Adding new public key KEM API

NIIBE Yutaka gniibe at
Thu Oct 19 09:37:14 CEST 2023

Hello, again,

Thank you all for your inputs and discussion.

I don't have any objections for adding features, but something can be
done in higher layer.  Please note that the API in question is for lower
level, and adding complexity in lower layer should be avoided.
(I realized that I might be pursuing many in lower level API, too.)

This is the first step toward incorporating Hybrid PQC efforts into

So, let us focus on concrete targets of NTRU Prime, Kyber, and ECDH KEM
in Hybrid PQC, and providing an API for those functions by libgcrypt, so
that people can use for their applications.

In this case, I think it's good to have following API:

gcry_error_t gcry_kem_keypair (int algo,
                               void *pubkey,
                               void *seckey);

gcry_error_t gcry_kem_encap (int algo,
                             const void *pubkey,
                             void *ciphertext,
                             void *shared_secret);

gcry_error_t gcry_kem_decap (int algo,
                             const void *seckey,
                             const void *ciphertext,
                             void *shared_secret);

If needed, we will be able to add another API for KEM.

This development is tracked by:

Famous Haiku of Autumn, by Kobayashi Issa

    "Gimme that harvest moon!"
    cries the crying

Translated by David G. Lanoue

More information about the Gcrypt-devel mailing list