Enum MLKEMPublicKey

pub enum MLKEMPublicKey {
    MLKEM512(Box<PublicKey>),
    MLKEM768(Box<PublicKey>),
    MLKEM1024(Box<PublicKey>),
}

A public key for the ML-KEM post-quantum key encapsulation mechanism.

MLKEMPublicKey represents a public key that can be used to encapsulate shared secrets using the ML-KEM (Module Lattice-based Key Encapsulation Mechanism) post-quantum algorithm. It supports multiple security levels through the variants:

• MLKEM512: NIST security level 1 (roughly equivalent to AES-128), 800 bytes
• MLKEM768: NIST security level 3 (roughly equivalent to AES-192), 1184 bytes
• MLKEM1024: NIST security level 5 (roughly equivalent to AES-256), 1568 bytes

Examples

use bc_components::MLKEM;

// Generate a keypair
let (private_key, public_key) = MLKEM::MLKEM512.keypair();

// Encapsulate a shared secret using the public key
let (shared_secret, ciphertext) = public_key.encapsulate_new_shared_secret();

Variants

MLKEM512(Box<PublicKey>)

An ML-KEM-512 public key (NIST security level 1)

MLKEM768(Box<PublicKey>)

An ML-KEM-768 public key (NIST security level 3)

MLKEM1024(Box<PublicKey>)

An ML-KEM-1024 public key (NIST security level 5)

Implementations

impl MLKEMPublicKey

pub fn level(&self) -> MLKEM

Returns the security level of this ML-KEM public key.

pub fn size(&self) -> usize

Returns the size of this ML-KEM public key in bytes.

pub fn as_bytes(&self) -> &[u8]

Returns the raw bytes of this ML-KEM public key.

pub fn from_bytes(level: MLKEM, bytes: &[u8]) -> Result<Self>

Creates an ML-KEM public key from raw bytes and a security level.

Parameters

• level - The security level of the key.
• bytes - The raw bytes of the key.

Returns

An MLKEMPublicKey if the bytes represent a valid key for the given level, or an error otherwise.

Errors

Returns an error if the bytes do not represent a valid ML-KEM public key for the specified security level.

pub fn encapsulate_new_shared_secret(&self) -> (SymmetricKey, MLKEMCiphertext)

Encapsulates a new shared secret using this public key.

This method generates a random shared secret and encapsulates it using this public key, producing a ciphertext that can only be decapsulated by the corresponding private key.

Returns

A tuple containing:

• A SymmetricKey with the shared secret (32 bytes)
• An MLKEMCiphertext with the encapsulated shared secret

Examples

use bc_components::MLKEM;

// Generate a keypair
let (private_key, public_key) = MLKEM::MLKEM512.keypair();

// Encapsulate a shared secret
let (shared_secret, ciphertext) = public_key.encapsulate_new_shared_secret();

// The private key holder can decapsulate the same shared secret
let decapsulated_secret = private_key.decapsulate_shared_secret(&ciphertext).unwrap();
assert_eq!(shared_secret, decapsulated_secret);

Trait Implementations

impl CBORTagged for MLKEMPublicKey

Defines CBOR tags for ML-KEM public keys.

fn cbor_tags() -> Vec<Tag>

Returns the CBOR tag for ML-KEM public keys.

impl CBORTaggedDecodable for MLKEMPublicKey

Implements CBOR decoding for ML-KEM public keys.

fn from_untagged_cbor(untagged_cbor: CBOR) -> Result<Self>

Creates an MLKEMPublicKey from untagged CBOR.

Errors

Returns an error if the CBOR value doesn’t represent a valid ML-KEM public key.

fn from_tagged_cbor(cbor: CBOR) -> Result<Self, Error>

where Self: Sized,

Creates an instance of this type by decoding it from tagged CBOR.

fn from_tagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>

where Self: Sized,

Creates an instance of this type by decoding it from binary encoded tagged CBOR.

fn from_untagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>

where Self: Sized,

Creates an instance of this type by decoding it from binary encoded untagged CBOR.

impl CBORTaggedEncodable for MLKEMPublicKey

Implements CBOR encoding for ML-KEM public keys.

fn untagged_cbor(&self) -> CBOR

Creates the untagged CBOR representation as an array with level and key bytes.

fn tagged_cbor(&self) -> CBOR

Returns the tagged CBOR encoding of this instance.

fn tagged_cbor_data(&self) -> Vec<u8>

Returns the tagged value in CBOR binary representation.

impl Clone for MLKEMPublicKey

fn clone(&self) -> MLKEMPublicKey

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for MLKEMPublicKey

Provides debug formatting for ML-KEM public keys.

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the public key as a string for debugging purposes.

impl From<MLKEMPublicKey> for CBOR

Converts an MLKEMPublicKey to CBOR.

fn from(value: MLKEMPublicKey) -> Self

Converts to tagged CBOR.

impl Hash for MLKEMPublicKey

Implements hashing for ML-KEM public keys.

fn hash<H: Hasher>(&self, state: &mut H)

Hashes both the security level and the raw bytes of the public key.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for MLKEMPublicKey

Implements equality comparison for ML-KEM public keys.

fn eq(&self, other: &Self) -> bool

Compares two ML-KEM public keys for equality.

Two ML-KEM public keys are equal if they have the same security level and the same raw byte representation.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl TryFrom<CBOR> for MLKEMPublicKey

Attempts to convert CBOR to an MLKEMPublicKey.

fn try_from(cbor: CBOR) -> Result<Self>

Converts from tagged CBOR.

type Error = Error

The type returned in the event of a conversion error.

impl Eq for MLKEMPublicKey