This PR fixes #325, by making available kyber{512,768,1024} modules with their own encapsulate and decapsulate behind the kyber feature, in addition to the regular ML-KEM API.
The differences in Kyber compared to ML-KEM are
a hash of the initial encapsulation randomness is used instead of using the randomness directly
the derivation of the shared secret includes a hash of the ciphertext
This PR fixes #325, by making available
kyber{512,768,1024}
modules with their ownencapsulate
anddecapsulate
behind thekyber
feature, in addition to the regular ML-KEM API. The differences in Kyber compared to ML-KEM arec.f. FIPS 203 (Draft), section 1.3.
Further, the hybrid KEMs in
libcrux-kem
are now available in both variants as well.