xkyber_crypto 1.0.6 xkyber_crypto: ^1.0.6 copied to clipboard
A library for post-quantum cryptography using the Kyber algorithm as base.
XKyber_crypto #
Is a Dart library for post-quantum encryption, providing a Key Encapsulation Mechanism (KEM) based on the Kyber algorithm. Kyber is a post-quantum cryptographic scheme selected by NIST for standardization, designed to be secure against attacks from quantum computers.
Features #
- Generation of public and private key pairs using the Kyber KEM.
- Encapsulation of a shared secret using a public key.
- Decapsulation of the shared secret using a private key.
- The shared secret can then be used with a symmetric cipher (e.g., AES-GCM) to encrypt or decrypt arbitrary messages.
- Uses SHAKE128 and fully follows the official Kyber specifications.
Prerequisites #
Before using this library, ensure you have the following:
- Dart SDK: version 2.12.0 or higher.
- Flutter (optional, if using this library in a Flutter project).
- An editor such as Visual Studio Code or IntelliJ to facilitate development.
Installation #
To install this library, add the dependency to your pubspec.yaml
file:
dependencies:
xkyber_crypto:
git:
url: https://github.com/xscriptorcode/xkyber_crypto.git
Update your dependencies with:
dart pub get
Usage Example #
Here’s a basic example of how to use this library:
// /example/main.dart == example file
// ignore_for_file: avoid_print, always_specify_types
import 'dart:convert';
import 'dart:typed_data';
import 'package:cryptography/cryptography.dart';
import 'package:xkyber_crypto/kem.dart';
import 'package:xkyber_crypto/kyber_keypair.dart';
/// Dada la clave compartida ss (32 bytes) obtenida de Kyber, la usamos como SecretKey para AES-GCM.
Future<SecretKey> secretKeyFromSS(Uint8List ss) async {
return SecretKey(ss);
}
/// Cifra data con AES-GCM usando secretKey
Future<String> encryptData(String data, SecretKey secretKey) async {
final algorithm = AesGcm.with256bits();
final nonce = algorithm.newNonce();
final secretBox = await algorithm.encrypt(
utf8.encode(data),
secretKey: secretKey,
nonce: nonce,
);
final combined = Uint8List.fromList([...nonce, ...secretBox.cipherText, ...secretBox.mac.bytes]);
return base64Encode(combined);
}
/// Descifra data con AES-GCM usando secretKey
Future<String> decryptData(String encryptedData, SecretKey secretKey) async {
final algorithm = AesGcm.with256bits();
final decoded = base64Decode(encryptedData);
final nonce = decoded.sublist(0, algorithm.nonceLength);
final cipherText = decoded.sublist(algorithm.nonceLength, decoded.length - 16);
final macBytes = decoded.sublist(decoded.length - 16);
final mac = Mac(macBytes);
final secretBox = SecretBox(cipherText, nonce: nonce, mac: mac);
final decrypted = await algorithm.decrypt(secretBox, secretKey: secretKey);
return utf8.decode(decrypted);
}
void main() async {
// 1. Generate Kyber key pair
KyberKeyPair keyPair = KyberKeyPair.generate();
Uint8List pk = keyPair.publicKey;
Uint8List sk = keyPair.secretKey;
// Message
String originalMessage = "Hello, this is a secret message";
// 2. Encapsulate to get ss and c
Uint8List c = Uint8List(768); // ciphertext size for Kyber512
Uint8List ssSender = Uint8List(32);
cryptokemenc(c, ssSender, pk);
final secretKeySender = await secretKeyFromSS(ssSender);
// 3. Encrypt the message with AES-GCM using ssSender
String encryptedData = await encryptData(originalMessage, secretKeySender);
// The sender sends (c, encryptedData) to the receiver
// 4. The receiver decapsulates to get ssReceiver
Uint8List ssReceiver = Uint8List(32);
cryptokemdec(ssReceiver, c, sk);
final secretKeyReceiver = await secretKeyFromSS(ssReceiver);
// 5. Decrypt the encryptedData with ssReceiver
String decryptedMessage = await decryptData(encryptedData, secretKeyReceiver);
// 6. Verify
assert(decryptedMessage == originalMessage);
print("Original message: $originalMessage");
print("Decrypted message: $decryptedMessage");
print("The encryption/decryption process works correctly!");
}
This example demonstrates: #
- Generating a Kyber key pair.
- Encapsulating a shared secret with cryptoKemEnc and pk.
- Decapsulating the shared secret with cryptoKemDec and sk.
- Using the shared secret (ss) for symmetric encryption.
API #
Main Functions #
- cryptoKemKeypair(Uint8List pk, Uint8List sk): Generates a Kyber key pair.
- cryptoKemEnc(Uint8List c, Uint8List ss, Uint8List pk): Encapsulates a shared secret ss using pk and produces ciphertext c.
- cryptoKemDec(Uint8List ss, Uint8List c, Uint8List sk): Decapsulates c using sk to recover ss.
Classes #
- KyberKeyPair:
- generate(): Produces a Kyber key pair (publicKey, privateKey).
- publicKey, privateKey: Byte arrays representing the keys.
Project Structure #
-
lib/
: Contains the main implementation of the library. -
kem.dart: Core Kyber KEM functions (cryptoKemEnc, cryptoKemDec, cryptoKemKeypair).
-
kyber_keypair.dart: Handles key generation and utilities.
-
poly.dart, polyvec.dart, ntt.dart, params.dart, etc.: Core Kyber implementation (NTT, polynomial operations, parameter definitions).
-
shake.dart: SHAKE128 implementation.
-
reduce.dart, fq.dart: Modular arithmetic and field operations.
-
example/
: Example code for understanding the library usage. -
test/
: Automated tests to verify library functionality.
Dependencies #
The library uses the following dependencies:
crypto: ^3.0.6
: Provides common cryptographic functions.pointycastle: ^3.9.1
: Advanced library for cryptography in Dart.lints: ^5.0.0
: Establishes style rules and best practices for Dart code.
Ensure you have the latest versions to guarantee compatibility and performance.
Testing and Quality #
Automated Tests #
The library includes tests to verify: #
- Key Generation and Shared Secret: Ensures correctness of generated keys and shared secrets.
- Encapsulation/Decapsulation: Validates that cryptoKemEnc and cryptoKemDec produce matching shared secrets.
- Math Operations: Checks NTT, modular arithmetic, and noise distribution.
Run with:
dart test
Warnings and Limitations #
- The library is intended for research, testing, and educational use. For production environments, a thorough security audit is recommended.
- Performance may vary depending on device capabilities.
Contributions #
Contributions are welcome. To contribute:
- Fork this repository.
- Create a new branch (
git checkout -b feature/new-functionality
). - Make your changes and commit them (
git commit -m 'Add new functionality'
). - Push your branch (
git push origin feature/new-functionality
). - Open a Pull Request in this repository.
Acknowledgments and References #
This project is inspired by the Kyber algorithm, selected by NIST as part of its post-quantum cryptography standards. More information about Kyber is available here.
License #
This project is licensed under the MIT License. See the LICENSE file for more details.