Add Kyber post-quantum key encapsulation mechanism
Implementation of the IND-CCA2 post-quantum secure key encapsulation mechanism (KEM) CRYSTALS-Kyber, as submitted to the third round of the NIST Post-Quantum Cryptography (v3.02/"draft00"), and selected for standardisation.
Kyber will likely change before final standardisation.
This implementation is based on the one I wrote in Go.
@jedisct1
Good job, Bas! This is awesome!
There are a couple things that need to be changed to make that code more idiomatic and consistent with the rest of the standard library.
But it will be easier to do that in the current work repository than here.
Let's discuss this in your Zig fork :)
On M2 Pro. Essentially the reference implementation:
Did 81000 Kyber512 encap operations in 1004289us (80654.1 ops/sec)
Did 87000 Kyber512 decap operations in 1011575us (86004.5 ops/sec)
This implementation:
kyber512: 98172 encaps/s
kyber512: 92426 decaps/s
For comparison with classical crypto, in Zig:
x25519: 33924 exchanges/s
and BoringSSL:
Did 4598 Curve25519 arbitrary point multiplication operations in 1052611us (4368.2 ops/sec)
This is rad!
And there's still plenty of room for optimization on the Keccak side.
@jedisct1 All right, build passed.
CI failure is unrelated; it's due to d6e48ab
CI failure is unrelated; it's due to d6e48ab
It's a nondeterminism issue; probably in the macOS linker code. It's not the fault of d6e48abde87400a8a4851c7ab8c918005d81d058.