Pull Request: Integration of ML-KEM for Quantum-Secure Message Exchange
Overview
This pull request introduces the Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) into our cryptographic library. This update enhances the security of our message exchange systems against quantum computing threats. The integration includes implementations for key generation, encryption, and decryption functionalities adhering to the emerging standards outlined in the draft FIPS 203.
Changes
Key Generation (kem_keygen): Implementation of a method to generate encryption and decryption keys based on ML-KEM specifications. This method includes the generation of a random 32-byte nonce used in cryptographic processes.
Encryption (kem_encrypt): Addition of functionality to encrypt messages using the generated keys and nonce, integrating symmetric key derivation using KMAC_XOF for enhanced message confidentiality and integrity.
Decryption (kem_decrypt): Development of the decryption process to reverse the encryption steps, ensuring message integrity and authenticity are verified upon reception.
Rationale
The adoption of ML-KEM is motivated by the necessity to prepare our cryptographic solutions for the era of quantum computing. Traditional cryptographic methods, such as RSA and ECC, are vulnerable to quantum attacks. ML-KEM offers a quantum-resistant alternative, basing its security on the hardness of lattice problems, which are considered infeasible for quantum computers to solve efficiently.
Usage:
Encrypting a message with ML-KEM is simple:
use capycrypt::{
kem::{kem_encryptable::KEMEncryptable, kem_keypair::kem_keygen},
Message, SecParam,
};
let mut msg = Message::new(get_random_bytes(5242880));
let (kem_pub_key, kem_priv_key) = kem_keygen();
assert!(msg.kem_encrypt(&kem_pub_key, &SecParam::D256).is_ok());
assert!(msg.kem_decrypt(&kem_priv_key).is_ok());
assert!(msg.op_result.is_ok());
Pull Request: Integration of ML-KEM for Quantum-Secure Message Exchange
Overview
This pull request introduces the Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) into our cryptographic library. This update enhances the security of our message exchange systems against quantum computing threats. The integration includes implementations for key generation, encryption, and decryption functionalities adhering to the emerging standards outlined in the draft FIPS 203.
Changes
kem_keygen): Implementation of a method to generate encryption and decryption keys based on ML-KEM specifications. This method includes the generation of a random 32-byte nonce used in cryptographic processes.kem_encrypt): Addition of functionality to encrypt messages using the generated keys and nonce, integrating symmetric key derivation using KMAC_XOF for enhanced message confidentiality and integrity.kem_decrypt): Development of the decryption process to reverse the encryption steps, ensuring message integrity and authenticity are verified upon reception.Rationale
The adoption of ML-KEM is motivated by the necessity to prepare our cryptographic solutions for the era of quantum computing. Traditional cryptographic methods, such as RSA and ECC, are vulnerable to quantum attacks. ML-KEM offers a quantum-resistant alternative, basing its security on the hardness of lattice problems, which are considered infeasible for quantum computers to solve efficiently.
Usage:
Encrypting a message with ML-KEM is simple: