Expand description
§lib-q-double-kem (PROVISIONAL)
lib-q-double-kem provides a provisional MAUL v1 profile for combining two ML-KEM-768
encapsulation lanes into a single upgraded shared secret.
§Status
- Provisional research profile for Hint-MLWE style wire-constrained transport.
- The API and wire layout can evolve before standardization.
§Proof size table
Measured from tests/vectors/manifest.json (KAT seed, MAUL v1 encap path):
| Scenario | Bytes | Budget | Pass |
|---|---|---|---|
| Baseline (2× ML-KEM-768) | 2176 | — | — |
MAUL v1 wire (double_kem encap) | 1260 | 1260 | yes |
| Size savings vs baseline | 42.1% | ≥40% | yes |
Fixed wire split: hint 172 B + body 1088 B = 1260 B.
§KAT export
Schema: double-kem-kat-v1
cargo test -p lib-q-double-kem kat_regenerate_vectors -- --ignoredOutput: tests/vectors/double-kem-v1.json
§Core API
MaulProfileV1double_encapdouble_decapck_fo_upgrade
§Shared secret derivation
The final shared secret is derived as:
ss = KDF(ss_a || ss_b)
with a domain-separated SHA3-256 based KDF.
§Security notes
- This profile is intended for controlled environments and deterministic testability.
- Production integrations must review threat model fit, replay constraints, and profile governance.
Re-exports§
pub use double_kem::ck_fo_upgrade;pub use double_kem::double_decap;pub use double_kem::double_encap;pub use error::DoubleKemError;pub use profile::BASELINE_DOUBLE_ML_KEM_768_CIPHERTEXT_BYTES;pub use profile::DOUBLE_KEM_KAT_SCHEMA;pub use profile::MAUL_HINT_BYTES;pub use profile::MAUL_WIRE_BODY_BYTES;pub use profile::MaulProfileV1;pub use profile::WIRE_BUDGET_MAUL_ENCAP_BYTES;pub use wire::MaulEncapWire;
Modules§
- double_
kem - Core MAUL-v1 double encapsulation operations.
- error
- Error types for the provisional double-KEM profile.
- profile
- Wire/profile constants for MAUL v1 double-KEM.
- wire
- Wire codec for MAUL-v1 double encapsulation payload.