Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ML-KEM (FIPS 203). #470

Merged
merged 1 commit into from
Aug 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ Alternatively, look at the [Cloudflare Go](https://github.com/cloudflare/go/tree
|:---:|

- [CSIDH](./dh/csidh): Post-Quantum Commutative Group Action ([CSIDH](https://csidh.isogeny.org/)).
- [ML-KEM](./kem/mlkem): modes 512, 768, 1024 ([ML-KEM](https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.203.pdf)).
- [Kyber KEM](./kem/kyber): modes 512, 768, 1024 ([KYBER](https://pq-crystals.org/kyber/)).
- [FrodoKEM](./kem/frodo): modes 640-SHAKE. ([FrodoKEM](https://frodokem.org/))
- (**insecure, deprecated**) ~~[SIDH/SIKE](./kem/sike)~~: Supersingular Key Encapsulation with primes p434, p503, p751 ([SIKE](https://sike.org/)).
Expand Down
36 changes: 33 additions & 3 deletions kem/kyber/gen.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@ package main

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please move these files used to generate code to an internal folder.

/kem/internal/gen.go
/kem/internal/pkg.templ.go

Generated packages:

/kem/kyber*
/kem/mlkem*

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please move these files used to generate code to an internal folder.

Shall we do that in a separate PR? It's not only Kyber that has a gen.go outside of an internal.

import (
"bytes"
"fmt"
"go/format"
"io/ioutil"
"path"
"strings"
"text/template"
)
Expand All @@ -17,15 +19,43 @@ type Instance struct {
Name string
}

func (m Instance) KemName() string {
if m.NIST() {
return m.Name
}
return m.Name + ".CCAKEM"
}

func (m Instance) NIST() bool {
return strings.HasPrefix(m.Name, "ML-KEM")
}

func (m Instance) PkePkg() string {
if !m.NIST() {
return m.Pkg()
}
return strings.ReplaceAll(m.Pkg(), "mlkem", "kyber")
}

func (m Instance) Pkg() string {
return strings.ToLower(m.Name)
return strings.ToLower(strings.ReplaceAll(m.Name, "-", ""))
}

func (m Instance) PkgPath() string {
if m.NIST() {
return path.Join("..", "mlkem", m.Pkg())
}
return m.Pkg()
}

var (
Instances = []Instance{
{Name: "Kyber512"},
{Name: "Kyber768"},
{Name: "Kyber1024"},
{Name: "ML-KEM-512"},
{Name: "ML-KEM-768"},
{Name: "ML-KEM-1024"},
}
TemplateWarning = "// Code generated from"
)
Expand All @@ -51,15 +81,15 @@ func generatePackageFiles() {
// Formating output code
code, err := format.Source(buf.Bytes())
if err != nil {
panic("error formating code")
panic(fmt.Sprintf("error formating code: %v", err))
}

res := string(code)
offset := strings.Index(res, TemplateWarning)
if offset == -1 {
panic("Missing template warning in pkg.templ.go")
}
err = ioutil.WriteFile(mode.Pkg()+"/kyber.go", []byte(res[offset:]), 0o644)
err = ioutil.WriteFile(mode.PkgPath()+"/kyber.go", []byte(res[offset:]), 0o644)
if err != nil {
panic(err)
}
Expand Down
29 changes: 22 additions & 7 deletions kem/kyber/kat_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"bytes"
"crypto/sha256"
"fmt"
"strings"
"testing"

"github.com/cloudflare/circl/internal/nist"
Expand All @@ -22,6 +23,12 @@ func TestPQCgenKATKem(t *testing.T) {
{"Kyber1024", "89248f2f33f7f4f7051729111f3049c409a933ec904aedadf035f30fa5646cd5"},
{"Kyber768", "a1e122cad3c24bc51622e4c242d8b8acbcd3f618fee4220400605ca8f9ea02c2"},
{"Kyber512", "e9c2bd37133fcb40772f81559f14b1f58dccd1c816701be9ba6214d43baf4547"},

// TODO crossreference with standard branch of reference implementation
// once they've added the final change: domain separation in K-PKE.KeyGen().
{"ML-KEM-512", "a30184edee53b3b009356e1e31d7f9e93ce82550e3c622d7192e387b0cc84f2e"},
{"ML-KEM-768", "729367b590637f4a93c68d5e4a4d2e2b4454842a52c9eec503e3a0d24cb66471"},
{"ML-KEM-1024", "3fba7327d0320cb6134badf2a1bcb963a5b3c0026c7dece8f00d6a6155e47b33"},
}
for _, kat := range kats {
kat := kat
Expand All @@ -45,18 +52,26 @@ func testPQCgenKATKem(t *testing.T, name, expected string) {
}
f := sha256.New()
g := nist.NewDRBG(&seed)
fmt.Fprintf(f, "# %s\n\n", name)

// The "standard" branch reference implementation still uses Kyber
// as name instead of ML-KEM.
fmt.Fprintf(f, "# %s\n\n", strings.ReplaceAll(name, "ML-KEM-", "Kyber"))
for i := 0; i < 100; i++ {
g.Fill(seed[:])
fmt.Fprintf(f, "count = %d\n", i)
fmt.Fprintf(f, "seed = %X\n", seed)
g2 := nist.NewDRBG(&seed)

// This is not equivalent to g2.Fill(kseed[:]). As the reference
// implementation calls randombytes twice generating the keypair,
// we have to do that as well.
g2.Fill(kseed[:32])
g2.Fill(kseed[32:])
if strings.HasPrefix(name, "ML-KEM") {
// https://github.com/pq-crystals/kyber/commit/830e0ba1a7fdba6cde03f8139b0d41ad2102b860
g2.Fill(kseed[:])
} else {
// This is not equivalent to g2.Fill(kseed[:]). As the reference
// implementation calls randombytes twice generating the keypair,
// we have to do that as well.
g2.Fill(kseed[:32])
g2.Fill(kseed[32:])
}

g2.Fill(eseed)
pk, sk := scheme.DeriveKeyPair(kseed)
Expand All @@ -73,6 +88,6 @@ func testPQCgenKATKem(t *testing.T, name, expected string) {
fmt.Fprintf(f, "ss = %X\n\n", ss)
}
if fmt.Sprintf("%x", f.Sum(nil)) != expected {
t.Fatal()
t.Fatalf("%s %x %s", name, f.Sum(nil), expected)
}
}
9 changes: 5 additions & 4 deletions kem/kyber/kyber1024/kyber.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 5 additions & 4 deletions kem/kyber/kyber512/kyber.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 5 additions & 4 deletions kem/kyber/kyber768/kyber.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading