CRYSTALS-Kyber Algorithm

CRYSTALS-Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. The CRYSTALS-Kyber is a quantum-safe algorithm (QSA) and is a member of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. ICSF currently supports Kyber-1024 Round 2. Kyber-1024 aims at security roughly equivalent to AES-256.

ICSF supports the CRYSTALS-Kyber Algorithm on both the PKCS #11 and CCA architectures.

PKCS #11 CRYSTALS-Kyber key operations can be performed in hardware or software.

PKCS #11 callable services that support CRYSTALS-Kyber key operations are:

PKCS #11 Derive Key (CSFPDVK and CSFPDVK6)
PKCS #11 Generate Key Pair (CSFPGKP and CSFPGKP6)
PKCS #11 Get Attribute Value (CSFPGAV and CSFPGAV6)
PKCS #11 Set Attribute Value (CSFPSAV and CSFPSAV6)
PKCS #11 Token Record Create (CSFPTRC and CSFPTRC6)

CCA callable services that support CRYSTALS-Kyber key operations are:

ECC Diffie-Hellman (CSNDEDH and CSNFEDH)
PKA Encrypt (CSNDPKE and CSNFPKE)
PKA Decrypt (CSNDPKD and CSNFPKD)
PKA Key Generate (CSNDPKG and CSNFPKG)
PKA Key Import (CSNDPKI and CSNFPKI)
PKA Key Token Build (CSNDPKB and CSNFPKB)
PKA Key Token Change (CSNDKTC and CSNFKTC)
PKA Key Translate (CSNDPKT and CSNFPKT)
PKA Public Key Extract (CSNDPKX and CSNFPKX)