Skip to main content

Crate mlkem

Crate mlkem 

Source
Expand description

§mlkem

post-quantum key encapsulation per fips 203 (ml-kem, formerly kyber), in pure rust. all three security levels.

§quick start

use mlkem::MlKem768;
use rand::thread_rng;

let mut rng = thread_rng();
let (pk, sk) = MlKem768::keygen(&mut rng);
let (ct, ss_alice) = MlKem768::encapsulate(&pk, &mut rng);
let ss_bob = MlKem768::decapsulate(&sk, &ct);
assert_eq!(ss_alice.as_bytes(), ss_bob.as_bytes());

§variants

  • MlKem512: nist security category 1 (~ aes-128). pk 800, sk 1632, ct 768.
  • MlKem768: nist security category 3 (~ aes-192). pk 1184, sk 2400, ct 1088.
  • MlKem1024: nist security category 5 (~ aes-256). pk 1568, sk 3168, ct 1568.

all three implement the Kem trait, so callers can be generic.

§features

  • std (default): enables std::error::Error impl on LengthError and uses the std versions of the crypto deps.
  • serde: implements Serialize + Deserialize on every key, ciphertext, and shared-secret newtype across all three parameter sets.

§correctness

  • all 180 official nist acvp test vectors pass byte-for-byte (75 keygen, 75 encapsulation, 30 decapsulation, distributed evenly across the three parameter sets).
  • 3000-seed cross-check against the audited ml-kem crate.
  • 24000 stable-rust stress iterations on every cargo test.
  • cargo-fuzz harness in fuzz/.

§security and stability

this crate is not audited. for production cryptography, use the audited ml-kem crate from rustcrypto. this implementation exists to be readable end-to-end, suitable for study, tooling, and tests.

Structs§

Ciphertext512
Ciphertext768
Ciphertext1024
LengthError
returned when a slice handed to a TryFrom impl on a key, ciphertext, or shared secret newtype has the wrong length.
MlKem512
MlKem768
MlKem1024
Params512
Params768
Params1024
PublicKey512
PublicKey768
PublicKey1024
SecretKey512
SecretKey768
SecretKey1024
SharedSecret512
SharedSecret768
SharedSecret1024

Constants§

MAX_K
upper bound on the rank used by any ml-kem parameter set.

Traits§

Kem
generic interface implemented by MlKem512, MlKem768 and MlKem1024. lets you write code that picks a parameter set at instantiation time.
Params

Type Aliases§

Ciphertext
PublicKey
SecretKey
SharedSecret