hpqc

module
v0.0.28 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 18, 2024 License: AGPL-3.0

README

HPQC

Go Reference Release Go Report Card CI

hybrid post quantum cryptography

hpqc is a golang cryptography library. hpqc is used by the Katzenpost mixnet. The theme of the library is hybrid post quantum cryptographic constructions, namely:

  • hybrid KEMs
  • hybrid NIKEs
  • hybrid signature schemes

This library makes some unique contributions in golang:

  1. a set of generic NIKE interfaces for NIKE scheme, public key and private key types
  2. generic hybrid NIKE, combines any two NIKEs into one
  3. secure KEM combiner that can combine an arbtrary number of KEMs into one KEM
  4. a "NIKE to KEM adapter" which uses an ad hoc hashed elgamal construction
  5. cgo bindings for the Sphincs+ C reference source
  6. cgo bindings for the CTIDH C source
  7. generic hybrid signature scheme, combines any two signature schemes into one

NIKE to KEM adapter

Our ad hoc hashed elgamal construction for adapting any NIKE to a KEM is, in pseudo code:

func ENCAPSULATE(their_pubkey publickey) ([]byte, []byte) {
    my_privkey, my_pubkey = GEN_KEYPAIR(RNG)
    ss = DH(my_privkey, their_pubkey)
    ss2 = PRF(ss || their_pubkey || my_pubkey)
    return my_pubkey, ss2
}

func DECAPSULATE(my_privkey, their_pubkey) []byte {
    s = DH(my_privkey, their_pubkey)
    shared_key = PRF(ss || my_pubkey || their_pubkey)
    return shared_key
}

KEM Combiner

The KEM Combiners paper makes the observation that if a KEM combiner is not security preserving then the resulting hybrid KEM will not have IND-CCA2 security if one of the composing KEMs does not have IND-CCA2 security. Likewise the paper points out that when using a security preserving KEM combiner, if only one of the composing KEMs has IND-CCA2 security then the resulting hybrid KEM will have IND-CCA2 security.

Our KEM combiner uses the split PRF design for an arbitrary number of kems, here shown with only three, in pseudo code:

func SplitPRF(ss1, ss2, ss3, cct1, cct2, cct3 []byte) []byte {
    cct := cct1 || cct2 || cct3
    return PRF(ss1 || cct) XOR PRF(ss2 || cct) XOR PRF(ss3 || cct)
}

cryptographic primitives

NIKE: Non-Interactive Key Exchange
  • Classical Diffiehellman
  • X25519
  • X448
  • CTIDH511, CTIDH512, CTIDH1024, CTIDH2048
  • X25519_CTIDH511, X25519_CTIDH512, X25519_CTIDH1024, X25519_CTIDH2048
  • NOBS_CSIDH-512
  • X25519_NOBS_CSIDH-512
KEM: Key Encapsulation Methods
  • X25519 (adapted via ad hoc hashed elgamal construction)
  • CTIDH1024 (adapted via ad hoc hashed elgamal construction)
  • MLKEM-768
  • Xwing
  • McEliece
  • NTRUPrime
  • Kyber
  • FrodoKEM
SIGN: Cryptographic Signature Schemes
  • ed25519
  • sphincs+
  • ed25519_sphincs+
  • ed25519_dilithium2/3

licensing

HPQC (aka hpqc) is free libre open source software (FLOSS) under the AGPL-3.0 software license.

  1. https://github.com/katzenpost/hpqc/blob/main/kem/hybrid/hybrid.go
  2. https://github.com/katzenpost/hpqc/blob/main/kem/interfaces.go
  3. https://github.com/katzenpost/hpqc/blob/main/sign/interfaces.go

https://github.com/katzenpost/hpqc/blob/main/nike/diffiehellman/dh.go

Directories

Path Synopsis
kem
Package kem provides a unified interface for KEM schemes.
Package kem provides a unified interface for KEM schemes.
adapter
Package adapter provides an adhoc hashed ElGamal construction that essentially acts like an adapter, adapting a NIKE to KEM.
Package adapter provides an adhoc hashed ElGamal construction that essentially acts like an adapter, adapting a NIKE to KEM.
combiner
Package combiner defines a security preserving KEM combiner.
Package combiner defines a security preserving KEM combiner.
mlkem768
Package mlkem768 provides a KEM wrapper that uses our KEM interfaces.
Package mlkem768 provides a KEM wrapper that uses our KEM interfaces.
pem
sntrup
This package provide the Streamlined NTRU Prime KEM.
This package provide the Streamlined NTRU Prime KEM.
xwing
Package xwing provides the xwing KEM using a KEM wrapper so that it obeys our KEM interfaces for Scheme, PrivateKey, PublicKey.
Package xwing provides the xwing KEM using a KEM wrapper so that it obeys our KEM interfaces for Scheme, PrivateKey, PublicKey.
Package nike contains generic NIKE interfaces and many implementations.
Package nike contains generic NIKE interfaces and many implementations.
Package rand provides various utitilies related to generating cryptographically secure random numbers and byte vectors.
Package rand provides various utitilies related to generating cryptographically secure random numbers and byte vectors.
ed25519
Package is our ed25519 wrapper type which also conforms to our generic interfaces for signature schemes.
Package is our ed25519 wrapper type which also conforms to our generic interfaces for signature schemes.
pem
sphincsplus
Package sphincsplus implements interface wrapper around a specific parameterization of Sphincs+.
Package sphincsplus implements interface wrapper around a specific parameterization of Sphincs+.
pem

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL