Adding new public key KEM API

NIIBE Yutaka gniibe at
Tue Oct 17 08:27:41 CEST 2023


We now have two sets of patches for PQC.

    Simon Josefsson's second version of the sntrup761 patch
    Falko Strenzke patch for ML-KEM

For the next new release of libgcrypt, I'd like to add new API for Key
Encapsulation Mechanism in libgcrypt.  What I intend is lower level API
(instead of higher level API with S-expression), just like Simon
suggested.  (If needed, S-expression based API will be possible to be
added later.)

What I'm testing now is following:

gcry_error_t gcry_kem_keypair (int algo, const void *context,
                               void *pubkey,
                               void *seckey);

gcry_error_t gcry_kem_encap (int algo, const void *context,
                             const void *pubkey,
                             void *ciphertext,
                             void *shared_secret);

gcry_error_t gcry_kem_decap (int algo, const void *context,
                             const void *seckey,
                             const void *ciphertext,
                             void *shared_secret);

That is, rename of functions and adding CONTEXT to Simon's proposal.

SHARED_SECRET are defined by ALGO.  (Most of the cases, it's
fixed-length byte string.)

I'd like to cover NTRU Prime, Kyber, and ECDH KEM in hybrid PQC.

I'm not sure if ECDH in OpenPGP (of RFC 6637) will be covered by this
API.  Perhaps, gcry_ecc_mul_point will be depreated, in preference of
new KEM API.

This development is tracked by:

Attached is modified version of Simon's t-kem.c, which works for me
(with NTRU Prime and Kyber).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t-kem.c
Type: text/x-csrc
Size: 6050 bytes
Desc: not available
URL: <>

More information about the Gcrypt-devel mailing list