Expand description
A safe pure-rust implementation of the NTRU post-quantum scheme.
- NTRU is a lattice-based key encapsulation mechanism (KEM)
- The implementation is based on the NTRU reference implementation of NIST round 3
- The implementation does not utilize any concurrency techniques (SIMD/threading/…, except maybe auto-vectorization on your CPU)
- It passes the 100 testcases of the C reference implementation
- It implements the NTRU-HPS (Hoffstein-Pipher-Silverman) scheme in three variants
- It implements the NTRU-HRSS (Hülsing-Rijneveld-Schanck) scheme in one variant
- The implementation is constant-time on software instruction level
- The random number generator is based on AES128 in counter mode
§Who should use it?
Anyone, how wants to use the NTRU scheme to negotiate a key between two parties.
§How does one use it?
Add this to your Cargo.toml
:
[dependencies]
ntrust-native = "1.0"
To use a specific NTRU variant, you need to import it with the corresponding feature flag:
[dependencies]
ntrust-native = { version = "1.0", features = ["ntruhrss701"] }
The simple
example illustrates the API:
use ntrust_native::{AesState, crypto_kem_keypair, crypto_kem_enc, crypto_kem_dec};
use ntrust_native::{CRYPTO_PUBLICKEYBYTES, CRYPTO_SECRETKEYBYTES, CRYPTO_CIPHERTEXTBYTES, CRYPTO_BYTES};
fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut rng = AesState::new();
let mut pk = [0u8; CRYPTO_PUBLICKEYBYTES];
let mut sk = [0u8; CRYPTO_SECRETKEYBYTES];
crypto_kem_keypair(&mut pk, &mut sk, &mut rng)?;
let mut ct = [0u8; CRYPTO_CIPHERTEXTBYTES];
let mut ss_bob = [0u8; CRYPTO_BYTES];
crypto_kem_enc(&mut ct, &mut ss_bob, &pk, &mut rng)?;
let mut ss_alice = [0u8; CRYPTO_BYTES];
crypto_kem_dec(&mut ss_alice, &ct, &sk)?;
assert_eq!(ss_alice, ss_bob);
Ok(())
}
§How does one run it?
This library comes with two examples:
$ cargo run --example simple
The output annotates messages with Alice/Bob to illustrate which data is processed by which party.
The katkem
example implements the classic request/response file structure which is part of the NIST PQC framework.
$ cargo run --example katkem PQCkemKAT_935.req PQCkemKAT_935.rsp
$ cargo run --example katkem PQCkemKAT_935.rsp
The different variants (ntruhps2048509, ntruhps2048677, ntruhps4096821, ntruhrss701
) can be enabled through feature flags:
$ cargo run --example katkem --features ntruhrss701 -- PQCkemKAT_1450.req PQCkemKAT_1450.rsp
ntruhps2048509
is the default variant. You cannot enable two variants simultaneously.
Structs§
- AesState
- AesState is a struct storing data of a pseudo-random number generator.
Using
randombytes_init
, it can be initialized once. Usingrandombytes
, one can successively fetch new pseudo-random numbers.
Constants§
- CRYPTO_
ALGNAME - Name of the variant
- CRYPTO_
BYTES - The number of bytes required to store the negotiated/shared key
- CRYPTO_
CIPHERTEXTBYTES - The number of bytes required to store the ciphertext resulting from the encryption
- CRYPTO_
PUBLICKEYBYTES - The number of bytes required to store the public key
- CRYPTO_
SECRETKEYBYTES - The number of bytes required to store the secret key
Traits§
- RNGState
- Trait requiring primitives to generate pseudo-random numbers.
AesState
is an object implementing this trait.
Functions§
- crypto_
kem_ dec - Given a secret key and a ciphertext,
determine the shared text and return it is argument
k
. - crypto_
kem_ enc - Given an RNG instance and a public key, sample a shared key.
This shared key is returned through parameter
k
whereas ciphertext is returned asc
. - crypto_
kem_ keypair - Given an RNG instance, compute some public and secret key. The public key is meant to be shared with any party, but access to the secret key must be limited to the generating party.