fips203ipd
C11 implementation of FIPS 203 initial public draft (IPD).
Macros | Functions
KEM1024

KEM1024 constants and functions. More...

Macros

#define FIPS203IPD_KEM1024_EK_SIZE   1568
 Size of KEM1024 encapsulation key, in bytes (384 * K + 32).
 
#define FIPS203IPD_KEM1024_DK_SIZE   3168
 Size of KEM1024 decapsulation key, in bytes (768 * K + 96).
 
#define FIPS203IPD_KEM1024_CT_SIZE   1568
 Size of KEM1024 ciphertext, in bytes (32 * (DU * K + DV)).
 

Functions

void fips203ipd_kem1024_keygen (uint8_t ek[static FIPS203IPD_KEM1024_EK_SIZE], uint8_t dk[static FIPS203IPD_KEM1024_DK_SIZE], const uint8_t seed[static 64])
 Generate KEM1024 encapsulation key ek and decapsulation key dk from 64 byte random seed seed. More...
 
void fips203ipd_kem1024_encaps (uint8_t key[static 32], uint8_t ct[static FIPS203IPD_KEM1024_CT_SIZE], const uint8_t ek[static FIPS203IPD_KEM1024_EK_SIZE], const uint8_t seed[static 32])
 Generate KEM1024 shared key key and ciphertext ct from given encapsulation key ek and randomness seed. More...
 
void fips203ipd_kem1024_decaps (uint8_t key[static 32], const uint8_t ct[static FIPS203IPD_KEM1024_CT_SIZE], const uint8_t dk[static FIPS203IPD_KEM1024_DK_SIZE])
 Decapsulate shared key key from ciphertext ct using KEM1024 decapsulation key dk with implicit rejection. More...
 

Detailed Description

KEM1024 constants and functions.

Function Documentation

◆ fips203ipd_kem1024_decaps()

void fips203ipd_kem1024_decaps ( uint8_t  key[static 32],
const uint8_t  ct[static FIPS203IPD_KEM1024_CT_SIZE],
const uint8_t  dk[static FIPS203IPD_KEM1024_DK_SIZE] 
)

Decapsulate shared key key from ciphertext ct using KEM1024 decapsulation key dk with implicit rejection.

Note
Implicit rejection means that when this function is given an invalid ciphertext, it will return a key which is unpredictable to the attacker rather than an error. This is intended to provide IND-CCA2 security, as discussed in section 3.2 of the FIPS 203 initial public draft.
Parameters
[out]keyShared key (32 bytes).
[out]ctCiphertext (1568 bytes).
[in]dkKEM1024 decapsulation key (3168 bytes).

Example:

// alice: decapsulate shared secret from ciphertext
uint8_t a_key[32] = { 0 }; // decapsulated key
fips203ipd_kem1024_decaps(a_key, ct, dk);
void fips203ipd_kem1024_decaps(uint8_t key[static 32], const uint8_t ct[static FIPS203IPD_KEM1024_CT_SIZE], const uint8_t dk[static FIPS203IPD_KEM1024_DK_SIZE])
Decapsulate shared key key from ciphertext ct using KEM1024 decapsulation key dk with implicit reject...

◆ fips203ipd_kem1024_encaps()

void fips203ipd_kem1024_encaps ( uint8_t  key[static 32],
uint8_t  ct[static FIPS203IPD_KEM1024_CT_SIZE],
const uint8_t  ek[static FIPS203IPD_KEM1024_EK_SIZE],
const uint8_t  seed[static 32] 
)

Generate KEM1024 shared key key and ciphertext ct from given encapsulation key ek and randomness seed.

Warning
seed must be 32 random bytes generated by a cryptographically secure pseudorandom number generator (CSPRNG). Specifically, section 3.3 of the FIPS 203 initial public draft requires an approved random bit generator (RBG) with at least 256 bits of strength.
Note
Encapsulation key polynomial coefficients are reduced modulo Q during deserialization, as per option #2 in this pqc-forum discussion.
Parameters
[out]keyShared key (32 bytes).
[out]ctCiphertext (1568 bytes).
[in]ekKEM1024 encapsulation key (1568 bytes).
[in]seedRandom seed (32 bytes).

Example:

// bob: get 32 random bytes for encaps()
uint8_t encaps_seed[32] = { 0 };
rand_bytes(encaps_seed, sizeof(encaps_seed));
// bob: generate shared secret and ciphertext from encapsulation key and seed
uint8_t b_key[32] = { 0 }; // shared secret
uint8_t ct[FIPS203IPD_KEM1024_CT_SIZE] = { 0 }; // ciphertext
fips203ipd_kem1024_encaps(b_key, ct, ek, encaps_seed);
#define FIPS203IPD_KEM1024_CT_SIZE
Size of KEM1024 ciphertext, in bytes (32 * (DU * K + DV)).
Definition: fips203ipd.h:249
void fips203ipd_kem1024_encaps(uint8_t key[static 32], uint8_t ct[static FIPS203IPD_KEM1024_CT_SIZE], const uint8_t ek[static FIPS203IPD_KEM1024_EK_SIZE], const uint8_t seed[static 32])
Generate KEM1024 shared key key and ciphertext ct from given encapsulation key ek and randomness seed...

◆ fips203ipd_kem1024_keygen()

void fips203ipd_kem1024_keygen ( uint8_t  ek[static FIPS203IPD_KEM1024_EK_SIZE],
uint8_t  dk[static FIPS203IPD_KEM1024_DK_SIZE],
const uint8_t  seed[static 64] 
)

Generate KEM1024 encapsulation key ek and decapsulation key dk from 64 byte random seed seed.

Warning
seed must be 64 random bytes generated by a cryptographically secure pseudorandom number generator (CSPRNG). Specifically, section 3.3 of the FIPS 203 initial public draft requires an approved random bit generator (RBG) with at least 256 bits of strength.
Parameters
[out]ekKEM1024 encapsulation key (1568 bytes).
[out]dkKEM1024 decapsulation key (3168 bytes).
[in]seedRandom seed (64 bytes).

Example:

// alice: get 64 random bytes for keygen()
uint8_t keygen_seed[64] = { 0 };
rand_bytes(keygen_seed, sizeof(keygen_seed));
// alice: generate encapsulation/decapsulation key pair from seed
uint8_t ek[FIPS203IPD_KEM1024_EK_SIZE] = { 0 }; // encapsulation key
uint8_t dk[FIPS203IPD_KEM1024_DK_SIZE] = { 0 }; // decapsulation key
fips203ipd_kem1024_keygen(ek, dk, keygen_seed);
#define FIPS203IPD_KEM1024_EK_SIZE
Size of KEM1024 encapsulation key, in bytes (384 * K + 32).
Definition: fips203ipd.h:237
void fips203ipd_kem1024_keygen(uint8_t ek[static FIPS203IPD_KEM1024_EK_SIZE], uint8_t dk[static FIPS203IPD_KEM1024_DK_SIZE], const uint8_t seed[static 64])
Generate KEM1024 encapsulation key ek and decapsulation key dk from 64 byte random seed seed.
#define FIPS203IPD_KEM1024_DK_SIZE
Size of KEM1024 decapsulation key, in bytes (768 * K + 96).
Definition: fips203ipd.h:243