rlwe_pke/

rlwe_pke.rs

// MIT License
//
// Copyright (c) 2026 Raja Lehtihet & Wael El Oraiby
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all
// copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
// SOFTWARE.

//! Demonstrates the example RLWE-style PKE API end to end.
//!
//! Run with:
//! `cargo run --example rlwe_pke`
//!
//! Flow:
//! 1. Build `R_q = Z_q[x] / (x^32 + 1)`.
//! 2. Generate keypair (`a`, `b`, `s`) with small-noise secret.
//! 3. Encrypt a short message.
//! 4. Decrypt and assert round-trip equality.

mod common;

use common::pke::{decrypt_example, encrypt_example, keygen_example};
use core::convert::Infallible;
use nc_polynomial::RingContext;
use rand_core::{TryCryptoRng, TryRng};

#[derive(Debug, Clone)]
struct ExampleRng {
    state: u64,
}

impl ExampleRng {
    /// Creates a deterministic RNG state for reproducible example output.
    fn new(seed: u64) -> Self {
        Self { state: seed }
    }

    /// xorshift64* transition.
    ///
    /// This is a deterministic example RNG, not a production CSPRNG.
    fn step(&mut self) -> u64 {
        let mut x = self.state;
        x ^= x >> 12;
        x ^= x << 25;
        x ^= x >> 27;
        self.state = x;
        x.wrapping_mul(0x2545_F491_4F6C_DD1D)
    }
}

impl TryRng for ExampleRng {
    type Error = Infallible;

    fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
        Ok(self.step() as u32)
    }

    fn try_next_u64(&mut self) -> Result<u64, Self::Error> {
        Ok(self.step())
    }

    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Self::Error> {
        let mut offset = 0;
        while offset < dest.len() {
            let word = self.step().to_le_bytes();
            let chunk = (dest.len() - offset).min(8);
            dest[offset..offset + chunk].copy_from_slice(&word[..chunk]);
            offset += chunk;
        }
        Ok(())
    }
}

impl TryCryptoRng for ExampleRng {}

fn main() {
    // Ring modulus polynomial `x^32 + 1`.
    let mut modulus_poly = vec![0_u64; 32 + 1];
    modulus_poly[0] = 1;
    modulus_poly[32] = 1;
    // Standard NTT-friendly prime modulus used elsewhere in the crate examples.
    let ctx =
        RingContext::from_parts(32, 998_244_353, &modulus_poly, 3).expect("context should build");

    // Key generation randomness.
    let mut key_rng = ExampleRng::new(0xDEAD_BEEF_1234_0001);
    // Generates:
    // - public key (a, b = a*s + e)
    // - secret key (s)
    let (public_key, secret_key) =
        keygen_example(&ctx, 2, &mut key_rng).expect("keygen should work");

    // Message payload.
    let message = b"ok";
    // Encryption randomness must be independent from keygen randomness.
    let mut enc_rng = ExampleRng::new(0xFACE_CAFE_2222_0002);
    // Produces ciphertext (u, v).
    let ciphertext =
        encrypt_example(&ctx, &public_key, message, 2, &mut enc_rng).expect("encrypt should work");

    // Decrypt and verify.
    let decrypted = decrypt_example(&ctx, &secret_key, &ciphertext, message.len())
        .expect("decrypt should work");
    assert_eq!(decrypted, message);

    // Human-readable output for quick manual check.
    println!("message={:?}", String::from_utf8_lossy(message));
    println!("decrypted={:?}", String::from_utf8_lossy(&decrypted));
}