CRYSTALS-Kyber Algorithm

CRYSTALS-Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. The CRYSTALS-Kyber is a quantum-safe algorithm (QSA) and is a member of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. ICSF currently supports Kyber-1024 Round 2. Kyber-1024 aims at security roughly equivalent to AES-256.

ICSF supports the CRYSTALS-Kyber Algorithm on both the PKCS #11 and CCA architectures.

PKCS #11 CRYSTALS-Kyber key operations can be performed in hardware or software.

PKCS #11 callable services that support CRYSTALS-Kyber key operations are:
  • PKCS #11 Derive Key (CSFPDVK and CSFPDVK6)
  • PKCS #11 Generate Key Pair (CSFPGKP and CSFPGKP6)
  • PKCS #11 Get Attribute Value (CSFPGAV and CSFPGAV6)
  • PKCS #11 Set Attribute Value (CSFPSAV and CSFPSAV6)
  • PKCS #11 Token Record Create (CSFPTRC and CSFPTRC6)
CCA callable services that support CRYSTALS-Kyber key operations are:
  • ECC Diffie-Hellman (CSNDEDH and CSNFEDH)
  • PKA Encrypt (CSNDPKE and CSNFPKE)
  • PKA Decrypt (CSNDPKD and CSNFPKD)
  • PKA Key Generate (CSNDPKG and CSNFPKG)
  • PKA Key Import (CSNDPKI and CSNFPKI)
  • PKA Key Token Build (CSNDPKB and CSNFPKB)
  • PKA Key Token Change (CSNDKTC and CSNFKTC)
  • PKA Key Translate (CSNDPKT and CSNFPKT)
  • PKA Public Key Extract (CSNDPKX and CSNFPKX)