Struct HybridPublicKeyEncryption 

pub struct HybridPublicKeyEncryption { /* private fields */ }

ML-KEM/AES Hybrid Public Key Encryption system

Provides the missing public key encryption capability using ML-KEM for key encapsulation and AES-256-GCM for symmetric encryption.

Implementations

impl HybridPublicKeyEncryption

pub fn new() -> Self

Create a new hybrid PKE instance

pub fn encrypt( &self, recipient_public_key: &MlKemPublicKey, plaintext: &[u8], associated_data: &[u8], ) -> PqcResult<EncryptedMessage>

Encrypt data using ML-KEM/AES hybrid scheme

Arguments

• recipient_public_key - ML-KEM public key of the recipient
• plaintext - Data to encrypt
• associated_data - Additional authenticated data (AAD)

Returns

Encrypted message containing ML-KEM ciphertext and AES-GCM ciphertext

Security

• Uses ML-KEM-768 for quantum-resistant key encapsulation
• Derives AES key using HKDF-SHA256 with proper salt and info
• AES-256-GCM provides confidentiality and authenticity
• Associated data is authenticated but not encrypted

pub fn decrypt( &self, private_key: &MlKemSecretKey, encrypted_message: &EncryptedMessage, associated_data: &[u8], ) -> PqcResult<Vec<u8>>

Decrypt data using ML-KEM/AES hybrid scheme

Arguments

• private_key - ML-KEM secret key for decapsulation
• encrypted_message - Encrypted message to decrypt
• associated_data - Associated authenticated data (must match encryption)

Returns

Decrypted plaintext data

Security

• Verifies associated data integrity before decryption
• Uses constant-time operations where possible
• Properly handles authentication failures

pub fn clear_key_cache(&mut self)

Clear sensitive key cache (should be called periodically)

pub const fn algorithm_name() -> &'static str

Get the algorithm identifier

pub const fn security_level() -> &'static str

Get the security level description

Trait Implementations

impl Default for HybridPublicKeyEncryption

fn default() -> Self

Returns the “default value” for a type.