Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewMLKEM1024 ¶ added in v1.0.1
NewMLKEM1024 returns a kem.KEM implementation for ML-KEM-1024 (Kyber-1024).
func NewMLKEM512 ¶ added in v1.0.1
NewMLKEM512 returns a kem.KEM implementation for ML-KEM-512 (Kyber-512).
func NewMLKEM768 ¶ added in v1.0.1
NewMLKEM768 returns a kem.KEM implementation for ML-KEM-768 (Kyber-768).
func Open ¶
Open reverses Seal by decapsulating the shared secret and decrypting the payload using the stored key schedule identifier.
Types ¶
type Hybrid ¶
type Hybrid struct {
// contains filtered or unexported fields
}
Hybrid implements a deployable hybrid key encapsulation mechanism that combines a classical ECDH exchange with an optional post-quantum KEM. The classical component is required to ensure callers can rely on the construction even before a post-quantum primitive is available. When a PQ KEM is supplied, Hybrid derives the final shared secret from both inputs using HKDF-SHA256 as described in draft-ietf-tls-hybrid-design-05.
The encoded public/private keys and ciphertexts follow a simple tagged format: version byte followed by 2-byte big-endian length prefixes for the classical and post-quantum components.
func NewHybrid ¶
NewHybrid constructs a Hybrid KEM using the provided classical ECDH exchange and optional post-quantum KEM. The classical exchange must be non-nil.
func NewHybridX25519 ¶
func NewHybridX25519() *Hybrid
NewHybridX25519 returns a Hybrid instance backed by X25519 and without a post-quantum component. It is intended as an immediate, deployable hybrid construction until a vetted ML-KEM implementation is available.
func NewHybridX25519MLKEM1024 ¶ added in v1.0.1
func NewHybridX25519MLKEM1024() *Hybrid
NewHybridX25519MLKEM1024 returns a Hybrid instance backed by X25519 and ML-KEM-1024 (Kyber-1024).
func NewHybridX25519MLKEM512 ¶ added in v1.0.1
func NewHybridX25519MLKEM512() *Hybrid
NewHybridX25519MLKEM512 returns a Hybrid instance backed by X25519 and ML-KEM-512 (Kyber-512).
func NewHybridX25519MLKEM768 ¶ added in v1.0.1
func NewHybridX25519MLKEM768() *Hybrid
NewHybridX25519MLKEM768 returns a Hybrid instance backed by X25519 and ML-KEM-768 (Kyber-768).
func (*Hybrid) Decapsulate ¶
Decapsulate recovers the shared secret from ciphertext using the provided private key. It validates the key/ciphertext format and combines the classical and post-quantum secrets using HKDF-SHA256.
func (*Hybrid) Encapsulate ¶
Encapsulate performs hybrid encapsulation using the recipient's public key. The returned ciphertext embeds the ephemeral classical public key and, when available, the post-quantum ciphertext. The shared secret is derived from the concatenation of the classical and PQ secrets using HKDF-SHA256.
func (*Hybrid) GenerateKey ¶
GenerateKey creates a hybrid public/private key pair. When mlkem is nil only the classical component is produced, resulting in a format that still allows hybrid ciphertexts to be processed in the future.
Source Files