dedis/kyber, a golang implementation of Kyber crypto lib (NOTE this is not to be confused with the pq-crystals Kyber PQ KEM)

pierluca a008b2d45c Merge pull request #482 from dedis/update_linter 6 months ago
.github 415a199d33 Merge branch 'master' into update_linter 6 months ago
docs 14122cb535 Docs updated 1 year ago
encrypt cf1d7f3a95 Go back to v3. 3 years ago
examples 9e13109ddf Merge branch 'master' into feature/neff-shuffle-sequences 10 months ago
group cb0459e96e Applies `gofmt` and `go mod tidy` 1 year ago
pairing f86fec0594 Embedding G1 for the bn256 package 1 year ago
proof cf1d7f3a95 Go back to v3. 3 years ago
share 43decfef1e Fixes wrong comment 1 year ago
shuffle 7c3589fb2e Addresses Simone's comments 10 months ago
sign 9ac80102d7 Add deprecation warning 3 years ago
suites cf1d7f3a95 Go back to v3. 3 years ago
util cf1d7f3a95 Go back to v3. 3 years ago
xof cf1d7f3a95 Go back to v3. 3 years ago
.gitattributes ca7ab8b4b4 Git attributes to make go.{mod,sum} differences default to shown. 4 years ago
.gitignore 7184c865e4 Gitignore Coding folder to pass linting 3 years ago
.golangci.yml 8364eed419 fix CI to allow forked PR 10 months ago
LICENSE 2e259b283b added mpl-v2 license 6 years ago
Makefile 8364eed419 fix CI to allow forked PR 10 months ago ebbe32a118 Updates badges 1 year ago
doc.go c97e3ddd46 Add a security reporting address. 4 years ago
encoding.go e3423ee8bb Update for new module import paths 4 years ago
go.mod a5a2914d82 Do not depend on confused protobuf v1.0.10. 3 years ago
go.sum cb0459e96e Applies `gofmt` and `go mod tidy` 1 year ago
group.go 48a244815f Remove the vartime build tag 4 years ago
hash.go 91b23e8e89 Documentation fixes. 5 years ago
random.go 53b9299885 Update docs for v1 release. 5 years ago
xof.go 34069cf003 Fixes from code review from Linus. 5 years ago

Go test Coverage Status Quality Gate Status Go Reference

DEDIS Advanced Crypto Library for Go

This package provides a toolbox of advanced cryptographic primitives for Go, targeting applications like Cothority that need more than straightforward signing and encryption. Please see the Godoc documentation for this package for details on the library's purpose and API functionality.

This package includes a mix of variable time and constant time implementations. If your application is sensitive to timing-based attacks and you need to constrain Kyber to offering only constant time implementations, you should use the suites.RequireConstantTime() function in the init() function of your main package.

Versioning - Development

We use the following versioning model:

  • crypto.v0 was the first semi-stable version. See migration notes.
  • kyber.v1 never existed, in order to keep kyber, onet and cothorithy versions linked
  • was the last stable version
  • Starting with v3.0.0, kyber is a Go module, and we respect semantic versioning.

So if you depend on the master branch, you can expect breakages from time to time. If you need something that doesn't change in a backward-compatible way you should use have a go.mod file in the directory where your main package is.

Using the module

Kyber supports Go modules, and currently has a major version of 3, which means that the import path is:

Here is a basic example of getting started using it:

  1. Make a new directory called “ex". Change directory to “ex" and put this in main.go:

    package main
    import (
    func main() {
    s := suites.MustFind("Ed25519")
    x := s.Scalar().Zero()
  2. Type “go mod init”. The resulting go.mod file will have no dependencies listed yet.

  3. Type “go build”. The go tool will fill in the new dependencies that it find for you, i.e. "require v3.0.13”.

  4. Running ./ex will print 0000000000000000000000000000000000000000000000000000000000000000.

A note on deriving shared secrets

Traditionally, ECDH (Elliptic curve Diffie-Hellman) derives the shared secret from the x point only. In this framework, you can either manually retrieve the value or use the MarshalBinary method to take the combined (x, y) value as the shared secret. We recommend the latter process for new softare/protocols using this framework as it is cleaner and generalizes across different types of groups (e.g., both integer and elliptic curves), although it will likely be incompatible with other implementations of ECDH. See the Wikipedia page on ECDH.

Reporting security problems

This library is offered as-is, and without a guarantee. It will need an independent security review before it should be considered ready for use in security-critical applications. If you integrate Kyber into your application it is YOUR RESPONSIBILITY to arrange for that audit.

If you notice a possible security problem, please report it to