fips203ipd
C11 implementation of FIPS 203 initial public draft (IPD).
Macros | Functions
KEM512

KEM512 constants and functions. More...

Macros

#define FIPS203IPD_KEM512_EK_SIZE   800
 Size of KEM512 encapsulation key, in bytes (384 * K + 32).
 
#define FIPS203IPD_KEM512_DK_SIZE   1632
 Size of KEM512 decapsulation key, in bytes (768 * K + 96).
 
#define FIPS203IPD_KEM512_CT_SIZE   768
 Size of KEM512 ciphertext, in bytes (32 * (DU * K + DV)).
 

Functions

void fips203ipd_kem512_keygen (uint8_t ek[static FIPS203IPD_KEM512_EK_SIZE], uint8_t dk[static FIPS203IPD_KEM512_DK_SIZE], const uint8_t seed[static 64])
 Generate KEM512 encapsulation key ek and decapsulation key dk from 64 byte random seed seed. More...
 
void fips203ipd_kem512_encaps (uint8_t key[static 32], uint8_t ct[static FIPS203IPD_KEM512_CT_SIZE], const uint8_t ek[static FIPS203IPD_KEM512_EK_SIZE], const uint8_t seed[static 32])
 Generate KEM512 shared key key and ciphertext ct from given encapsulation key ek and randomness seed. More...
 
void fips203ipd_kem512_decaps (uint8_t key[static 32], const uint8_t ct[static FIPS203IPD_KEM512_CT_SIZE], const uint8_t dk[static FIPS203IPD_KEM512_DK_SIZE])
 Decapsulate shared key key from ciphertext ct using KEM512 decapsulation key dk with implicit rejection. More...
 

Detailed Description

KEM512 constants and functions.

Function Documentation

◆ fips203ipd_kem512_decaps()

void fips203ipd_kem512_decaps ( uint8_t  key[static 32],
const uint8_t  ct[static FIPS203IPD_KEM512_CT_SIZE],
const uint8_t  dk[static FIPS203IPD_KEM512_DK_SIZE] 
)

Decapsulate shared key key from ciphertext ct using KEM512 decapsulation key dk with implicit rejection.

Note
Implicit rejection means that when this function is given an invalid ciphertext, it will return a key which is unpredictable to the attacker rather than an error. This is intended to provide IND-CCA2 security, as discussed in section 3.2 of the FIPS 203 initial public draft.
Parameters
[out]keyShared key (32 bytes).
[out]ctCiphertext (768 bytes).
[in]dkKEM512 decapsulation key (1632 bytes).

Example:

// alice: decapsulate shared secret from ciphertext
uint8_t a_key[32] = { 0 }; // decapsulated key
fips203ipd_kem512_decaps(a_key, ct, dk);
void fips203ipd_kem512_decaps(uint8_t key[static 32], const uint8_t ct[static FIPS203IPD_KEM512_CT_SIZE], const uint8_t dk[static FIPS203IPD_KEM512_DK_SIZE])
Decapsulate shared key key from ciphertext ct using KEM512 decapsulation key dk with implicit rejecti...

◆ fips203ipd_kem512_encaps()

void fips203ipd_kem512_encaps ( uint8_t  key[static 32],
uint8_t  ct[static FIPS203IPD_KEM512_CT_SIZE],
const uint8_t  ek[static FIPS203IPD_KEM512_EK_SIZE],
const uint8_t  seed[static 32] 
)

Generate KEM512 shared key key and ciphertext ct from given encapsulation key ek and randomness seed.

Warning
seed must be 32 random bytes generated by a cryptographically secure pseudorandom number generator (CSPRNG). Specifically, section 3.3 of the FIPS 203 initial public draft requires an approved random bit generator (RBG) with at least 128 bits of strength.
Note
Encapsulation key polynomial coefficients are reduced modulo Q during deserialization, as per option #2 in this pqc-forum discussion.
Parameters
[out]keyShared key (32 bytes).
[out]ctCiphertext (768 bytes).
[in]ekKEM512 encapsulation key (800 bytes).
[in]seedRandom seed (32 bytes).

Example:

// bob: get 32 random bytes for encaps()
uint8_t encaps_seed[32] = { 0 };
rand_bytes(encaps_seed, sizeof(encaps_seed));
// bob: generate shared secret and ciphertext from encapsulation key and seed
uint8_t b_key[32] = { 0 }; // shared secret
uint8_t ct[FIPS203IPD_KEM512_CT_SIZE] = { 0 }; // ciphertext
fips203ipd_kem512_encaps(b_key, ct, ek, encaps_seed);
#define FIPS203IPD_KEM512_CT_SIZE
Size of KEM512 ciphertext, in bytes (32 * (DU * K + DV)).
Definition: fips203ipd.h:41
void fips203ipd_kem512_encaps(uint8_t key[static 32], uint8_t ct[static FIPS203IPD_KEM512_CT_SIZE], const uint8_t ek[static FIPS203IPD_KEM512_EK_SIZE], const uint8_t seed[static 32])
Generate KEM512 shared key key and ciphertext ct from given encapsulation key ek and randomness seed.

◆ fips203ipd_kem512_keygen()

void fips203ipd_kem512_keygen ( uint8_t  ek[static FIPS203IPD_KEM512_EK_SIZE],
uint8_t  dk[static FIPS203IPD_KEM512_DK_SIZE],
const uint8_t  seed[static 64] 
)

Generate KEM512 encapsulation key ek and decapsulation key dk from 64 byte random seed seed.

Warning
seed must be 64 random bytes generated by a cryptographically secure pseudorandom number generator (CSPRNG). Specifically, section 3.3 of the FIPS 203 initial public draft requires an approved random bit generator (RBG) with at least 128 bits of strength.
Parameters
[out]ekKEM512 encapsulation key (800 bytes).
[out]dkKEM512 decapsulation key (1632 bytes).
[in]seedRandom seed (64 bytes).

Example:

// alice: get 64 random bytes for keygen()
uint8_t keygen_seed[64] = { 0 };
rand_bytes(keygen_seed, sizeof(keygen_seed));
// alice: generate encapsulation/decapsulation key pair from seed
uint8_t ek[FIPS203IPD_KEM512_EK_SIZE] = { 0 }; // encapsulation key
uint8_t dk[FIPS203IPD_KEM512_DK_SIZE] = { 0 }; // decapsulation key
fips203ipd_kem512_keygen(ek, dk, keygen_seed);
#define FIPS203IPD_KEM512_DK_SIZE
Size of KEM512 decapsulation key, in bytes (768 * K + 96).
Definition: fips203ipd.h:35
#define FIPS203IPD_KEM512_EK_SIZE
Size of KEM512 encapsulation key, in bytes (384 * K + 32).
Definition: fips203ipd.h:29
void fips203ipd_kem512_keygen(uint8_t ek[static FIPS203IPD_KEM512_EK_SIZE], uint8_t dk[static FIPS203IPD_KEM512_DK_SIZE], const uint8_t seed[static 64])
Generate KEM512 encapsulation key ek and decapsulation key dk from 64 byte random seed seed.