Pure rust, portable, secure, and efficient implementations of CRYSTALS-Kyber and CRYSTALS-Dilithium.
Goals
- Security and safety:
- Leverage Rust's memory safety features
- Straightforward API for secure integration
- Minimize use of unsafe code, and fully document and verify all unsafe code
- Extensive testing and verification
- Verified against the C reference implementations and extended KATs
- Portability:
- Targeting 32-bit and 64-bit architectures
- Support for: ARMv8, ARMv9, RISC-V, and x86_64
- Usable on embedded platforms, with or without an operating system
no_std
- no heap allocation
- Platform-specific optimizations shall be considered
- Targeting 32-bit and 64-bit architectures
- Efficiency:
- Performance (latency, throughput) is a primary goal
- Minimize memory (RAM) footprint
- Minimize executable size (ROM)
Kyber
Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. Kyber has been identified as a winner of the NIST post-quantum cryptography project to be used in the upcoming NIST quantum-safe publickey cryptography standard.
Dilithium
Dilithium is a digital signature scheme that is strongly secure under chosen message attacks based on the hardness of lattice problems over module lattices.
The design of Dilithium is based on the "Fiat-Shamir with Aborts" technique of Lyubashevsky which uses rejection sampling to make lattice-based Fiat-Shamir schemes compact and secure.
Dilithium3
is the recommended parameter set.