MLKEMPrivateKey

Enum MLKEMPrivateKey

pub enum MLKEMPrivateKey {
    MLKEM512(Box<SecretKey>),
    MLKEM768(Box<SecretKey>),
    MLKEM1024(Box<SecretKey>),
}

Expand description

A private key for the ML-KEM post-quantum key encapsulation mechanism.

MLKEMPrivateKey represents a private key that can be used to decapsulate shared secrets using the ML-KEM (Module Lattice-based Key Encapsulation Mechanism) post-quantum algorithm. It supports multiple security levels through the variants:

MLKEM512: NIST security level 1 (roughly equivalent to AES-128), 1632 bytes
MLKEM768: NIST security level 3 (roughly equivalent to AES-192), 2400 bytes
MLKEM1024: NIST security level 5 (roughly equivalent to AES-256), 3168 bytes

§Security

ML-KEM private keys should be kept secure and never exposed. They provide resistance against attacks from both classical and quantum computers.

§Examples

use bc_components::MLKEM;

// Generate a keypair
let (private_key, public_key) = MLKEM::MLKEM512.keypair();

// Party A encapsulates a shared secret using the public key
let (shared_secret_a, ciphertext) = public_key.encapsulate_new_shared_secret();

// Party B decapsulates the shared secret using the private key and ciphertext
let shared_secret_b = private_key.decapsulate_shared_secret(&ciphertext).unwrap();

// Both parties now have the same shared secret
assert_eq!(shared_secret_a, shared_secret_b);

Variants§

MLKEM512(Box<SecretKey>)

An ML-KEM-512 private key (NIST security level 1)

MLKEM768(Box<SecretKey>)

An ML-KEM-768 private key (NIST security level 3)

MLKEM1024(Box<SecretKey>)

An ML-KEM-1024 private key (NIST security level 5)

Implementations§

impl MLKEMPrivateKey

pub fn level(&self) -> MLKEM

Returns the security level of this ML-KEM private key.

pub fn size(&self) -> usize

Returns the size of this ML-KEM private key in bytes.

pub fn as_bytes(&self) -> &[u8] ⓘ

Returns the raw bytes of this ML-KEM private key.

pub fn from_bytes(level: MLKEM, bytes: &[u8]) -> Result<Self>

Creates an ML-KEM private key from raw bytes and a security level.

§Parameters

level - The security level of the key.
bytes - The raw bytes of the key.

§Returns

An MLKEMPrivateKey if the bytes represent a valid key for the given level, or an error otherwise.

§Errors

Returns an error if the bytes do not represent a valid ML-KEM private key for the specified security level.

pub fn decapsulate_shared_secret( &self, ciphertext: &MLKEMCiphertext, ) -> Result<SymmetricKey>

Decapsulates a shared secret from a ciphertext using this private key.

§Parameters

ciphertext - The ciphertext containing the encapsulated shared secret.

§Returns

A SymmetricKey containing the decapsulated shared secret, or an error if decapsulation fails.

§Errors

Returns an error if the security level of the ciphertext doesn’t match the security level of this private key, or if decapsulation fails for any other reason.

§Panics

Panics if the security level of the ciphertext doesn’t match the security level of this private key.

Trait Implementations§

impl AsRef<[u8]> for MLKEMPrivateKey

fn as_ref(&self) -> &[u8] ⓘ

Returns the raw bytes of the private key.

impl CBORTagged for MLKEMPrivateKey

Defines CBOR tags for ML-KEM private keys.

fn cbor_tags() -> Vec<Tag>

Returns the CBOR tag for ML-KEM private keys.

impl CBORTaggedDecodable for MLKEMPrivateKey

Implements CBOR decoding for ML-KEM private keys.

fn from_untagged_cbor(untagged_cbor: CBOR) -> Result<Self>

Creates an MLKEMPrivateKey from untagged CBOR.

§Errors

Returns an error if the CBOR value doesn’t represent a valid ML-KEM private key.

fn from_tagged_cbor(cbor: CBOR) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from tagged CBOR. Read more

fn from_tagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from binary encoded tagged CBOR. Read more

fn from_untagged_cbor_data(data: impl AsRef<[u8]>) -> Result<Self, Error>
where Self: Sized,

Creates an instance of this type by decoding it from binary encoded untagged CBOR. Read more

impl CBORTaggedEncodable for MLKEMPrivateKey

Implements CBOR encoding for ML-KEM private keys.

fn untagged_cbor(&self) -> CBOR

Creates the untagged CBOR representation as an array with level and key bytes.

fn tagged_cbor(&self) -> CBOR

Returns the tagged CBOR encoding of this instance. Read more

fn tagged_cbor_data(&self) -> Vec<u8> ⓘ

Returns the tagged value in CBOR binary representation. Read more

impl Clone for MLKEMPrivateKey

fn clone(&self) -> MLKEMPrivateKey

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for MLKEMPrivateKey

Provides debug formatting for ML-KEM private keys.

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the private key as a string for debugging purposes.

impl Decrypter for MLKEMPrivateKey

Implements the Decrypter trait for ML-KEM private keys.

fn encapsulation_private_key(&self) -> EncapsulationPrivateKey

Returns this key as an EncapsulationPrivateKey.

fn decapsulate_shared_secret( &self, ciphertext: &EncapsulationCiphertext, ) -> Result<SymmetricKey>

Decapsulates a shared secret from a ciphertext. Read more

impl From<MLKEMPrivateKey> for CBOR

Converts an MLKEMPrivateKey to CBOR.

fn from(value: MLKEMPrivateKey) -> Self

Converts to tagged CBOR.

impl Hash for MLKEMPrivateKey

Implements hashing for ML-KEM private keys.

fn hash<H: Hasher>(&self, state: &mut H)

Hashes the raw bytes of the private key.

1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more

impl PartialEq for MLKEMPrivateKey

fn eq(&self, other: &MLKEMPrivateKey) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl TryFrom<CBOR> for MLKEMPrivateKey

Attempts to convert CBOR to an MLKEMPrivateKey.

fn try_from(cbor: CBOR) -> Result<Self>

Converts from tagged CBOR.

type Error = Error

The type returned in the event of a conversion error.

impl Eq for MLKEMPrivateKey

impl StructuralPartialEq for MLKEMPrivateKey

Auto Trait Implementations§

impl Freeze for MLKEMPrivateKey

impl RefUnwindSafe for MLKEMPrivateKey

impl Send for MLKEMPrivateKey

impl Sync for MLKEMPrivateKey

impl Unpin for MLKEMPrivateKey

impl UnwindSafe for MLKEMPrivateKey

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CBORDecodable for T
where T: TryFrom<CBOR, Error = Error>,

fn try_from_cbor(cbor: &CBOR) -> Result<Self, Error>

impl<T> CBOREncodable for T
where T: Into<CBOR> + Clone,

fn to_cbor(&self) -> CBOR

Converts this value to a CBOR object. Read more

fn to_cbor_data(&self) -> Vec<u8> ⓘ

Converts this value directly to binary CBOR data. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToHex for T
where T: AsRef<[u8]>,

fn encode_hex<U>(&self) -> U
where U: FromIterator<char>,

Encode the hex strict representing self into the result. Lower case letters are used (e.g. f9b4ca)

fn encode_hex_upper<U>(&self) -> U
where U: FromIterator<char>,

Encode the hex strict representing self into the result. Upper case letters are used (e.g. F9B4CA)

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> URDecodable for T
where T: CBORTaggedDecodable,

fn from_ur(ur: impl AsRef<UR>) -> Result<Self, Error>
where Self: Sized,

fn from_ur_string(ur_string: impl Into<String>) -> Result<Self, Error>
where Self: Sized,

impl<T> UREncodable for T
where T: CBORTaggedEncodable,

fn ur(&self) -> UR

Returns the UR representation of the object.

fn ur_string(&self) -> String

Returns the UR string representation of the object.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> CBORCodable for T
where T: CBORDecodable + CBOREncodable,

impl<T> CBORTaggedCodable for T
where T: CBORTaggedEncodable + CBORTaggedDecodable,

impl<T> ErasedDestructor for T
where T: 'static,

impl<T> URCodable for T
where T: UREncodable + URDecodable,