CRYSTALS-Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. The CRYSTALS-Kyber is a quantum-safe algorithm (QSA) and is a member of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. ICSF currently supports Kyber-1024 Round 2. Kyber-1024 aims at security roughly equivalent to AES-256.
ICSF supports the CRYSTALS-Kyber Algorithm on both the PKCS #11 and CCA architectures.
PKCS #11 CRYSTALS-Kyber key operations can be performed in hardware or software.
- PKCS #11 Derive Key (CSFPDVK and CSFPDVK6)
- PKCS #11 Generate Key Pair (CSFPGKP and CSFPGKP6)
- PKCS #11 Get Attribute Value (CSFPGAV and CSFPGAV6)
- PKCS #11 Set Attribute Value (CSFPSAV and CSFPSAV6)
- PKCS #11 Token Record Create (CSFPTRC and CSFPTRC6)
- ECC Diffie-Hellman (CSNDEDH and CSNFEDH)
- PKA Encrypt (CSNDPKE and CSNFPKE)
- PKA Decrypt (CSNDPKD and CSNFPKD)
- PKA Key Generate (CSNDPKG and CSNFPKG)
- PKA Key Import (CSNDPKI and CSNFPKI)
- PKA Key Token Build (CSNDPKB and CSNFPKB)
- PKA Key Token Change (CSNDKTC and CSNFKTC)
- PKA Key Translate (CSNDPKT and CSNFPKT)
- PKA Public Key Extract (CSNDPKX and CSNFPKX)