ml_kem 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5d0131894b513113fb5492afe072bfec6ac2ba8d64531dbbd9c712cf419aff3a
+  data.tar.gz: f61a2aa77bef7d515d8b55c10dc66f07342b408d8884fbeca88e3d1fe673d4c1
+SHA512:
+  metadata.gz: 83a36606aa8c28521590dcd2c10a60f74b9e76e90562c60f2b1b3af188294567736c45ba128d40a322e63d65640461be8720004b7bd72a553f4db427655d9573
+  data.tar.gz: 1bf7d2be9236d916e4e5043f2377c630632a48277459e17ca521ba5890b61c54c31591c4fef6e86ab2bb22d12ee4c3e3cfefc9cd84c84953775cdf30746796bf

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 MarioRgzLpz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,88 @@
+# MLKEM
+
+**ml_kem** is a Ruby gem that implements the [ML-KEM (Kyber)](https://csrc.nist.gov/pubs/fips/203/final) post-quantum key encapsulation mechanism (KEM), as selected by NIST for standardization under the FIPS 203. It supports key generation, encapsulation, and decapsulation in pure Ruby and includes a command-line interface for easy integration into workflows.
+
+# Features
+
+- Support for all ML-KEM variants: `ml_kem_512`, `ml_kem_768`, and `ml_kem_1024`
+- Public/private key generation
+- Secure encapsulation of a shared secret using the public key
+- Decapsulation of a ciphertext using the private key
+- Command-Line Interface (CLI) built with Thor
+- PEM encoding for key files
+- Easy to use and integrate into Ruby applications
+
+# Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+```bash
+bundle add ml_kem
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install ml_kem
+```
+
+# Usage
+
+## CLI
+
+The `mlkem` command-line tool allows you to generate keys, encapsulate, and decapsulate secrets using ML-KEM.
+
+- **Generate keys:**
+
+    ```bash
+    mlkem keygen -p public_key.pem -s private_key.pem -v ml_kem_768
+    ```
+
+- **Encapsulate a secret:**
+
+    ```bash
+    mlkem encaps -p public_key.pem -c ciphertext.txt -k shared_secret.key
+    ```
+
+- **Decapsulate:**
+
+    ```bash
+    mlkem decaps -s private_key.pem -c ciphertext.txt -k shared_secret.key
+    ```
+
+To obtain information about the options available for a command use:
+```bash
+mlkem help COMMAND
+```
+
+## Code
+
+```bash
+require "ml_kem"
+
+# Create an instance with the desired variant
+
+kem = MLKEM::MLKEM.new(variant: :ml_kem_768)
+
+# Generate key pair
+public_key, private_key = kem.keygen
+
+# Encapsulate a shared secret
+shared_secret, ciphertext = kem.encaps(public_key)
+
+# Decapsulate to recover the shared secret
+recovered_secret = kem.decaps(private_key, ciphertext)
+
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will start an IRB and allow you to experiment.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/MarioRgzLpz/ml_kem.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "minitest/test_task"
+
+Minitest::TestTask.create
+
+task default: :test

data/exe/mlkem

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require_relative '../lib/ml_kem'
+require_relative '../lib/ml_kem/cli'
+
+MLKEM::CLI.start(ARGV)

data/lib/ml_kem/version.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Principal module of ML-KEM, a post-quantum key encapsulation mechanism.
+# Every class and module in this gem is nested under this module.
+# 
+# @author MarioRgzLpz <https://github.com/MarioRgzLpz>
+# @since 0.1.0
+module MLKEM
+  VERSION = "0.1.0"
+end

data/lib/ml_kem.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require_relative 'ml_kem/version'
+require_relative 'ml_kem/constants'
+require_relative 'ml_kem/math/byte_operations'
+require_relative 'ml_kem/math/polynomial'
+require_relative 'ml_kem/math/ntt'
+require_relative 'ml_kem/math/sampling'
+require_relative 'ml_kem/crypto/hash_functions'
+require_relative 'ml_kem/crypto/symmetric_primitives'
+require_relative 'ml_kem/core/k_pke'
+require_relative 'ml_kem/core/ml_kem_internal'
+
+module MLKEM
+  # Raised when an invalid ML-KEM variant is selected.
+  class InvalidParameterError < StandardError; end
+
+  # Raised when cryptographic randomness fails.
+  class CryptographicError < StandardError; end
+
+  # Public API class for ML-KEM (Kyber) post-quantum key encapsulation mechanism.
+  # Supports key generation, encapsulation, and decapsulation per NIST standard.
+  #
+  # @author MarioRgzLpz
+  # @since 0.1.0
+  #
+  # @example Basic usage
+  #   kem = MLKEM::MLKEM.new(variant: :ml_kem_768)
+  #   ek, dk = kem.keygen
+  #   k_enc, c = kem.encaps(ek)
+  #   k_dec = kem.decaps(dk, c)
+  #   raise unless k_enc == k_dec
+  class MLKEM
+    # Initializes the ML-KEM system with a given variant.
+    #
+    # @param [Symbol] variant One of `:ml_kem_512`, `:ml_kem_768`, or `:ml_kem_1024`.
+    # @raise [InvalidParameterError] if the variant is unsupported.
+    def initialize(variant: :ml_kem_768)
+      params = Constants::PARAM_SETS[variant.to_s.upcase.gsub('_', '-')]
+      raise InvalidParameterError, "Unsupported variant: #{variant}" unless params
+      @internal = Core::MLKEMInternal.new(*params)
+    end
+
+    # Key generation method (Algorithm 17).
+    # Produces a public and private key pair.
+    #
+    # @return [Array<String>] [ek, dk] Public and private keys (as binary strings).
+    # @raise [CryptographicError] if randomness generation fails.
+    #
+    # @example
+    #   ek, dk = kem.keygen
+    def keygen
+      d = SecureRandom.random_bytes(32)
+      z = SecureRandom.random_bytes(32)
+      raise CryptographicError, "Random bytes generation failed" if d.nil? || z.nil?
+
+      @internal.keygen_internal(d, z)
+    end
+
+    # Encapsulation method (Algorithm 18).
+    # Derives a shared secret and ciphertext using the public key.
+    #
+    # @param [String] ek Public key (as produced by `#keygen`)
+    # @return [Array<String>] [k, c] Shared secret and ciphertext
+    # @raise [CryptographicError] if randomness generation fails.
+    #
+    # @example
+    #   k, c = kem.encaps(ek)
+    def encaps(ek)
+      m = SecureRandom.random_bytes(32)
+      raise CryptographicError, "Random bytes generation failed" if m.nil?
+      @internal.encaps_internal(ek, m)
+    end
+
+    # Decapsulation method (Algorithm 19).
+    # Recovers the shared secret from the private key and ciphertext.
+    #
+    # @param [String] dk Private key
+    # @param [String] c  Ciphertext (as received from encapsulation)
+    # @return [String] Shared secret (32 bytes)
+    #
+    # @example
+    #   k = kem.decaps(dk, c)
+    def decaps(dk, c)
+      @internal.decaps_internal(dk, c)
+    end
+  end
+end

data/sig/ml_kem.rbs

@@ -0,0 +1,4 @@
+module MlKem
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification
+name: ml_kem
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- MarioRgzLpz
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2025-07-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sha3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.2
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.22'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.3'
+description: A Ruby gem providing an implementation of the ML-KEM (formerly Kyber)
+  key-encapsulation mechanism for post-quantum cryptography standards.
+email:
+- MarioRgzLpz@correo.ugr.es
+executables:
+- mlkem
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/mlkem
+- lib/ml_kem.rb
+- lib/ml_kem/version.rb
+- sig/ml_kem.rbs
+homepage: https://github.com/MarioRgzLpz/ml_kem
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/MarioRgzLpz/ml_kem
+  source_code_uri: https://github.com/MarioRgzLpz/ml_kem
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.15
+signing_key:
+specification_version: 4
+summary: Implementation of ML-KEM (Kyber) post-quantum cryptography algorithm.
+test_files: []