Crate ntrust_native

Source
Expand description

A safe pure-rust implementation of the NTRU post-quantum scheme.

  • NTRU is a lattice-based key encapsulation mechanism (KEM)
  • The implementation is based on the NTRU reference implementation of NIST round 3
  • The implementation does not utilize any concurrency techniques (SIMD/threading/…, except maybe auto-vectorization on your CPU)
  • It passes the 100 testcases of the C reference implementation
  • It implements the NTRU-HPS (Hoffstein-Pipher-Silverman) scheme in three variants
  • It implements the NTRU-HRSS (Hülsing-Rijneveld-Schanck) scheme in one variant
  • The implementation is constant-time on software instruction level
  • The random number generator is based on AES128 in counter mode

§Who should use it?

Anyone, how wants to use the NTRU scheme to negotiate a key between two parties.

§How does one use it?

Add this to your Cargo.toml:

[dependencies]
ntrust-native = "1.0"

To use a specific NTRU variant, you need to import it with the corresponding feature flag:

[dependencies]
ntrust-native = { version = "1.0", features = ["ntruhrss701"] }

The simple example illustrates the API:

use ntrust_native::{AesState, crypto_kem_keypair, crypto_kem_enc, crypto_kem_dec};
use ntrust_native::{CRYPTO_PUBLICKEYBYTES, CRYPTO_SECRETKEYBYTES, CRYPTO_CIPHERTEXTBYTES, CRYPTO_BYTES};

fn main() -> Result<(), Box<dyn std::error::Error>> {
  let mut rng = AesState::new();
  let mut pk = [0u8; CRYPTO_PUBLICKEYBYTES];
  let mut sk = [0u8; CRYPTO_SECRETKEYBYTES];
  crypto_kem_keypair(&mut pk, &mut sk, &mut rng)?;

  let mut ct = [0u8; CRYPTO_CIPHERTEXTBYTES];
  let mut ss_bob = [0u8; CRYPTO_BYTES];
  crypto_kem_enc(&mut ct, &mut ss_bob, &pk, &mut rng)?;

  let mut ss_alice = [0u8; CRYPTO_BYTES];
  crypto_kem_dec(&mut ss_alice, &ct, &sk)?;

  assert_eq!(ss_alice, ss_bob);
  Ok(())
}

§How does one run it?

This library comes with two examples:

$ cargo run --example simple

The output annotates messages with Alice/Bob to illustrate which data is processed by which party. The katkem example implements the classic request/response file structure which is part of the NIST PQC framework.

$ cargo run --example katkem PQCkemKAT_935.req PQCkemKAT_935.rsp
$ cargo run --example katkem PQCkemKAT_935.rsp

The different variants (ntruhps2048509, ntruhps2048677, ntruhps4096821, ntruhrss701) can be enabled through feature flags:

$ cargo run --example katkem --features ntruhrss701 -- PQCkemKAT_1450.req PQCkemKAT_1450.rsp

ntruhps2048509 is the default variant. You cannot enable two variants simultaneously.

Structs§

AesState
AesState is a struct storing data of a pseudo-random number generator. Using randombytes_init, it can be initialized once. Using randombytes, one can successively fetch new pseudo-random numbers.

Constants§

CRYPTO_ALGNAME
Name of the variant
CRYPTO_BYTES
The number of bytes required to store the negotiated/shared key
CRYPTO_CIPHERTEXTBYTES
The number of bytes required to store the ciphertext resulting from the encryption
CRYPTO_PUBLICKEYBYTES
The number of bytes required to store the public key
CRYPTO_SECRETKEYBYTES
The number of bytes required to store the secret key

Traits§

RNGState
Trait requiring primitives to generate pseudo-random numbers. AesState is an object implementing this trait.

Functions§

crypto_kem_dec
Given a secret key and a ciphertext, determine the shared text and return it is argument k.
crypto_kem_enc
Given an RNG instance and a public key, sample a shared key. This shared key is returned through parameter k whereas ciphertext is returned as c.
crypto_kem_keypair
Given an RNG instance, compute some public and secret key. The public key is meant to be shared with any party, but access to the secret key must be limited to the generating party.