Support ML-KEM (Kyber) key encapsulation mechanism (!62) · Merge requests · Nettle / nettle

Daiki Ueno requested to merge ueno/nettle:wip/dueno/kyber2 into master Feb 29, 2024

This adds support for ML-KEM (Kyber) key encapsulation mechanism being standardized in FIPS 203[1], based also the explanation in draft-schwabe-cfrg-kyber[2]. A couple of notes on the implementation:

While the algorithm itself does not require bignum arithmetic, it is implemented as part of libhogweed, as polynomials are represented as an mp_limb_t array on heap allocated using GMP allocation functions.
There is a slight difference between the NIST draft and the round 3 submission which [2] is based on. KYBER_ROUND3 macro is added to control the behavior.

https://csrc.nist.gov/pubs/fips/203/ipd
https://datatracker.ietf.org/doc/draft-cfrg-schwabe-kyber/

Edited Mar 04, 2024 by Daiki Ueno

Support ML-KEM (Kyber) key encapsulation mechanism

Merge request reports