KEM API Reference¶
Key Encapsulation Mechanism (KEM) classes for post-quantum key exchange.
KyberKEM¶
The primary KEM class using the Kyber algorithm.
Constructor¶
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
alg | str | "Kyber768" | Kyber variant: Kyber512, Kyber768, or Kyber1024 |
Example:
generate_keypair¶
Generate a new Kyber keypair.
Returns: KyberKeypair with public_key and private_key attributes.
Example:
kem = KyberKEM("Kyber768")
keys = kem.generate_keypair()
print(len(keys.public_key)) # 1184
print(len(keys.private_key)) # 2400
encapsulate¶
Encapsulate a shared secret using a public key.
Parameters:
| Name | Type | Description |
|---|---|---|
public_key | bytes | Recipient's public key |
Returns: Tuple of (ciphertext, shared_secret)
Example:
ciphertext, shared_secret = kem.encapsulate(recipient_public_key)
# Send ciphertext to recipient
# Use shared_secret to derive encryption keys
decapsulate¶
Recover the shared secret from a ciphertext.
Parameters:
| Name | Type | Description |
|---|---|---|
ciphertext | bytes | KEM ciphertext from encapsulate |
private_key | bytes | Private key (optional if keypair was generated with this instance) |
Returns: The shared secret bytes.
Example:
save_public_key¶
Save the public key to a file.
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
path | str | "public.key" | Output file path |
encoding | str | "raw" | "raw", "base64", or "armor" |
Example:
save_private_key¶
Save the private key to a file, optionally with passphrase protection.
def save_private_key(
self,
path: str = "private.key",
encoding: str = "raw",
passphrase: Optional[str] = None
)
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
path | str | "private.key" | Output file path |
encoding | str | "raw" | "raw", "base64", or "armor" |
passphrase | str | None | Passphrase for encryption |
Example:
load_public_key (static)¶
Load a public key from a file.
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
path | str | "public.key" | Input file path |
encoding | str | "raw" | "raw" or "base64" (armor auto-detected) |
Returns: Public key bytes.
Example:
load_private_key (static)¶
Load a private key from a file.
@staticmethod
def load_private_key(
path: str = "private.key",
encoding: str = "raw",
passphrase: Optional[str] = None
) -> bytes
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
path | str | "private.key" | Input file path |
encoding | str | "raw" | "raw" or "base64" (armor auto-detected) |
passphrase | str | None | Passphrase if key is encrypted |
Returns: Private key bytes.
Example:
KyberKeypair¶
Dataclass holding a Kyber keypair.
fingerprint¶
Get the key fingerprint.
Returns: 32-character hex string (SHA256 of public key, first 16 bytes).
Example:
ClassicMcElieceKEM¶
KEM using the Classic McEliece algorithm. Same API as KyberKEM.
from qcrypto import ClassicMcElieceKEM
kem = ClassicMcElieceKEM("Classic-McEliece-348864")
keys = kem.generate_keypair()
# Note: Classic McEliece has very large keys
print(len(keys.public_key)) # ~261,120 bytes!
print(len(keys.private_key)) # ~6,492 bytes
Supported variants:
Classic-McEliece-348864(default)Classic-McEliece-348864fClassic-McEliece-460896Classic-McEliece-460896fClassic-McEliece-6688128Classic-McEliece-6688128fClassic-McEliece-6960119Classic-McEliece-6960119fClassic-McEliece-8192128Classic-McEliece-8192128f
key_fingerprint¶
Standalone function to compute key fingerprints.
Parameters:
| Name | Type | Description |
|---|---|---|
public_key | bytes | Any public key bytes |
Returns: 32-character hex string.
Example: