Repository files navigation

This package provides a toolbox of advanced cryptographic primitives for Go,targeting applications likeCothoritythat need more than straightforward signing and encryption.Please see theGodoc documentation for this packagefor details on the library's purpose and API functionality.

This package includes a mix of variable time and constant timeimplementations. If your application is sensitive to timing-based attacksand you need to constrain Kyber to offering only constant time implementations,you should use thesuites.RequireConstantTime()function in theinit() function of yourmain package.

This library is intended to be used by developers who are at least moderately knowledgeable about cryptography.If you want a crypto library that makes it easy to implement "basic crypto" functionality correctly - i.e., plain public-key encryption and signing - thenNaCl secretbox may be a better choice.Or use Google'sTink

This toolkit's purpose is to make it possible - and preferably easy - to do slightly more interesting things that most current crypto libraries don't support effectively.The one existing crypto library that this toolkit is probably most comparable to is theCharm rapid prototyping library for Python.

We use the following versioning model:

• crypto.v0 was the first semi-stable version. Seemigration notes.
• kyber.v1 never existed, in order to keep kyber, onet and cothorithy versions linked
• gopkg.in/dedis/kyber.v2 was the last stable version
• Starting with v3.0.0, kyber is a Go module, and we respectsemantic versioning.

So if you depend on the master branch, you can expect breakages from timeto time. If you need something that doesn't change in a backward-compatibleway you should use have ago.mod file in the directory where yourmain package is.

Kyber supports Go modules, and currently has a major version of 3, which means thatthe import path is:go.dedis.ch/kyber/v4.

Here is a basic example of getting started using it:

1. Make a new directory called “ex". Change directory to “ex" and put this in main.go:

package mainimport ("fmt""go.dedis.ch/kyber/v4/suites")funcmain() {s:=suites.MustFind("Ed25519")x:=s.Scalar().Zero()fmt.Println(x)}

2. Type “go mod init example.com/ex”. The resulting go.mod file will have no dependencies listed yet.
3. Type “go build”. The go tool will fill in the new dependencies that it find for you, i.e. "require go.dedis.ch/kyber/v4 v3.0.13”.
4. Running./ex will print0000000000000000000000000000000000000000000000000000000000000000.

Traditionally, ECDH (Elliptic curve Diffie-Hellman) derives the shared secretfrom the x point only. In this framework, you can either manually retrieve thevalue or use the MarshalBinary method to take the combined (x, y) value as theshared secret. We recommend the latter process for new softare/protocols usingthis framework as it is cleaner and generalizes across different types of groups(e.g., both integer and elliptic curves), although it will likely beincompatible with other implementations of ECDH. Seethe Wikipediapage onECDH.

This library is offered as-is, and without a guarantee. It will need anindependent security review before it should be considered ready for use insecurity-critical applications. If you integrate Kyber into your application itis YOUR RESPONSIBILITY to arrange for that audit.

If you notice a possible security problem, please report ittodedis-security@epfl.ch.