KEMPair

pq_msg::exchange::pair

Struct KEMPair 

Source 
pub struct KEMPair { /* private fields */ }
Expand description

A Key Encapsulation Mechanism (KEM) pair using ML-KEM (formerly Kyber)

This struct represents a post-quantum cryptography key pair used for key encapsulation and decapsulation operations. It utilizes ML-KEM1024, which provides 256-bit equivalent security strength.

Implementations§

Source§

impl KEMPair

Source

pub fn create() -> Self

Creates a new random KEM pair

§Returns

A new KEMPair with generated public and secret keys

Examples found in repository?
examples/full_exchange.rs (line 7)
6fn main() {
7    let alice_kem = KEMPair::create();
8    let alice_signer = SignerPair::create();
9
10    let bob_kem = KEMPair::create();
11    let bob_signer = SignerPair::create();
12
13    // Create a base nonce with a new session id, and a counter of
14    let base_nonce = create_nonce(&gen_session_id(), 0);
15
16    // Lets create the message session for Alice first
17    let (mut alice_session, ciphertext) = MessageSession::new_initiator(
18        alice_kem,
19        alice_signer.clone(),
20        base_nonce,
21        &bob_kem.to_bytes().unwrap().0,    // Bob's public KEM key
22        &bob_signer.to_bytes().unwrap().0, // Bob's public signer key
23    )
24    .unwrap();
25
26    // Now for Bob it would look like this
27    let mut bob_session = MessageSession::new_responder(
28        bob_kem,
29        bob_signer.clone(),
30        base_nonce,
31        &ciphertext,
32        &alice_signer.to_bytes().unwrap().0, // Alice's public signer key
33    )
34    .unwrap();
35
36    // Now both sessions contain a shared secret they use to encrypt and decrypt messages
37    // and a nonce that is incremented with each message sent or received.
38
39    // Alice creates a mesasge and prepares to send it to Bob
40    let message = b"Hello, Bob! This is a secret message.";
41    let encrypted_message = alice_session.craft_message(message).unwrap();
42
43    // Bob decrypts and verifies Alice's message
44    let raw_message = bob_session.validate_message(&encrypted_message).unwrap();
45
46    // Both message and raw_message are equal, let's print them out to illustrate
47    let message_str = String::from_utf8_lossy(message);
48    let raw_message_str = String::from_utf8_lossy(&raw_message);
49
50    println!("[1] Alice's message: {}", message_str);
51    println!("[2] Bob's decrypted message: {}", raw_message_str);
52
53    // Bob crafts a reply message to Alice
54    let reply = b"Hello, Alice! I received your message safely.";
55    let encrypted_reply = bob_session.craft_message(reply).unwrap();
56
57    // Alice decrypts and verifies Bob's reply
58    let raw_reply = alice_session.validate_message(&encrypted_reply).unwrap();
59
60    // Both reply and raw_reply are equal, let's print them again
61    let reply_str = String::from_utf8_lossy(reply);
62    let raw_reply_str = String::from_utf8_lossy(&raw_reply);
63
64    println!("[3] Bob's reply: {}", reply_str);
65    println!("[4] Alice's decrypted reply: {}", raw_reply_str);
66}
Source

pub fn from_bytes(pub_key: &[u8], sec_key: &[u8]) -> Result<Self, CryptoError>

Creates a KEM pair from separate public and secret key bytes

§Arguments
  • pub_key - The public key bytes
  • sec_key - The secret key bytes
§Returns
  • Result<KEMPair, CryptoError>: The constructed KEMPair or an error
Source

pub fn to_bytes(&self) -> Result<([u8; 1568], [u8; 3168]), CryptoError>

Converts the key pair to raw byte arrays

§Returns
  • Result<([u8; PUBLICKEYBYTES], [u8; SECRETKEYBYTES]), CryptoError>: A tuple containing the public and secret keys as byte arrays
Examples found in repository?
examples/full_exchange.rs (line 21)
6fn main() {
7    let alice_kem = KEMPair::create();
8    let alice_signer = SignerPair::create();
9
10    let bob_kem = KEMPair::create();
11    let bob_signer = SignerPair::create();
12
13    // Create a base nonce with a new session id, and a counter of
14    let base_nonce = create_nonce(&gen_session_id(), 0);
15
16    // Lets create the message session for Alice first
17    let (mut alice_session, ciphertext) = MessageSession::new_initiator(
18        alice_kem,
19        alice_signer.clone(),
20        base_nonce,
21        &bob_kem.to_bytes().unwrap().0,    // Bob's public KEM key
22        &bob_signer.to_bytes().unwrap().0, // Bob's public signer key
23    )
24    .unwrap();
25
26    // Now for Bob it would look like this
27    let mut bob_session = MessageSession::new_responder(
28        bob_kem,
29        bob_signer.clone(),
30        base_nonce,
31        &ciphertext,
32        &alice_signer.to_bytes().unwrap().0, // Alice's public signer key
33    )
34    .unwrap();
35
36    // Now both sessions contain a shared secret they use to encrypt and decrypt messages
37    // and a nonce that is incremented with each message sent or received.
38
39    // Alice creates a mesasge and prepares to send it to Bob
40    let message = b"Hello, Bob! This is a secret message.";
41    let encrypted_message = alice_session.craft_message(message).unwrap();
42
43    // Bob decrypts and verifies Alice's message
44    let raw_message = bob_session.validate_message(&encrypted_message).unwrap();
45
46    // Both message and raw_message are equal, let's print them out to illustrate
47    let message_str = String::from_utf8_lossy(message);
48    let raw_message_str = String::from_utf8_lossy(&raw_message);
49
50    println!("[1] Alice's message: {}", message_str);
51    println!("[2] Bob's decrypted message: {}", raw_message_str);
52
53    // Bob crafts a reply message to Alice
54    let reply = b"Hello, Alice! I received your message safely.";
55    let encrypted_reply = bob_session.craft_message(reply).unwrap();
56
57    // Alice decrypts and verifies Bob's reply
58    let raw_reply = alice_session.validate_message(&encrypted_reply).unwrap();
59
60    // Both reply and raw_reply are equal, let's print them again
61    let reply_str = String::from_utf8_lossy(reply);
62    let raw_reply_str = String::from_utf8_lossy(&raw_reply);
63
64    println!("[3] Bob's reply: {}", reply_str);
65    println!("[4] Alice's decrypted reply: {}", raw_reply_str);
66}
Source

pub fn to_bytes_uniform(&self) -> Vec<u8>

Converts the key pair to a single byte vector with public key followed by secret key

§Returns

A vector containing the concatenated public and secret key bytes

Source

pub fn from_bytes_uniform(bytes: &[u8]) -> Result<Self, CryptoError>

Creates a KEM pair from a single byte slice containing both public and secret keys

§Arguments
  • bytes - The concatenated public and secret key bytes
§Returns
  • Result<KEMPair, CryptoError>: The constructed KEMPair or an error
Source

pub fn encapsulate( &self, receiver_pubkey: &PublicKey, ) -> (SharedSecret, Ciphertext)

Encapsulates a shared secret using the provided public key

§Arguments
  • receiver_pubkey - The receiver’s public key
§Returns

A tuple containing the shared secret and the ciphertext to send to the receiver

Source

pub fn decapsulate( &self, ciphertext: &Ciphertext, ) -> Result<SharedSecret, CryptoError>

Decapsulates a shared secret from the provided ciphertext using this pair’s secret key

§Arguments
  • ciphertext - The ciphertext received from the sender
§Returns
  • Result<SharedSecret, CryptoError>: The decapsulated shared secret or an error

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V