open-quantum-safe · bifurcation · Nov 13, 2024
@@ -7,7 +7,7 @@
 
 #if defined(OQS_ENABLE_KEM_ml_kem_512)
 #define OQS_KEM_ml_kem_512_length_public_key 800
-#define OQS_KEM_ml_kem_512_length_secret_key 1632
+#define OQS_KEM_ml_kem_512_length_secret_key 64
 #define OQS_KEM_ml_kem_512_length_ciphertext 768
 #define OQS_KEM_ml_kem_512_length_shared_secret 32
 OQS_KEM *OQS_KEM_ml_kem_512_new(void);
@@ -18,7 +18,7 @@ OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8
 
 #if defined(OQS_ENABLE_KEM_ml_kem_768)
 #define OQS_KEM_ml_kem_768_length_public_key 1184
-#define OQS_KEM_ml_kem_768_length_secret_key 2400
+#define OQS_KEM_ml_kem_768_length_secret_key 64
 #define OQS_KEM_ml_kem_768_length_ciphertext 1088
 #define OQS_KEM_ml_kem_768_length_shared_secret 32
 OQS_KEM *OQS_KEM_ml_kem_768_new(void);
@@ -29,7 +29,7 @@ OQS_API OQS_STATUS OQS_KEM_ml_kem_768_decaps(uint8_t *shared_secret, const uint8
 
 #if defined(OQS_ENABLE_KEM_ml_kem_1024)
 #define OQS_KEM_ml_kem_1024_length_public_key 1568
-#define OQS_KEM_ml_kem_1024_length_secret_key 3168
+#define OQS_KEM_ml_kem_1024_length_secret_key 64
 #define OQS_KEM_ml_kem_1024_length_ciphertext 1568
 #define OQS_KEM_ml_kem_1024_length_shared_secret 32
 OQS_KEM *OQS_KEM_ml_kem_1024_new(void);

@@ -3,6 +3,7 @@
 #include <stdlib.h>
 
 #include <oqs/kem_ml_kem.h>
+#include <randombytes.h>
 
 #if defined(OQS_ENABLE_KEM_ml_kem_512)
 
@@ -30,29 +31,36 @@ OQS_KEM *OQS_KEM_ml_kem_512_new(void) {
 	return kem;
 }
 
-extern int pqcrystals_ml_kem_512_ref_keypair(uint8_t *pk, uint8_t *sk);
+#define KYBER512_KEYPAIRCOINBYTES 64
+#define KYBER512_SECRETKEYBYTES 1632
+#define KYBER512_PUBLICKEYBYTES 800
+
+extern int pqcrystals_ml_kem_512_ref_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t* coins);
 extern int pqcrystals_ml_kem_512_ref_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
 extern int pqcrystals_ml_kem_512_ref_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
 #if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
-extern int pqcrystals_ml_kem_512_avx2_keypair(uint8_t *pk, uint8_t *sk);
+extern int pqcrystals_ml_kem_512_avx2_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t* coins);
 extern int pqcrystals_ml_kem_512_avx2_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
 extern int pqcrystals_ml_kem_512_avx2_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 #endif
 
 OQS_API OQS_STATUS OQS_KEM_ml_kem_512_keypair(uint8_t *public_key, uint8_t *secret_key) {
+  uint8_t expanded_secret_key[KYBER512_SECRETKEYBYTES];
+  randombytes(secret_key, KYBER512_KEYPAIRCOINBYTES);
+
 #if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
 #if defined(OQS_DIST_BUILD)
 	if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
 #endif /* OQS_DIST_BUILD */
-		return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_keypair(public_key, secret_key);
+		return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_keypair_derand(public_key, expanded_secret_key, secret_key);
 #if defined(OQS_DIST_BUILD)
 	} else {
-		return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair(public_key, secret_key);
+		return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair_derand(public_key, expanded_secret_key, secret_key);
 	}
 #endif /* OQS_DIST_BUILD */
 #else
-	return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair(public_key, secret_key);
+	return (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair_derand(public_key, expanded_secret_key, secret_key);
 #endif
 }
 
@@ -73,17 +81,42 @@ OQS_API OQS_STATUS OQS_KEM_ml_kem_512_encaps(uint8_t *ciphertext, uint8_t *share
 }
 
 OQS_API OQS_STATUS OQS_KEM_ml_kem_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
+  uint8_t public_key[KYBER512_PUBLICKEYBYTES];
+  uint8_t expanded_secret_key[KYBER512_SECRETKEYBYTES];
+  OQS_STATUS status;
+
 #if defined(OQS_ENABLE_KEM_ml_kem_512_avx2)
 #if defined(OQS_DIST_BUILD)
 	if (OQS_CPU_has_extension(OQS_CPU_EXT_AVX2) && OQS_CPU_has_extension(OQS_CPU_EXT_BMI2) && OQS_CPU_has_extension(OQS_CPU_EXT_POPCNT)) {
 #endif /* OQS_DIST_BUILD */
-		return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_dec(shared_secret, ciphertext, secret_key);
+		status = (OQS_STATUS) pqcrystals_ml_kem_512_avx2_keypair_derand(public_key, expanded_secret_key, secret_key);
+    if (status != OQS_SUCCESS) {
+      OQS_MEM_cleanse(public_key, KYBER512_PUBLICKEYBYTES);
+      OQS_MEM_cleanse(expanded_secret_key, KYBER512_SECRETKEYBYTES);
+      return status;
+    }
+
+		return (OQS_STATUS) pqcrystals_ml_kem_512_avx2_dec(shared_secret, ciphertext, expanded_secret_key);
 #if defined(OQS_DIST_BUILD)
 	} else {
+		status = (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair_derand(public_key, expanded_secret_key, secret_key);
+    if (status != OQS_SUCCESS) {
+      OQS_MEM_cleanse(public_key, KYBER512_PUBLICKEYBYTES);
+      OQS_MEM_cleanse(expanded_secret_key, KYBER512_SECRETKEYBYTES);
+      return status;
+    }
+
 		return (OQS_STATUS) pqcrystals_ml_kem_512_ref_dec(shared_secret, ciphertext, secret_key);
 	}
 #endif /* OQS_DIST_BUILD */
 #else
+	status = (OQS_STATUS) pqcrystals_ml_kem_512_ref_keypair_derand(public_key, expanded_secret_key, secret_key);
+  if (status != OQS_SUCCESS) {
+    OQS_MEM_cleanse(public_key, KYBER512_PUBLICKEYBYTES);
+    OQS_MEM_cleanse(expanded_secret_key, KYBER512_SECRETKEYBYTES);
+    return status;
+  }
+
 	return (OQS_STATUS) pqcrystals_ml_kem_512_ref_dec(shared_secret, ciphertext, secret_key);
 #endif
 }