doc(README): include MLKEM

2025-09-23 07:13:49 +08:00 · 2025-09-11 08:16:20 +08:00 · 2025-09-11 08:16:20 +08:00 · b294ea7388
commit b294ea7388
parent 2d7b1dab91
5 changed files with 17 additions and 13 deletions
--- a/README-EN.md
+++ b/README-EN.md
@ -40,6 +40,8 @@ ShangMi (SM) cipher suites for Golang, referred to as **GMSM**, is a secure, hig
 - **DRBG** - Random Number Generation Using Deterministic Random Bit Generators, for detail, please reference **NIST Special Publication 800-90A** and **GM/T 0105-2021**: CTR-DRBG using derivation function and HASH-DRBG. NIST related implementations are tested with part of NIST provided test vectors. It's **NOT** concurrent safe! You can also use [randomness](https://github.com/Trisia/randomness) tool to check the generated random bits.
 - **MLKEM** - NIST FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism Standard.
 - **MLDSA** - NIST FIPS 204 Module-Lattice-Based Digital Signature Standard.
 - **SLHDSA** - NIST FIPS 205 Stateless Hash-Based Digital Signature Standard
--- a/README.md
+++ b/README.md
@ -53,6 +53,8 @@ Go语言商用密码软件，简称**GMSM**，一个安全、高性能、易于
 - **DRBG** - 《GM/T 0105-2021软件随机数发生器设计指南》实现。本实现同时支持**NIST Special Publication 800-90A**（部分） 和 **GM/T 0105-2021**，NIST相关实现使用了NIST提供的测试数据进行测试。本实现**不支持并发使用**。
 - **MLKEM** - NIST FIPS 203  Module-Lattice-Based Key-Encapsulation Mechanism Standard实现，基于Golang标准库，支持所有三组参数集（ML-KEM-512/ML-KEM-768/ML-KEM-1024）。
 - **MLDSA** - NIST FIPS 204 Module-Lattice-Based Digital Signature Standard实现。
 - **SLHDSA** - NIST FIPS 205 Stateless Hash-Based Digital Signature Standard实现。
--- a/mlkem/mlkem1024.go
+++ b/mlkem/mlkem1024.go
@ -21,7 +21,7 @@ type DecapsulationKey1024 struct {
 	d [32]byte // decapsulation key seed
 	z [32]byte // implicit rejection sampling seed
-	ρ [32]byte // sampleNTT seed for A, stored for the encapsulation key
+	ρ [32]byte // rho, sampleNTT seed for A, stored for the encapsulation key
 	h [32]byte // H(ek), stored for ML-KEM.Decaps_internal
 	encryptionKey1024
@ -193,7 +193,7 @@ func kemKeyGen1024(dk *DecapsulationKey1024, d, z *[32]byte) {
 	g.Write(d[:])
 	g.Write([]byte{k1024}) // Module dimension as a domain separator.
 	G := g.Sum(make([]byte, 0, 64))
-	ρ, σ := G[:32], G[32:]
+	ρ, σ := G[:32], G[32:] // rho, sigma
 	dk.ρ = [32]byte(ρ)
 	A := &dk.a
--- a/mlkem/mlkem512.go
+++ b/mlkem/mlkem512.go
@ -21,7 +21,7 @@ type DecapsulationKey512 struct {
 	d [32]byte // decapsulation key seed
 	z [32]byte // implicit rejection sampling seed
-	ρ [32]byte // sampleNTT seed for A, stored for the encapsulation key
+	ρ [32]byte // rho, sampleNTT seed for A, stored for the encapsulation key
 	h [32]byte // H(ek), stored for ML-KEM.Decaps_internal
 	encryptionKey512
@ -193,7 +193,7 @@ func kemKeyGen512(dk *DecapsulationKey512, d, z *[32]byte) {
 	g.Write(d[:])
 	g.Write([]byte{k512}) // Module dimension as a domain separator.
 	G := g.Sum(make([]byte, 0, 64))
-	ρ, σ := G[:32], G[32:]
+	ρ, σ := G[:32], G[32:] // rho, sigma
 	dk.ρ = [32]byte(ρ)
 	A := &dk.a
--- a/mlkem/mlkem768.go
+++ b/mlkem/mlkem768.go
@ -57,8 +57,8 @@ const (
 // ML-KEM-768 parameters.
 const (
 	k  = 3
-	η1 = 2
+	η1 = 2 // eta1
-	η2 = 2
+	η2 = 2 // eta2
 	CiphertextSize768       = k*encodingSize10 + encodingSize4
 	EncapsulationKeySize768 = k*encodingSize12 + 32
@ -93,7 +93,7 @@ type DecapsulationKey768 struct {
 	d [32]byte // decapsulation key seed
 	z [32]byte // implicit rejection sampling seed
-	ρ [32]byte // sampleNTT seed for A, stored for the encapsulation key
+	ρ [32]byte // rho, sampleNTT seed for A, stored for the encapsulation key
 	h [32]byte // H(ek), stored for ML-KEM.Decaps_internal
 	encryptionKey
@ -265,7 +265,7 @@ func kemKeyGen(dk *DecapsulationKey768, d, z *[32]byte) {
 	g.Write(d[:])
 	g.Write([]byte{k}) // Module dimension as a domain separator.
 	G := g.Sum(make([]byte, 0, 64))
-	ρ, σ := G[:32], G[32:]
+	ρ, σ := G[:32], G[32:] // rho, sigma
 	dk.ρ = [32]byte(ρ)
 	A := &dk.a