Make drbg and and random_bytes private?

GiacomoPope / kyber-py

A pure python implementation of ML-KEM (FIPS 203) and CRYSTALS-Kyber

MIT License

183 stars 44 forks source link

Make drbg and and random_bytes private? #49

Closed tomato42 closed 1 month ago

tomato42 commented 1 month ago

https://github.com/GiacomoPope/kyber-py/blob/c8820db961943e07124a26c58afa747b23814835/src/kyber_py/ml_kem/ml_kem.py#L36-L37

they're not set in init
they're treated as private, but are not... (how set_drbg_seed and reseed_drbg work)

should we make them private fields? or at least the drbg one?

GiacomoPope commented 1 month ago

self.random_bytes is set during init as self.random_bytes = os.urandom. I am happy to make drbg private though, as the user is only supposed to interact with it using self.random_bytes() and set_drbg_seed(), reseed_drbg().

This change should also be mirrored in kyber

GiacomoPope commented 1 month ago

ml_kem also has many class methods which should be private -- we really only want encaps(), decaps() and keygen() for most users and things like self.random_bytes() and set_drbg_seed(), reseed_drbg() are used for deterministic KEMS (including the KAT checks)

tomato42 commented 1 month ago

true, that may be the second step