pub trait Kem {
type PublicKey: Clone;
type SecretKey: Zeroize + Clone;
type SharedSecret: Zeroize + Clone;
type Ciphertext: Clone;
type KeyPair: Clone;
// Required methods
fn name() -> &'static str;
fn keypair<R: CryptoRng + RngCore>(rng: &mut R) -> Result<Self::KeyPair>;
fn public_key(keypair: &Self::KeyPair) -> Self::PublicKey;
fn secret_key(keypair: &Self::KeyPair) -> Self::SecretKey;
fn encapsulate<R: CryptoRng + RngCore>(
rng: &mut R,
public_key: &Self::PublicKey,
) -> Result<(Self::Ciphertext, Self::SharedSecret)>;
fn decapsulate(
secret_key: &Self::SecretKey,
ciphertext: &Self::Ciphertext,
) -> Result<Self::SharedSecret>;
}Expand description
Trait for Key Encapsulation Mechanism (KEM) with domain-specific types
§Security Design
Types are opaque - no direct byte access is provided to prevent:
- Key manipulation attacks (no
AsMut) - Accidental key leakage (no
AsRef) - Timing side channels through direct memory access
Required Associated Types§
Sourcetype PublicKey: Clone
type PublicKey: Clone
Public key type with appropriate constraints
§Security Note
No direct byte access. Keys are opaque types that can only be used through KEM operations or explicit serialization methods.
Sourcetype SecretKey: Zeroize + Clone
type SecretKey: Zeroize + Clone
Secret key type with security guarantees
§Security Note
- Must implement
Zeroizefor secure cleanup - No direct byte access prevents accidental exposure
- Can only be used through KEM operations
Shared secret type with security guarantees
§Security Note
- Must implement
Zeroizefor secure cleanup - No direct byte access prevents leakage
- Should be converted to application keys immediately
Sourcetype Ciphertext: Clone
type Ciphertext: Clone
Ciphertext type for the encapsulated key
§Security Note
No direct byte access prevents tampering. Modifications would invalidate the encapsulation.
Required Methods§
Sourcefn keypair<R: CryptoRng + RngCore>(rng: &mut R) -> Result<Self::KeyPair>
fn keypair<R: CryptoRng + RngCore>(rng: &mut R) -> Result<Self::KeyPair>
Generate a new keypair
§Security Requirements
- Must use the provided CSPRNG for all randomness
- Keys must be generated according to the algorithm specification
Sourcefn public_key(keypair: &Self::KeyPair) -> Self::PublicKey
fn public_key(keypair: &Self::KeyPair) -> Self::PublicKey
Extract public key from keypair
Sourcefn secret_key(keypair: &Self::KeyPair) -> Self::SecretKey
fn secret_key(keypair: &Self::KeyPair) -> Self::SecretKey
Extract secret key from keypair
§Security Note
The returned secret key should be protected and zeroized after use
Sourcefn encapsulate<R: CryptoRng + RngCore>(
rng: &mut R,
public_key: &Self::PublicKey,
) -> Result<(Self::Ciphertext, Self::SharedSecret)>
fn encapsulate<R: CryptoRng + RngCore>( rng: &mut R, public_key: &Self::PublicKey, ) -> Result<(Self::Ciphertext, Self::SharedSecret)>
Encapsulate a shared secret using the recipient’s public key
§Security Requirements
- Must validate the public key internally
- Must use fresh randomness from the provided RNG
- Must be resistant to side-channel attacks
Sourcefn decapsulate(
secret_key: &Self::SecretKey,
ciphertext: &Self::Ciphertext,
) -> Result<Self::SharedSecret>
fn decapsulate( secret_key: &Self::SecretKey, ciphertext: &Self::Ciphertext, ) -> Result<Self::SharedSecret>
Decapsulate a shared secret using the private key
§Security Requirements
- Must be constant-time
- Should use implicit rejection for IND-CCA2 security
- Must not leak information about the secret key
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.