kyber_py.ml_kem package

Submodules

kyber_py.ml_kem.default_parameters module

The parameters defined in the FIPS 203 document.

Includes the ML-KEM-512, ML-KEM-768, and ML-KEM-1024 parameters and initialised objects with them.

kyber_py.ml_kem.default_parameters.DEFAULT_PARAMETERS = {'ML1024': {'du': 11, 'dv': 5, 'eta_1': 2, 'eta_2': 2, 'k': 4, 'oid': (2, 16, 840, 1, 101, 3, 4, 4, 3)}, 'ML512': {'du': 10, 'dv': 4, 'eta_1': 3, 'eta_2': 2, 'k': 2, 'oid': (2, 16, 840, 1, 101, 3, 4, 4, 1)}, 'ML768': {'du': 10, 'dv': 4, 'eta_1': 2, 'eta_2': 2, 'k': 3, 'oid': (2, 16, 840, 1, 101, 3, 4, 4, 2)}}

Parameters for the ML_KEM objects.

kyber_py.ml_kem.default_parameters.ML_KEM_1024 = <kyber_py.ml_kem.ml_kem.ML_KEM object>

Key exchange object that uses ML-KEM-1024 parameters internally.

Provides about 256 bit level of security.

Part of stable API.

kyber_py.ml_kem.default_parameters.ML_KEM_512 = <kyber_py.ml_kem.ml_kem.ML_KEM object>

Key exchange object that uses ML-KEM-512 parameters internally.

Provides about 128 bit level of security.

Part of stable API.

kyber_py.ml_kem.default_parameters.ML_KEM_768 = <kyber_py.ml_kem.ml_kem.ML_KEM object>

Key exchange object that uses ML-KEM-768 parameters internally.

Provides about 192 bit level of security.

Part of stable API.

kyber_py.ml_kem.ml_kem module

Implementation of ML-KEM following FIPS 203 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf

class kyber_py.ml_kem.ml_kem.ML_KEM(params: dict)

Bases: object

decaps(dk: bytes, c: bytes) bytes

Uses the decapsulation key to produce a shared secret key from a ciphertext following Algorithm 21 (FIPS 203).

K is the shared secret key of length 32 bytes

Part of stable API.

Parameters:

  • dk (bytes) – decapsulation key

  • c (bytes) – ciphertext with an encapsulated key

Returns:

shared secret key (K)

Return type:

bytes

encaps(ek: bytes) tuple[bytes, bytes]

Uses the encapsulation key to generate a shared secret key and an associated ciphertext following Algorithm 20 (FIPS 203)

K is the shared secret key of length 32 bytes c is the ciphertext of length 32(du*k + dv)

Part of stable API.

Parameters:

ek (bytes) – byte-encoded encapsulation key

Returns:

a random key (K) and an encapsulation of it (c)

Return type:

tuple(bytes, bytes)

key_derive(seed: bytes) tuple[bytes, bytes]

Derive an encapsulation key and corresponding decapsulation key following the approach from Section 7.1 (FIPS 203) with storage of the seed value for later expansion.

seed is a byte-encoded concatenation of the d and z values.

Returns:

Tuple with encapsulation key and decapsulation key.

Return type:

tuple(bytes, bytes)

keygen() tuple[bytes, bytes]

Generate an encapsulation key and corresponding decapsulation key following Algorithm 19 (FIPS 203)

ek is encoded as bytes of length 384*k + 32 dk is encoded as bytes of length 768*k + 96

Part of stable API.

Returns:

Tuple with encapsulation key and decapsulation key.

Return type:

tuple(bytes, bytes)

set_drbg_seed(seed: bytes)

Change entropy source to a DRBG and seed it with provided value.

Setting the seed switches the entropy source from os.urandom() to an AES256 CTR DRBG.

Used for both deterministic versions of ML-KEM as well as testing alignment with the KAT vectors

NOTE:

currently requires pycryptodome for AES impl.

Parameters:

seed (bytes) – random bytes to seed the DRBG with

Module contents