Skip to content

Latest commit

 

History

History
63 lines (40 loc) · 3.35 KB

README.md

File metadata and controls

63 lines (40 loc) · 3.35 KB

Kyber

Goals

  • Create a pure TypeScript implementation of the Kyber algorithm with a great API (ESM & CommonJS)
  • Create a proper test suite (check what others do)
  • Measure and compare performance to other implementations (WebAssembly)
  • Apply to https://www.opentech.fund/ or similar for an in-depth cryptography audit

Why not use an existing implementation compiled to WebAssembly

WebAssembly is a viable option. That said there are several downsides and concerns:

In practice a lot of developers just prefered the simplicity of a pure JS implementation. https://paulmillr.com/noble/ is a great example. Even the Frank Denis (libsodium creator) is advocating for it jedisct1/libsodium.js#327 (comment)

What about performance?

WebAssembly can be faster, but the factors in reality often outweight the lower performance.

What is Kyber?

Kyber is a key encapsulation mechanism (KEM) designed to be resistant to cryptanalytic attacks with future powerful quantum computers. It is used to establish a shared secret between two communicating parties without an (IND-CCA2) attacker in the transmission system being able to decrypt it. This asymmetric cryptosystem uses a variant of the learning with errors lattice problem as its basic trapdoor function. It won the NIST competition for the first post-quantum cryptography (PQ) standard. (Wikipedia)

What does it mean? It allows to create a shared secret between two parties which allows to replace the not post-quantum save public-private crytography use-cases.

This summer NIST started to standardize Kyber like they did in the past for AES. I expect Kyber to be used in lots of protocols in the coming decade. Signal uses it already for conversations and you can use it in TLS e.g. https://aws.amazon.com/blogs/security/how-to-tune-tls-for-hybrid-post-quantum-cryptography-with-kyber/

Resources

Existing implementations

API Proposal

Key Encapsulation

import { generateKeyPair, encapsulate, decapsulate } from '@serenity-kit/kyber-768';

const keyPairBob = generateKeyPair();

const { ciphertext, sharedSecret } = encapsulate(keyPairBob.publicKey);
const sharedSecret2 = decapsulate(keyPairBob.privateKey, ciphertext);
// sharedSecret === sharedSecret2

Other packages:

  • @serenity-kit/kyber-512
  • @serenity-kit/kyber-1024