Package zeroecho.core.alg.kyber

Class KyberKemContext

java.lang.Object
zeroecho.core.alg.kyber.KyberKemContext
All Implemented Interfaces:
Closeable, AutoCloseable, CryptoContext, KemContext
public final class KyberKemContext extends Object implements KemContext
KyberKemContext is a lightweight KEM context used to perform Kyber (ML-KEM) encapsulation or decapsulation.

Overview

A context is created in exactly one role: The implementation delegates to Bouncy Castle PQC primitives for ML-KEM. The context retains a reference to the associated CryptoAlgorithm instance to report metadata via algorithm().

Thread-safety

Instances are not explicitly synchronized. Do not share a single context instance across threads while operations are running.

Usage examples


 // Encapsulation role (sender knows recipient's public key):
 KemContext encCtx = new KyberKemContext(alg, recipientPublicKey);
 KemResult result = encCtx.encapsulate();
 byte[] ciphertext = result.ciphertext();
 byte[] sharedSecret = result.sharedSecret();

 // Decapsulation role (recipient uses its private key):
 KemContext decCtx = new KyberKemContext(alg, recipientPrivateKey);
 byte[] agreedSecret = decCtx.decapsulate(ciphertext);

  • Constructor Details

    • KyberKemContext

      public KyberKemContext(CryptoAlgorithm algorithm, PublicKey k)
      Creates a context in encapsulation role bound to the given public key.
      Parameters:
      algorithm - the owning algorithm instance that exposes provider name and metadata; must not be null.
      k - the recipient public key for encapsulation; must not be null.
      Throws:
      NullPointerException - if any argument is null.

    • KyberKemContext

      public KyberKemContext(CryptoAlgorithm algorithm, PrivateKey k)
      Creates a context in decapsulation role bound to the given private key.
      Parameters:
      algorithm - the owning algorithm instance that exposes provider name and metadata; must not be null.
      k - the local private key for decapsulation; must not be null.
      Throws:
      NullPointerException - if any argument is null.

  • Method Details

    • algorithm

      public CryptoAlgorithm algorithm()
      Returns the algorithm descriptor associated with this context.
      Specified by:
      algorithm in interface CryptoContext
      Returns:
      the algorithm that created this context.

    • key

      public Key key()
      Returns the key bound to this context.
      Specified by:
      key in interface CryptoContext
      Returns:
      the public key when in encapsulation role, or the private key when in decapsulation role.

    • close

      public void close()
      Closes this context.

      This implementation does not hold external resources, so the method is a no-op. It is provided for API symmetry and future compatibility.

      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Specified by:
      close in interface CryptoContext

    • encapsulate

      public KemContext.KemResult encapsulate() throws IOException
      Performs Kyber encapsulation using the bound public key and returns the ciphertext and shared secret.

      This method is valid only if the context was constructed with a PublicKey. If the context is in decapsulation role, an IllegalStateException is thrown.

      Specified by:
      encapsulate in interface KemContext
      Returns:
      a result containing the encapsulated ciphertext and the derived shared secret.
      Throws:
      IllegalStateException - if the context is not initialized for encapsulation.
      IOException - if encapsulation fails in the underlying provider.

    • decapsulate

      public byte[] decapsulate(byte[] ciphertext) throws IOException
      Performs Kyber decapsulation using the bound private key and returns the shared secret.

      This method is valid only if the context was constructed with a PrivateKey. If the context is in encapsulation role, an IllegalStateException is thrown.

      Specified by:
      decapsulate in interface KemContext
      Parameters:
      ciphertext - the Kyber ciphertext to decapsulate; must be the exact bytes produced by the peer's encapsulate call.
      Returns:
      the derived shared secret corresponding to the provided ciphertext.
      Throws:
      IllegalStateException - if the context is not initialized for decapsulation.
      IOException - if decapsulation fails in the underlying provider.