hybrid

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2024 License: BSD-3-Clause Imports: 14 Imported by: 30

Documentation

Overview

Package hybrid defines several hybrid classical/quantum KEMs.

KEMs are combined by simple concatenation of shared secrets, cipher texts, public keys, etc, see

https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf

Note that this is only fine if the shared secret is used in its entirety in a next step, such as being hashed or used as key.

For deriving a KEM keypair deterministically and encapsulating deterministically, we expand a single seed to both using SHAKE256, so that a non-uniform seed (such as a shared secret generated by a hybrid KEM where one of the KEMs is weak) doesn't impact just one of the KEMs.

Of our XOF (SHAKE256), we desire two security properties:

  1. The internal state of the XOF should be big enough so that we do not loose entropy.
  2. From one of the new seeds, we shouldn't be able to derive the other or the original seed.

SHAKE256, and all siblings in the SHA3 family, have a 200B internal state, so (1) is fine if our seeds are less than 200B. If SHAKE256 is computationally indistinguishable from a random sponge, then it affords us 256b security against (2) by the flat sponge claim [https://keccak.team/files/SpongeFunctions.pdf]. None of the implemented schemes claim more than 256b security and so SHAKE256 will do fine.

Index

Constants

This section is empty.

Variables

View Source
var ErrUninitialized = errors.New("public or private key not initialized")

Functions

func Kyber1024X448

func Kyber1024X448() kem.Scheme

Returns the hybrid KEM of Kyber1024Draft00 and X448.

func Kyber512X25519

func Kyber512X25519() kem.Scheme

Returns the hybrid KEM of Kyber512Draft00 and X25519.

func Kyber768X25519 added in v1.3.0

func Kyber768X25519() kem.Scheme

Returns the hybrid KEM of Kyber768Draft00 and X25519.

func Kyber768X448

func Kyber768X448() kem.Scheme

Returns the hybrid KEM of Kyber768Draft00 and X448.

func P256Kyber768Draft00 added in v1.3.3

func P256Kyber768Draft00() kem.Scheme

Returns the hybrid KEM of Kyber768Draft00 and P-256.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL