FIPS 203 (Initial Public Draft) Module-Lattice-Based Key-Encapsulation Mechanism Standard written in pure Rust.

This library implements the FIPS 203 draft standard in pure Rust with minimal and mainstream dependencies. All three security parameter sets are fully functional. The code does not require the standard library, e.g. #[no_std], and has no heap allocations so will be suitable for WASM, embedded and bare-metal applications. Significant performance optimizations are forthcoming.

See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf for a full description of the target functionality.

The functionality is extremely simple to use, as demonstrated by the following example.

// Use the desired target parameter set.
use fips203::ml_kem_512; // Could also be ml_kem_768 or ml_kem_1024. 
use fips203::traits::{Decaps, Encaps, KeyGen, SerDes};

// Alice runs `key_gen()` and then serializes the encaps key `ek` for Bob (to bytes).
let (alice_ek, alice_dk) = ml_kem_512::KG::try_keygen_vt().unwrap();
let alice_ek_bytes = alice_ek.into_bytes();

// Alice sends the encaps key `ek_bytes` to Bob.
let bob_ek_bytes = alice_ek_bytes;

// Bob deserializes the encaps `ek_bytes` and then runs `encaps() to get the shared 
// secret `ssk` and ciphertext `ct`. He serializes the ciphertext `ct` for Alice (to bytes).
let bob_ek = ml_kem_512::EncapsKey::try_from_bytes(bob_ek_bytes).unwrap();
let (bob_ssk_bytes, bob_ct) = bob_ek.try_encaps_vt().unwrap();
let bob_ct_bytes = bob_ct.into_bytes();

// Bob sends the ciphertext `ct_bytes` to Alice
let alice_ct_bytes = bob_ct_bytes;

// Alice deserializes the ciphertext `ct` and runs `decaps()` with her decaps key
let alice_ct = ml_kem_512::CipherText::try_from_bytes(alice_ct_bytes).unwrap();
let alice_ssk_bytes = alice_dk.try_decaps_vt(&alice_ct).unwrap();

// Alice and Bob will now have the same secret key
assert_eq!(bob_ssk_bytes, alice_ssk_bytes);

Rust Documentation

This crate is functional and corresponds to the first initial public draft of FIPS 203. This crate is still under construction/refinement -- USE AT YOUR OWN RISK!

• ML-KEM-512
• ML-KEM-768
• ML-KEM-1023

Rust 1.72 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

• All on-by-default features of this library are covered by SemVer
• MSRV is considered exempt from SemVer as noted above

All crates licensed under either of

• Apache License, Version 2.0
• MIT license

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.