diff --git a/README-EN.md b/README-EN.md index 65fde92..4c74aa1 100644 --- a/README-EN.md +++ b/README-EN.md @@ -40,6 +40,8 @@ ShangMi (SM) cipher suites for Golang, referred to as **GMSM**, is a secure, hig - **DRBG** - Random Number Generation Using Deterministic Random Bit Generators, for detail, please reference **NIST Special Publication 800-90A** and **GM/T 0105-2021**: CTR-DRBG using derivation function and HASH-DRBG. NIST related implementations are tested with part of NIST provided test vectors. It's **NOT** concurrent safe! You can also use [randomness](https://github.com/Trisia/randomness) tool to check the generated random bits. +- **MLKEM** - NIST FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism Standard. + - **MLDSA** - NIST FIPS 204 Module-Lattice-Based Digital Signature Standard. - **SLHDSA** - NIST FIPS 205 Stateless Hash-Based Digital Signature Standard diff --git a/README.md b/README.md index a2fb3b1..3f6a111 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,8 @@ Go语言商用密码软件,简称**GMSM**,一个安全、高性能、易于 - **DRBG** - 《GM/T 0105-2021软件随机数发生器设计指南》实现。本实现同时支持**NIST Special Publication 800-90A**(部分) 和 **GM/T 0105-2021**,NIST相关实现使用了NIST提供的测试数据进行测试。本实现**不支持并发使用**。 +- **MLKEM** - NIST FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism Standard实现,基于Golang标准库,支持所有三组参数集(ML-KEM-512/ML-KEM-768/ML-KEM-1024)。 + - **MLDSA** - NIST FIPS 204 Module-Lattice-Based Digital Signature Standard实现。 - **SLHDSA** - NIST FIPS 205 Stateless Hash-Based Digital Signature Standard实现。 diff --git a/mlkem/mlkem1024.go b/mlkem/mlkem1024.go index 8741603..a26ab81 100644 --- a/mlkem/mlkem1024.go +++ b/mlkem/mlkem1024.go @@ -21,7 +21,7 @@ type DecapsulationKey1024 struct { d [32]byte // decapsulation key seed z [32]byte // implicit rejection sampling seed - ρ [32]byte // sampleNTT seed for A, stored for the encapsulation key + ρ [32]byte // rho, sampleNTT seed for A, stored for the encapsulation key h [32]byte // H(ek), stored for ML-KEM.Decaps_internal encryptionKey1024 @@ -193,7 +193,7 @@ func kemKeyGen1024(dk *DecapsulationKey1024, d, z *[32]byte) { g.Write(d[:]) g.Write([]byte{k1024}) // Module dimension as a domain separator. G := g.Sum(make([]byte, 0, 64)) - ρ, σ := G[:32], G[32:] + ρ, σ := G[:32], G[32:] // rho, sigma dk.ρ = [32]byte(ρ) A := &dk.a diff --git a/mlkem/mlkem512.go b/mlkem/mlkem512.go index 45acb6b..9302b44 100644 --- a/mlkem/mlkem512.go +++ b/mlkem/mlkem512.go @@ -21,7 +21,7 @@ type DecapsulationKey512 struct { d [32]byte // decapsulation key seed z [32]byte // implicit rejection sampling seed - ρ [32]byte // sampleNTT seed for A, stored for the encapsulation key + ρ [32]byte // rho, sampleNTT seed for A, stored for the encapsulation key h [32]byte // H(ek), stored for ML-KEM.Decaps_internal encryptionKey512 @@ -193,7 +193,7 @@ func kemKeyGen512(dk *DecapsulationKey512, d, z *[32]byte) { g.Write(d[:]) g.Write([]byte{k512}) // Module dimension as a domain separator. G := g.Sum(make([]byte, 0, 64)) - ρ, σ := G[:32], G[32:] + ρ, σ := G[:32], G[32:] // rho, sigma dk.ρ = [32]byte(ρ) A := &dk.a diff --git a/mlkem/mlkem768.go b/mlkem/mlkem768.go index f2ff65b..4cc5042 100644 --- a/mlkem/mlkem768.go +++ b/mlkem/mlkem768.go @@ -35,8 +35,8 @@ import ( const ( // ML-KEM global constants. - n = 256 - q = 3329 + n = 256 + q = 3329 maxBytesOf64Mulη = 192 // encodingSizeX is the byte size of a ringElement or nttElement encoded @@ -56,9 +56,9 @@ const ( // ML-KEM-768 parameters. const ( - k = 3 - η1 = 2 - η2 = 2 + k = 3 + η1 = 2 // eta1 + η2 = 2 // eta2 CiphertextSize768 = k*encodingSize10 + encodingSize4 EncapsulationKeySize768 = k*encodingSize12 + 32 @@ -67,7 +67,7 @@ const ( // ML-KEM-512 parameters. const ( - k512 = 2 + k512 = 2 η1_512 = 3 η2_512 = 2 @@ -78,7 +78,7 @@ const ( // ML-KEM-1024 parameters. const ( - k1024 = 4 + k1024 = 4 η1_1024 = 2 η2_1024 = 2 @@ -93,7 +93,7 @@ type DecapsulationKey768 struct { d [32]byte // decapsulation key seed z [32]byte // implicit rejection sampling seed - ρ [32]byte // sampleNTT seed for A, stored for the encapsulation key + ρ [32]byte // rho, sampleNTT seed for A, stored for the encapsulation key h [32]byte // H(ek), stored for ML-KEM.Decaps_internal encryptionKey @@ -265,7 +265,7 @@ func kemKeyGen(dk *DecapsulationKey768, d, z *[32]byte) { g.Write(d[:]) g.Write([]byte{k}) // Module dimension as a domain separator. G := g.Sum(make([]byte, 0, 64)) - ρ, σ := G[:32], G[32:] + ρ, σ := G[:32], G[32:] // rho, sigma dk.ρ = [32]byte(ρ) A := &dk.a