatenation of shared secrets, cipher texts, public keys, etc. This is safe for TLS, see eg. 

https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf

Note that this approach is not proven secure in broader context.

For deriving a KEM keypair deterministically and encapsulating deterministically, we expand a single seed to both using SHAKE256, so that a non-uniform seed (such as a shared secret generated by a hybrid KEM where one of the KEMs is weak) doesn't impact just one of the KEMs.

Of our XOF (SHAKE256), we desire two security properties:

  1. The internal state of the XOF should be big enough so that we do not loose entropy.
  2. From one of the new seeds, we shouldn't be able to derive the other or the original seed.

SHAKE256, and all siblings in the SHA3 family, have a 200B internal state, so (1) is fine if our seeds are less than 200B. If SHAKE256 is computationally indistinguishable from a random sponge, then it affords us 256b security against (2) by the flat sponge claim [https://keccak.team/files/SpongeFunctions.pdf]. None of the implemented schemes claim more than 256b security and so SHAKE256 will do fine.

Index

Constants

This section is empty.

Variables

View Source 
var ErrUninitialized = errors.New("public or private key not initialized")

Functions

func Kyber1024X448 

func Kyber1024X448() kem.Scheme

Returns the hybrid KEM of Kyber1024Draft00 and X448.

func Kyber512X25519 

func Kyber512X25519() kem.Scheme

Returns the hybrid KEM of Kyber512Draft00 and X25519.

func Kyber768X25519 added in v1.3.0 

func Kyber768X25519() kem.Scheme

Returns the hybrid KEM of Kyber768Draft00 and X25519.

func Kyber768X448 

func Kyber768X448() kem.Scheme

Returns the hybrid KEM of Kyber768Draft00 and X448.

func P256Kyber768Draft00 added in v1.3.3 

func P256Kyber768Draft00() kem.Scheme

Returns the hybrid KEM of Kyber768Draft00 and P-256.

func X25519MLKEM768 added in v1.5.0 

func X25519MLKEM768() kem.Scheme

Returns the hybrid KEM of ML-KEM-768 and X25519. https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-01.html

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.