PostQuantumKeypair

exo_federation::crypto

Struct PostQuantumKeypair 

Source 
pub struct PostQuantumKeypair {
    pub public: Vec<u8>,
    /* private fields */
}
Expand description

Post-quantum cryptographic keypair

Uses CRYSTALS-Kyber-1024 for IND-CCA2 secure key encapsulation.

§Security Properties

  • Public key: 1568 bytes (safe to distribute)
  • Secret key: 3168 bytes (MUST be protected, auto-zeroized on drop)
  • Post-quantum security: 256 bits (NIST Level 5)

§Example

let keypair = PostQuantumKeypair::generate();
let public_bytes = keypair.public_key();
// Send public_bytes to peer

Fields§

§public: Vec<u8>

Public key (safe to share)

Implementations§

Source§

impl PostQuantumKeypair

Source

pub fn generate() -> Self

Generate a new post-quantum keypair using CRYSTALS-Kyber-1024

§Security

Uses OS CSPRNG (via rand::thread_rng()). Ensure OS has sufficient entropy.

§Panics

Never panics. Kyber key generation is deterministic after RNG sampling.

Source

pub fn public_key(&self) -> &[u8]

Get the public key bytes

Safe to transmit over insecure channels.

Source

pub fn encapsulate(public_key: &[u8]) -> Result<(SharedSecret, Vec<u8>)>

Encapsulate: generate shared secret and ciphertext for recipient’s public key

§Arguments
  • public_key - Recipient’s Kyber-1024 public key (1568 bytes)
§Returns
  • SharedSecret - 32-byte shared secret (use for key derivation)
  • Vec<u8> - 1568-byte ciphertext (send to recipient)
§Errors

Returns CryptoError if public key is invalid (wrong size or corrupted).

§Security

The shared secret is cryptographically strong (256-bit entropy). The ciphertext is IND-CCA2 secure against quantum adversaries.

Source

pub fn decapsulate(&self, ciphertext: &[u8]) -> Result<SharedSecret>

Decapsulate: extract shared secret from ciphertext

§Arguments
  • ciphertext - 1568-byte Kyber-1024 ciphertext
§Returns
  • SharedSecret - 32-byte shared secret (same as encapsulator’s)
§Errors

Returns CryptoError if:

  • Ciphertext is wrong size
  • Ciphertext is invalid or corrupted
  • Decapsulation fails (should never happen with valid inputs)
§Security

Timing-safe: execution time independent of secret key or ciphertext validity.

Trait Implementations§

Source§

impl Clone for PostQuantumKeypair

Source§

fn clone(&self) -> PostQuantumKeypair

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PostQuantumKeypair

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V