Skip to content

Add ml-kem key exchange and a super crate on top of the builder#31

Open
leontiad wants to merge 24 commits intomainfrom
ml-kem
Open

Add ml-kem key exchange and a super crate on top of the builder#31
leontiad wants to merge 24 commits intomainfrom
ml-kem

Conversation

@leontiad
Copy link
Copy Markdown
Contributor

@leontiad leontiad commented Jan 5, 2026
edited
Loading

The entire logic for integrating ML-KEM is under crates/sl-messages/src/proto/scheme
All the other crates have been light touched in order to be lint happy as we introduce cicd

  • test ml-kem with ChaCha
  • make it generic over different ML-KEM params and not hardcoded over 768
  • incorporate N in a black box fashion which will run 2(N-1) key exchanges: all to all 2 way
  • ML-KEM Key exchange with ML-DSA signatures for sender authenticity:
  1. Parties hold long term identity signing ML-DSA key (vk,sk): they can sign with them
  2. Parties hold Public key encryption keys (ek,dk): they can encrypt with them
  3. In one round the init one each party sends each other vk,ek
  4. Each party i runs for each other j :
    1. ek_j.encapsulate(ss_ij) = c_ij
    2. signs c_ij with sk_i = sig(sk_i, c_ij) and sends to j : c_ij, sig(c_ij)
  5. Upon receipt each party
    1. Verifies with vk_i the sig(c_ij)
    2. Decrypts with dk_i (c_ij) = ss_ij
    3. sets shared_secret i<>j = ss_ij
  6. Now i,j can establish secure channel using ss_ij for → and ss_ji for ←

@leontiad leontiad changed the title add_ml_kem_and_new_train_key_exchange Add ml-kem key exchange and a super crate on top of the builder Jan 5, 2026
@leontiad leontiad requested a review from Copilot January 5, 2026 23:54

This comment was marked as off-topic.

Sign in to view

@leontiad leontiad marked this pull request as ready for review January 6, 2026 15:34
@leontiad leontiad requested a review from Copilot January 6, 2026 15:34

This comment was marked as outdated.

Sign in to view

@leontiad leontiad requested a review from Copilot January 7, 2026 13:16
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 14 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/sl-messages/src/proto/scheme/mlkem.rs
Comment thread crates/sl-messages/src/proto/scheme/mlkem.rs
Comment on lines +81 to +130
fn decapsulate(
dk: &Self::MlKemDecapsulationKey,
ct: &Self::MlKemCiphertext,
) -> Result<SharedSecret, ()> {
let shared_key = dk.decapsulate(ct).map_err(|_| ())?;
Ok(Zeroizing::new(shared_key.as_slice().to_vec()))
}
}

impl MlKemGenerate for MlKem768 {
type MlKemDecapsulationKey =
ml_kem::kem::DecapsulationKey<ml_kem::MlKem768Params>;
type MlKemEncapsulationKey =
ml_kem::kem::EncapsulationKey<ml_kem::MlKem768Params>;
type MlKemCiphertext = ml_kem::Ciphertext<MlKem768>;
fn generate<R: CryptoRng>(
rng: &mut R,
) -> (Self::MlKemDecapsulationKey, Self::MlKemEncapsulationKey) {
<MlKem768 as KemCore>::generate(rng)
}

fn decapsulate(
dk: &Self::MlKemDecapsulationKey,
ct: &Self::MlKemCiphertext,
) -> Result<SharedSecret, ()> {
let shared_key = dk.decapsulate(ct).map_err(|_| ())?;
Ok(Zeroizing::new(shared_key.as_slice().to_vec()))
}
}

impl MlKemGenerate for MlKem1024 {
type MlKemDecapsulationKey =
ml_kem::kem::DecapsulationKey<ml_kem::MlKem1024Params>;
type MlKemEncapsulationKey =
ml_kem::kem::EncapsulationKey<ml_kem::MlKem1024Params>;
type MlKemCiphertext = ml_kem::Ciphertext<MlKem1024>;
fn generate<R: CryptoRng>(
rng: &mut R,
) -> (Self::MlKemDecapsulationKey, Self::MlKemEncapsulationKey) {
<MlKem1024 as KemCore>::generate(rng)
}

fn decapsulate(
dk: &Self::MlKemDecapsulationKey,
ct: &Self::MlKemCiphertext,
) -> Result<SharedSecret, ()> {
let shared_key = dk.decapsulate(ct).map_err(|_| ())?;
Ok(Zeroizing::new(shared_key.as_slice().to_vec()))
}
}
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All three ML-KEM parameter set implementations (512, 768, 1024) have identical decapsulate logic. This code duplication creates a maintenance burden. Consider refactoring to use a shared helper function or macro to reduce duplication and ensure consistency across all parameter sets.

Copilot uses AI. Check for mistakes.
Comment thread crates/sl-messages/src/proto/scheme/mlkem.rs Outdated
Comment thread crates/sl-messages/src/proto/scheme/mlkem.rs Outdated
Comment thread crates/sl-messages/src/proto/scheme/mlkem.rs
Comment thread crates/sl-messages/src/proto/scheme/mlkem.rs Outdated
Comment thread .github/workflows/rust.yaml
Comment thread crates/sl-messages/src/proto/scheme/aead.rs
Comment thread crates/sl-messages/src/proto/scheme/passthrough.rs
Comment thread crates/sl-messages/src/proto/scheme/passthrough.rs
leontiad and others added 6 commits January 7, 2026 15:26
@leontiad
Update .github/workflows/rust.yaml
803af69 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@leontiad
Update crates/sl-messages/src/proto/scheme/mlkem.rs
2f329c2 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@leontiad
Update crates/sl-messages/src/proto/scheme/mlkem.rs
e322804 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@leontiad
error handling
7a7cf72
@leontiad
ci
1834499
@leontiad
error handling
ec352d8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leontiad