params.go 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. // params.go - Kyber parameterization.
  2. //
  3. // To the extent possible under law, Yawning Angel has waived all copyright
  4. // and related or neighboring rights to the software, using the Creative
  5. // Commons "CC0" public domain dedication. See LICENSE or
  6. // <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
  7. package kyber
  8. const (
  9. // SymSize is the size of the shared key (and certain internal parameters
  10. // such as hashes and seeds) in bytes.
  11. SymSize = 32
  12. kyberN = 256
  13. kyberQ = 7681
  14. polySize = 416
  15. polyCompressedSize = 96
  16. compressedCoeffSize = 352
  17. )
  18. var (
  19. // Kyber512 is the Kyber-512 parameter set, which aims to provide security
  20. // equivalent to AES-128.
  21. //
  22. // This parameter set has a 1632 byte private key, 736 byte public key,
  23. // and a 800 byte cipher text.
  24. Kyber512 = newParameterSet("Kyber-512", 2)
  25. // Kyber768 is the Kyber-768 parameter set, which aims to provide security
  26. // equivalent to AES-192.
  27. //
  28. // This parameter set has a 2400 byte private key, 1088 byte public key,
  29. // and a 1152 byte cipher text.
  30. Kyber768 = newParameterSet("Kyber-768", 3)
  31. // Kyber1024 is the Kyber-1024 parameter set, which aims to provide
  32. // security equivalent to AES-256.
  33. //
  34. // This parameter set has a 3168 byte private key, 1440 byte public key,
  35. // and a 1504 byte cipher text.
  36. Kyber1024 = newParameterSet("Kyber-1024", 4)
  37. )
  38. // ParameterSet is a Kyber parameter set.
  39. type ParameterSet struct {
  40. name string
  41. k int
  42. eta int
  43. polyVecSize int
  44. polyVecCompressedSize int
  45. indcpaMsgSize int
  46. indcpaPublicKeySize int
  47. indcpaSecretKeySize int
  48. indcpaSize int
  49. publicKeySize int
  50. secretKeySize int
  51. cipherTextSize int
  52. }
  53. // Name returns the name of a given ParameterSet.
  54. func (p *ParameterSet) Name() string {
  55. return p.name
  56. }
  57. // PublicKeySize returns the size of a public key in bytes.
  58. func (p *ParameterSet) PublicKeySize() int {
  59. return p.publicKeySize
  60. }
  61. // PrivateKeySize returns the size of a private key in bytes.
  62. func (p *ParameterSet) PrivateKeySize() int {
  63. return p.secretKeySize
  64. }
  65. // CipherTextSize returns the size of a cipher text in bytes.
  66. func (p *ParameterSet) CipherTextSize() int {
  67. return p.cipherTextSize
  68. }
  69. func newParameterSet(name string, k int) *ParameterSet {
  70. var p ParameterSet
  71. p.name = name
  72. p.k = k
  73. switch k {
  74. case 2:
  75. p.eta = 5
  76. case 3:
  77. p.eta = 4
  78. case 4:
  79. p.eta = 3
  80. default:
  81. panic("kyber: k must be in {2,3,4}")
  82. }
  83. p.polyVecSize = k * polySize
  84. p.polyVecCompressedSize = k * compressedCoeffSize
  85. p.indcpaMsgSize = SymSize
  86. p.indcpaPublicKeySize = p.polyVecCompressedSize + SymSize
  87. p.indcpaSecretKeySize = p.polyVecSize
  88. p.indcpaSize = p.polyVecCompressedSize + polyCompressedSize
  89. p.publicKeySize = p.indcpaPublicKeySize
  90. p.secretKeySize = p.indcpaSecretKeySize + p.indcpaPublicKeySize + 2*SymSize // 32 bytes of additional space to save H(pk)
  91. p.cipherTextSize = p.indcpaSize
  92. return &p
  93. }