Kyber#

Supported parameters#

Kyber has six parameter sets: these are supported and defined by Paramset.

enum crypto_condor.primitives.Kyber.Paramset(value)#

Available parameter sets.

Member Type:

str

Valid values are as follows:

KYBER512 = <Paramset.KYBER512: 'Kyber512'>#
KYBER512_90s = <Paramset.KYBER512_90s: 'Kyber512-90s'>#
KYBER768 = <Paramset.KYBER768: 'Kyber768'>#
KYBER768_90s = <Paramset.KYBER768_90s: 'Kyber768-90s'>#
KYBER1024 = <Paramset.KYBER1024: 'Kyber1024'>#
KYBER1024_90s = <Paramset.KYBER1024_90s: 'Kyber1024-90s'>#

Test an encapsulation function#

crypto_condor.primitives.Kyber.test_encapsulate(encapsulate, paramset)#

Tests encapsulation using NIST test vectors.

The generation of the shared secret is random, so we cannot simply compare the ciphertext returned by encapsulate with the test vector’s ciphertext. Instead, we call encapsulate, then decapsulate the ciphertext with the internal decapsulation function, and compare the resulting shared secret with the one returned by encapsulate. If they match, we consider it a pass.

Attention

crypto-condor uses the reference C implementation of Kyber: it comes bundled with the package, but has to be compiled and installed locally. This is done automatically when the internal implementation is needed, but if the compilation fails this test cannot be run. You can report a problem by opening an issue.

Parameters:

  • encapsulate (Encapsulate) – The function to test.

  • paramset (Paramset) – The parameter set to test the implementation on.

Returns:

The results of testing the implementation, or None if the internal decapsulation function can’t run.

Return type:

Results | None

Test a decapsulation function#

crypto_condor.primitives.Kyber.test_decapsulate(decapsulate, paramset)#

Tests decapsulation with NIST test vectors.

Decapsulates a ciphertext with the given function and compares with the expected shared secret. The test passes if the secrets match.

Parameters:

  • decapsulate (Decapsulate) – The function to test.

  • paramset (Paramset) – The parameter set to test the implementation on.

Returns:

The results of testing the implementation.

Return type:

Results

Run a wrapper#

Note

Available wrappers are defined by Wrapper.

crypto_condor.primitives.Kyber.run_wrapper(language, parameter_set, run_encapsulate, run_decapsulate)#

Runs the corresponding wrapper.

Parameters:

  • language (Wrapper) – The language of the wrapper to run.

  • parameter_set (Paramset) – The parameter set to use.

  • run_encapsulate (bool) – Whether to run the encapsulation function.

  • run_decapsulate (bool) – Whether to run the decapsulation function.

Returns:

A dictionary of results, one result for encapsulation, one for decapsulation. The keys are encap and decap.

Return type:

ResultsDict

enum crypto_condor.primitives.Kyber.Wrapper(value)#

Available wrappers.

Member Type:

str

Valid values are as follows:

PYTHON = <Wrapper.PYTHON: 'Python'>#

Protocols#

protocol crypto_condor.primitives.Kyber.Encapsulate#

Represents a function that encapsulates secrets with Kyber.

Classes that implement this protocol must have the following methods / attributes:

__call__(public_key)#

Generates and encapsulates a shared secret.

Parameters:

public_key (bytes) – The public key to encapsulate the secret with.

Returns:

A tuple (ct, ss) containing the shared secret (ss) and ciphertext (ct).

Return type:

tuple[bytes, bytes]

protocol crypto_condor.primitives.Kyber.Decapsulate#

Represents a function that decapsulates secrets with Kyber.

Classes that implement this protocol must have the following methods / attributes:

__call__(secret_key, ciphertext)#

Decapsulates a shared secret.

Parameters:

  • secret_key (bytes) – The secret key to use.

  • ciphertext (bytes) – The encapsulated shared secret.

Returns:

The decapsulated shared secret.

Return type:

bytes