Class: MLKEM::Core::KPKE

Inherits:
Object
  • Object
show all
Defined in:
lib/ml_kem/core/k_pke.rb

Overview

Implements the Public Key Encryption (K-PKE) as specified in ML-KEM (Kyber). Provides methods for key generation, encryption, and decryption using lattice-based NTT arithmetic.

Since:

  • 0.1.0

Instance Method Summary collapse

Constructor Details

#initialize(k, eta1, eta2, du, dv, q = Constants::Q) ⇒ KPKE

Initializes the KPKE engine with given parameters.

Parameters:

  • k (Integer)

    Security level (2, 3, or 4 for ML-KEM-512/768/1024)

  • eta1 (Integer)

    Noise parameter for secret and error

  • eta2 (Integer)

    Noise parameter for encryption errors

  • du (Integer)

    Compression bits for u

  • dv (Integer)

    Compression bits for v

  • q (Integer) (defaults to: Constants::Q)

    Prime modulus

Since:

  • 0.1.0



21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/ml_kem/core/k_pke.rb', line 21

def initialize(k, eta1, eta2, du, dv, q = Constants::Q)
  @k = k
  @eta1 = eta1
  @eta2 = eta2
  @du = du
  @dv = dv
  @q = q

  @poly_ops = Math::Polynomial.new(@q)
  @ntt_ops = Math::NTT.new(@q)
  @sampling = Math::Sampling.new(@q)
end

Instance Method Details

#decrypt(dk_pke, c) ⇒ String

Decryption algorithm (Algorithm 15).

Parameters:

  • dk_pke (String)

    Secret key

  • c (String)

    Ciphertext

Returns:

  • (String)

    Recovered message (32-byte encoded bitstring)

Since:

  • 0.1.0



144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'lib/ml_kem/core/k_pke.rb', line 144

def decrypt(dk_pke, c)
  c1 = c[0...(32 * @du * @k)]
  c2 = c[(32 * @du * @k)...(32 * (@du * @k + @dv))]

  up = Array.new(@k)
  @k.times do |i|
    up[i] = @poly_ops.decompress(@du,
            Math::ByteOperations.byte_decode(@du, c1[(32 * @du * i)...(32 * @du * (i + 1))], @q))
  end

  vp = @poly_ops.decompress(@dv, Math::ByteOperations.byte_decode(@dv, c2, @q))

  s = Array.new(@k)
  @k.times do |i|
    s[i] = Math::ByteOperations.byte_decode(12, dk_pke[(384 * i)...(384 * (i + 1))], @q)
  end

  w = Array.new(256, 0)
  @k.times do |i|
    w = @poly_ops.add(w, @ntt_ops.multiply_ntts(s[i], @ntt_ops.ntt(up[i])))
  end
  w = @poly_ops.subtract(vp, @ntt_ops.inverse_ntt(w))

  Math::ByteOperations.byte_encode(1, @poly_ops.compress(1, w), @q)
end

#encrypt(ek_pke, m, r) ⇒ String

Encryption algorithm (Algorithm 14).

Parameters:

  • ek_pke (String)

    Public key

  • m (String)

    Message (32 bytes of encoded bits)

  • r (String)

    Randomness (32-byte seed)

Returns:

  • (String)

    Ciphertext

Since:

  • 0.1.0



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
# File 'lib/ml_kem/core/k_pke.rb', line 80

def encrypt(ek_pke, m, r)
  n = 0

  t = Array.new(@k)
  @k.times do |i|
    t[i] = Math::ByteOperations.byte_decode(12, ek_pke[(384 * i)...(384 * (i + 1))], @q)
  end
  rho = ek_pke[(384 * @k)...(384 * @k + 32)]

  a = Array.new(@k) { Array.new(@k) }
  @k.times do |i|
    @k.times do |j|
      a[i][j] = @sampling.sample_ntt(rho + [j, i].pack('CC'))
    end
  end

  y = Array.new(@k)
  e1 = Array.new(@k)
  @k.times do |i|
    y[i] = @sampling.sample_poly_cbd(@eta1, Crypto::SymmetricPrimitives.prf(@eta1, r, n))
    n += 1
    e1[i] = @sampling.sample_poly_cbd(@eta2, Crypto::SymmetricPrimitives.prf(@eta2, r, n))
    n += 1
  end
  e2 = @sampling.sample_poly_cbd(@eta2, Crypto::SymmetricPrimitives.prf(@eta2, r, n))

  y.map! { |v| @ntt_ops.ntt(v) }

  u = Array.new(@k) { Array.new(256, 0) }
  @k.times do |i|
    @k.times do |j|
      u[i] = @poly_ops.add(u[i], @ntt_ops.multiply_ntts(a[j][i], y[j]))
    end
  end

  @k.times do |i|
    u[i] = @ntt_ops.inverse_ntt(u[i])
    u[i] = @poly_ops.add(u[i], e1[i])
  end

  mu = @poly_ops.decompress(1, Math::ByteOperations.byte_decode(1, m, @q))

  v = Array.new(256, 0)
  @k.times do |i|
    v = @poly_ops.add(v, @ntt_ops.multiply_ntts(t[i], y[i]))
  end
  v = @ntt_ops.inverse_ntt(v)
  v = @poly_ops.add(v, e2)
  v = @poly_ops.add(v, mu)

  c1 = ''
  @k.times do |i|
    c1 += Math::ByteOperations.byte_encode(@du, @poly_ops.compress(@du, u[i]), @q)
  end
  c2 = Math::ByteOperations.byte_encode(@dv, @poly_ops.compress(@dv, v), @q)

  c1 + c2
end

#keygen(d) ⇒ Array<String>

Key generation algorithm (Algorithm 13).

Parameters:

  • d (String)

    Random seed (32 bytes)

Returns:

  • (Array<String>)
    public_key, secret_key

    both as binary strings

Since:

  • 0.1.0



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/ml_kem/core/k_pke.rb', line 38

def keygen(d)
  rho, sig = Crypto::SymmetricPrimitives.g(d + [@k].pack('C'))
  n = 0

  a = Array.new(@k) { Array.new(@k) }
  @k.times do |i|
    @k.times do |j|
      a[i][j] = @sampling.sample_ntt(rho + [j, i].pack('CC'))
    end
  end

  s = Array.new(@k)
  e = Array.new(@k)
  @k.times do |i|
    s[i] = @sampling.sample_poly_cbd(@eta1, Crypto::SymmetricPrimitives.prf(@eta1, sig, n))
    n += 1
    e[i] = @sampling.sample_poly_cbd(@eta1, Crypto::SymmetricPrimitives.prf(@eta1, sig, n))
    n += 1
  end

  s.map! { |v| @ntt_ops.ntt(v) }
  e.map! { |v| @ntt_ops.ntt(v) }

  t = e.dup
  @k.times do |i|
    @k.times do |j|
      t[i] = @poly_ops.add(t[i], @ntt_ops.multiply_ntts(a[i][j], s[j]))
    end
  end

  ek_pke = Math::ByteOperations.byte_encode(12, t, @q) + rho
  dk_pke = Math::ByteOperations.byte_encode(12, s, @q)

  [ek_pke, dk_pke]
end