Crate kem

source · []
Expand description

RustCrypto: Key Encapsulation Mechanisms (KEMs)

crate Docs Apache2/MIT licensed Rust Version Project Chat Build Status

This crate provides a common set of traits for key encapsulation mechanisms—algorithms for non-interactively establishing secrets between peers. This is intended to be implemented by libraries which produce or contain implementations of key encapsulation mechanisms, and used by libraries which want to produce or consume encapsulated secrets while generically supporting any compatible backend.

The crate exposes four traits, Encapsulator, Decapsulator, AuthEncapsulator, and AuthDecapsulator. These traits represent the ability to initiate a key exchange and complete a key exchange, in the case where the sender is authenticated to the receiver and in the case where the sender is not.


Minimum Supported Rust Version

Rust 1.56 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

  • All on-by-default features of this library are covered by SemVer
  • MSRV is considered exempt from SemVer as noted above
  • The off-by-default features derive-preview and digest-preview are unstable “preview” features which are also considered exempt from SemVer. Breaking changes to these features will, like MSRV, be done with a minor version bump.


Licensed under either of

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


pub use generic_array;


Represents KEM errors. This is intentionally opaque to avoid leaking information about private keys through side channels.

The shared secret that results from key exchange.


Represents the functionality of a authenticated-key decapsulator, where Self is a cryptographic key.

Represents the functionality of a key decapsulator, where Self is a cryptographic key.

Trait impl’d by concrete types that represent an encapsulated key. This is intended to be, in essence, a bag of bytes.

Represents the functionality of a key encapsulator. For unauthenticated encapsulation, Self can be an empty struct. For authenticated encapsulation, Self is a private key.