const (
K = 4
Eta1 = 2
DU = 11
DV = 5
PublicKeySize = 32 + K*common.PolySize
PrivateKeySize = K * common.PolySize
PlaintextSize = common.PlaintextSize
SeedSize = 32
CiphertextSize = 1568
)
func NewKeyFromSeed(seed []byte) (*PublicKey, *PrivateKey)
Derives a new Kyber.CPAPKE keypair from the given seed.
func PolyDotHat(p *common.Poly, a, b *Vec)
Sets p to the inner product of a and b using "pointwise" multiplication.
See MulHat() and NTT() for a description of the multiplication. Assumes a and b are in Montgomery form. p will be in Montgomery form, and its coefficients will be bounded in absolute value by 2kq. If a and b are not in Montgomery form, then the action is the same as "pointwise" multiplication followed by multiplying by R⁻¹, the inverse of the Montgomery factor.
A k by k matrix of polynomials.
type Mat [K]Vec
func (m *Mat) Derive(seed *[32]byte, transpose bool)
Expands the given seed to the corresponding matrix A or its transpose Aᵀ.
func (m *Mat) Transpose()
Transposes A in place.
A Kyber.CPAPKE private key.
type PrivateKey struct {
// contains filtered or unexported fields
}
func (sk *PrivateKey) DecryptTo(pt, ct []byte)
Decrypts ciphertext ct meant for private key sk to plaintext pt.
func (sk *PrivateKey) Equal(other *PrivateKey) bool
Returns whether sk equals other.
func (sk *PrivateKey) Pack(buf []byte)
Packs the private key to buf.
func (sk *PrivateKey) Unpack(buf []byte)
Unpacks the private key from buf.
A Kyber.CPAPKE public key.
type PublicKey struct {
// contains filtered or unexported fields
}
func (pk *PublicKey) EncryptTo(ct, pt, seed []byte)
Encrypts message pt for the public key to ciphertext ct using randomness from seed.
seed has to be of length SeedSize, pt of PlaintextSize and ct of CiphertextSize.
func (pk *PublicKey) Pack(buf []byte)
Packs the public key to buf.
func (pk *PublicKey) Unpack(buf []byte)
Unpacks the public key from buf.
A vector of K polynomials
type Vec [K]common.Poly
func (v *Vec) Add(a, b *Vec)
Sets v to a + b.
func (v *Vec) BarrettReduce()
Almost normalizes coefficients in-place.
Ensures each coefficient is in {0, …, q}.
func (v *Vec) CompressTo(m []byte, d int)
Writes Compress_q(v, d) to m.
Assumes v is normalized and d is in {3, 4, 5, 10, 11}.
func (v *Vec) Decompress(m []byte, d int)
Set v to Decompress_q(m, 1).
Assumes d is in {3, 4, 5, 10, 11}. v will be normalized.
func (v *Vec) DeriveNoise(seed []byte, nonce uint8, eta int)
Samples v[i] from a centered binomial distribution with given η, seed and nonce+i.
Essentially CBD_η(PRF(seed, nonce+i)) from the specification.
func (v *Vec) InvNTT()
Applies in-place inverse NTT(). See Poly.InvNTT() for assumptions.
func (v *Vec) NTT()
Applies in-place forward NTT(). See Poly.NTT() for assumptions.
func (v *Vec) Normalize()
Normalizes coefficients in-place.
Ensures each coefficient is in {0, …, q-1}.
func (v *Vec) Pack(buf []byte)
Packs v into buf, which must be of length K*PolySize.
func (v *Vec) Unpack(buf []byte)
Unpacks v from buf which must be of length K*PolySize.