Package zeroecho.core.alg.kyber

Class KyberAlgorithm

java.lang.Object

zeroecho.core.CryptoAlgorithm

zeroecho.core.alg.AbstractCryptoAlgorithm

zeroecho.core.alg.kyber.KyberAlgorithm

public final class KyberAlgorithm
extends AbstractCryptoAlgorithm

Concrete CryptoAlgorithm implementation for the post-quantum key encapsulation mechanism (KEM) Kyber, standardized as ML-KEM.

Overview

Kyber provides IND-CCA2 security based on module-LWE. This implementation delegates cryptographic operations to the Bouncy Castle PQC provider and exposes Kyber through the unified CryptoAlgorithm API surface.

Declared capabilities

• AlgorithmFamily.KEM:
  • KeyUsage.ENCAPSULATE with a PublicKey, returning a KemContext.
  • KeyUsage.DECAPSULATE with a PrivateKey, returning a KemContext.
• AlgorithmFamily.AGREEMENT (message-based):
  • Initiator: given the recipient PublicKey, wraps a Kyber KEM context in a KemMessageAgreementAdapter to drive message agreement.
  • Responder: given the local PrivateKey, wraps a Kyber KEM context in the same adapter to decapsulate and agree the shared secret.

Key builders

• KyberKeyGenSpec: key pair generation for variants KYBER512, KYBER768, and KYBER1024 via KeyPairGenerator configured with KyberParameterSpec.
• KyberPublicKeySpec: import of Kyber public keys from X.509 SubjectPublicKeyInfo.
• KyberPrivateKeySpec: import of Kyber private keys from PKCS#8 PrivateKeyInfo.

Provider dependency

All operations require the Bouncy Castle PQC provider to be present and registered in java.security.Security under the name provided by BouncyCastlePQCProvider. The helper ensureProvider() validates availability before key generation or import.

Thread-safety

Instances of KyberAlgorithm are immutable and safe to share. Contexts created via the declared capabilities (KemContext, MessageAgreementContext) are not necessarily thread-safe.

Usage examples

 // Register provider once during bootstrap:
 Security.addProvider(new BouncyCastlePQCProvider());

 // Construct the algorithm:
 KyberAlgorithm kyber = new KyberAlgorithm();

 // Generate a Kyber-768 key pair:
 KeyPair kp = kyber.asymmetricKeyBuilder(KyberKeyGenSpec.class)
                   .generateKeyPair(KyberKeyGenSpec.kyber768());

 // Encapsulation by initiator (recipient public key known):
 KemContext enc = kyber.create(KeyUsage.ENCAPSULATE, kp.getPublic(), VoidSpec.INSTANCE);

 // Decapsulation by responder (own private key):
 KemContext dec = kyber.create(KeyUsage.DECAPSULATE, kp.getPrivate(), VoidSpec.INSTANCE);

 // Message-style agreement (initiator):
 MessageAgreementContext initCtx =
     kyber.create(KeyUsage.AGREEMENT, kp.getPublic(), VoidSpec.INSTANCE);

 // Message-style agreement (responder):
 MessageAgreementContext respCtx =
     kyber.create(KeyUsage.AGREEMENT, kp.getPrivate(), VoidSpec.INSTANCE);
 

Nested Class Summary

Nested classes/interfaces inherited from class zeroecho.core.CryptoAlgorithm

CryptoAlgorithm.AsymBuilderInfo, CryptoAlgorithm.SymBuilderInfo

Constructor Summary

Constructors

Constructor	Description
KyberAlgorithm()	Provides ML-KEM (Kyber) integration backed by the Bouncy Castle PQC provider and registers capabilities and key builders required for KEM usage and message agreement.

Method Summary

Methods inherited from class zeroecho.core.alg.AbstractCryptoAlgorithm

capability

Methods inherited from class zeroecho.core.CryptoAlgorithm

addCapability, asymmetricBuildersInfo, asymmetricKeyBuilder, bind, create, displayName, generateKeyPair, generateKeyPair, generateSecret, id, importPrivate, importPublic, importSecret, listCapabilities, priority, providerName, registerAsymmetricKeyBuilder, registerSymmetricKeyBuilder, roles, supports, symmetricBuildersInfo, symmetricKeyBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KyberAlgorithm

public KyberAlgorithm()

Provides ML-KEM (Kyber) integration backed by the Bouncy Castle PQC provider and registers capabilities and key builders required for KEM usage and message agreement.

Overview

This algorithm instance wires the following into the surrounding crypto framework:

• KEM roles: ENCAPSULATE with PublicKey and DECAPSULATE with PrivateKey.
• AGREEMENT role via KemMessageAgreementAdapter for initiator and responder flows, reusing the underlying KEM context.
• Asymmetric key builders for KyberKeyGenSpec generation and X.509/PKCS#8 key import paths.

Example

 Security.addProvider(new BouncyCastlePQCProvider());
 KyberAlgorithm alg = new KyberAlgorithm();

 KeyPair kp = alg.asymmetricKeyBuilder(KyberKeyGenSpec.class)
                 .generateKeyPair(KyberKeyGenSpec.kyber768());