README
¶
kMOSAIC - Go Implementation
A Go implementation of the kMOSAIC post-quantum cryptographic library.
A TypeScript/JavaScript version is also available at https://github.com/BackendStack21/k-mosaic.
Documentation
- kMOSAIC White Paper - Detailed technical specification and cryptographic design
- Developer Guide - TypeScript Reference - Implementation guidelines and best practices
⚠️ Security Warning
kMOSAIC is an experimental cryptographic construction that has NOT been formally verified by academic peer review. DO NOT use in production systems protecting sensitive data.
Overview
kMOSAIC (Key Mosaic) is a post-quantum secure cryptographic framework that combines three distinct hard mathematical problems to provide defense-in-depth security:
- SLSS - Sparse Lattice Subset Sum Problem
- TDD - Tensor Decomposition Decisional Problem
- EGRW - Expander Graph Random Walk Problem
Features
- Key Encapsulation Mechanism (KEM): Post-quantum secure key exchange
- Encryption/Decryption: Hybrid encryption using KEM and AES-GCM (symmetric payload encryption)
- Digital Signatures: Post-quantum secure signatures
- Parallel Execution: Uses Go goroutines for improved performance
- Two Security Levels: MOS_128 (128-bit) and MOS_256 (256-bit)
Installation
go get github.com/BackendStack21/k-mosaic-go
Command-line Interface
Use the k-mosaic-cli for common tasks such as key generation, encryption/decryption, and signing/verification.
Quick Start
# Install the CLI
go install github.com/BackendStack21/k-mosaic-go/cmd/k-mosaic-cli@latest
# Generate keys, encrypt, decrypt
k-mosaic-cli kem keygen -l 128 -o keys.json
k-mosaic-cli kem encrypt -pk keys.json -m "Secret message" -o enc.json
k-mosaic-cli kem decrypt -sk keys.json -pk keys.json -ct enc.json
# Generate keys, sign, verify
k-mosaic-cli sign keygen -l 128 -o sign.json
k-mosaic-cli sign sign -sk sign.json -pk sign.json -m "Document" -o sig.json
k-mosaic-cli sign verify -pk sign.json -sig sig.json
Full Documentation
For comprehensive CLI documentation, installation methods, security best practices, key management workflows, and detailed command reference, see: CLI.md
Key topics in CLI.md:
- Installation methods (source, go install, multi-platform builds)
- Complete encryption and signature workflows
- Security best practices and key management
- Troubleshooting and FAQ
Quick Start
package main
import (
"bytes"
"fmt"
kmosaic "github.com/BackendStack21/k-mosaic-go"
"github.com/BackendStack21/k-mosaic-go/kem"
"github.com/BackendStack21/k-mosaic-go/sign"
)
func main() {
// Key Encapsulation
kemKeyPair, _ := kem.GenerateKeyPair(kmosaic.MOS_128)
ciphertext, senderSecret, _ := kem.Encapsulate(&kemKeyPair.PublicKey)
recipientSecret, _ := kem.Decapsulate(&kemKeyPair.SecretKey, &kemKeyPair.PublicKey, ciphertext)
fmt.Printf("Shared secrets match: %v\n", bytes.Equal(senderSecret, recipientSecret))
// Digital Signatures
signKeyPair, _ := sign.GenerateKeyPair(kmosaic.MOS_128)
message := []byte("Hello, post-quantum world!")
signature, _ := sign.Sign(&signKeyPair.SecretKey, &signKeyPair.PublicKey, message)
isValid := sign.Verify(&signKeyPair.PublicKey, message, signature)
fmt.Printf("Signature valid: %v\n", isValid)
}
Benchmarks (Apple M2 Pro)
| Operation | MOS_128 | MOS_256 |
|---|---|---|
| KEM KeyGen | 6.29 ms | 22.43 ms |
| KEM Encapsulate | 0.32 ms | 0.95 ms |
| KEM Decapsulate | 0.38 ms | 1.06 ms |
| Sign KeyGen | 6.22 ms | 22.49 ms |
| Sign | 12.07 μs | 21.95 μs |
| Verify | 2.44 ms | 9.13 ms |
See BenchmarkReport.md for comprehensive detailed benchmark results, performance analysis, and methodology.
API Reference
KEM Package
import "github.com/BackendStack21/k-mosaic-go/kem"
// Generate a new key pair
kp, err := kem.GenerateKeyPair(level)
// Encapsulate (create ciphertext and shared secret)
ciphertext, sharedSecret, err := kem.Encapsulate(&publicKey)
// Decapsulate (recover shared secret)
sharedSecret, err := kem.Decapsulate(&secretKey, &publicKey, ciphertext)
// Encrypt a message (hybrid: KEM + AES-GCM for symmetric payload encryption)
ciphertext, err := kem.Encrypt(&publicKey, plaintext)
// Decrypt a message (hybrid: KEM + AES-GCM for symmetric payload decryption)
plaintext, err := kem.Decrypt(&secretKey, &publicKey, ciphertext)
Sign Package
import "github.com/BackendStack21/k-mosaic-go/sign"
// Generate a signing key pair
kp, err := sign.GenerateKeyPair(level)
// Sign a message
signature, err := sign.Sign(&secretKey, &publicKey, message)
// Verify a signature
valid := sign.Verify(&publicKey, message, signature)
Security Levels
- MOS_128: 128-bit post-quantum security
- MOS_256: 256-bit post-quantum security
Requirements
- Go 1.21 or later
- golang.org/x/crypto/sha3
License
MIT License - See LICENSE file for details.
Documentation
¶
Overview ¶
Package kmosaic implements the kMOSAIC post-quantum cryptographic algorithm. This package provides high-level exports for key encapsulation and digital signatures using the kMOSAIC hybrid approach combining three independent hard problems: SLSS (Sparse Lattice Subset Sum), TDD (Tensor Decomposition Distinguishing), and EGRW (Expander Graph Random Walk).
Package kmosaic implements the kMOSAIC post-quantum cryptographic algorithm.
kMOSAIC (Multi-Oracle Structured Algebraic Intractability Composition) is a novel post-quantum cryptographic construction that achieves defense-in-depth security by cryptographically entangling three independent mathematical hard problems.
WARNING: This is an experimental cryptographic construction that has NOT been formally verified by academic peer review. DO NOT use in production systems protecting sensitive data.
Index ¶
- Constants
- type EGRWCiphertext
- type EGRWCommitment
- type EGRWKeyPair
- type EGRWParams
- type EGRWPublicKey
- type EGRWResponse
- type EGRWSecretKey
- type EncapsulationResult
- type EncryptedMessage
- type MOSAICCiphertext
- type MOSAICKeyPair
- type MOSAICParams
- type MOSAICPublicKey
- type MOSAICSecretKey
- type MOSAICSignKeyPair
- type MOSAICSignPublicKey
- type MOSAICSignSecretKey
- type MOSAICSignature
- type SL2Element
- type SLSSCiphertext
- type SLSSCommitment
- type SLSSKeyPair
- type SLSSParams
- type SLSSPublicKey
- type SLSSResponse
- type SLSSSecretKey
- type SecurityAnalysis
- type SecurityLevel
- type TDDCiphertext
- type TDDCommitment
- type TDDFactors
- type TDDKeyPair
- type TDDParams
- type TDDPublicKey
- type TDDResponse
- type TDDSecretKey
Constants ¶
const Version = "1.0.3"
Version of the kMOSAIC Go implementation.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EGRWCiphertext ¶
type EGRWCiphertext struct {
Vertex SL2Element
Commitment []byte
}
EGRWCiphertext is the ciphertext for EGRW encryption.
type EGRWCommitment ¶
type EGRWCommitment struct {
Vertex SL2Element
}
EGRWCommitment is the commitment for EGRW in signatures.
type EGRWKeyPair ¶
type EGRWKeyPair struct {
PublicKey EGRWPublicKey
SecretKey EGRWSecretKey
}
EGRWKeyPair contains both public and secret keys for EGRW.
type EGRWParams ¶
EGRWParams contains parameters for the Expander Graph Random Walk problem.
type EGRWPublicKey ¶
type EGRWPublicKey struct {
VStart SL2Element
VEnd SL2Element
}
EGRWPublicKey is the public key for EGRW.
type EGRWResponse ¶
EGRWResponse is the response for EGRW in signatures.
type EGRWSecretKey ¶
type EGRWSecretKey struct {
Walk []int // Sequence of generator indices (0-3)
}
EGRWSecretKey is the secret key for EGRW.
type EncapsulationResult ¶
type EncapsulationResult struct {
Ciphertext MOSAICCiphertext
}
EncapsulationResult contains the result of KEM encapsulation.
type EncryptedMessage ¶
type EncryptedMessage struct {
Ciphertext MOSAICCiphertext
Encrypted []byte // Encrypted payload
Nonce []byte // Nonce for symmetric encryption
}
EncryptedMessage contains an encrypted message with its ciphertext.
type MOSAICCiphertext ¶
type MOSAICCiphertext struct {
C1 SLSSCiphertext
C2 TDDCiphertext
C3 EGRWCiphertext
Proof []byte
}
MOSAICCiphertext is the composite ciphertext from KEM encapsulation.
type MOSAICKeyPair ¶
type MOSAICKeyPair struct {
PublicKey MOSAICPublicKey
SecretKey MOSAICSecretKey
}
MOSAICKeyPair contains both public and secret keys.
type MOSAICParams ¶
type MOSAICParams struct {
Level SecurityLevel `json:"level"`
SLSS SLSSParams `json:"slss"`
TDD TDDParams `json:"tdd"`
EGRW EGRWParams `json:"egrw"`
}
MOSAICParams contains the complete parameter set for a security level.
type MOSAICPublicKey ¶
type MOSAICPublicKey struct {
SLSS SLSSPublicKey
TDD TDDPublicKey
EGRW EGRWPublicKey
Binding []byte // 32-byte binding hash
Params MOSAICParams
}
MOSAICPublicKey is the composite public key for the full kMOSAIC scheme.
type MOSAICSecretKey ¶
type MOSAICSecretKey struct {
SLSS SLSSSecretKey
TDD TDDSecretKey
EGRW EGRWSecretKey
Seed []byte // Original seed for implicit rejection
PublicKeyHash []byte // Hash of public key for CCA security
}
MOSAICSecretKey is the composite secret key for the full kMOSAIC scheme.
type MOSAICSignKeyPair ¶
type MOSAICSignKeyPair struct {
PublicKey MOSAICSignPublicKey
SecretKey MOSAICSignSecretKey
}
MOSAICSignKeyPair contains both public and secret keys for signatures.
type MOSAICSignPublicKey ¶
type MOSAICSignPublicKey struct {
SLSS SLSSPublicKey
TDD TDDPublicKey
EGRW EGRWPublicKey
Binding []byte
Params MOSAICParams
}
MOSAICSignPublicKey is the public key for signature operations.
type MOSAICSignSecretKey ¶
type MOSAICSignSecretKey struct {
SLSS SLSSSecretKey
TDD TDDSecretKey
EGRW EGRWSecretKey
Seed []byte
PublicKeyHash []byte
}
MOSAICSignSecretKey is the secret key for signature operations.
type MOSAICSignature ¶
MOSAICSignature is the complete signature.
type SL2Element ¶
type SL2Element struct {
A, B, C, D int
}
SL2Element represents an element of the special linear group SL(2, Z_p). It is a 2x2 matrix [[A, B], [C, D]] with determinant 1.
type SLSSCiphertext ¶
SLSSCiphertext is the ciphertext for SLSS encryption.
type SLSSCommitment ¶
type SLSSCommitment struct {
W []int32
}
SLSSCommitment is the commitment for SLSS in signatures.
type SLSSKeyPair ¶
type SLSSKeyPair struct {
PublicKey SLSSPublicKey
SecretKey SLSSSecretKey
}
SLSSKeyPair contains both public and secret keys for SLSS.
type SLSSParams ¶
type SLSSParams struct {
N int `json:"n"` // Lattice dimension
M int `json:"m"` // Number of equations
Q int `json:"q"` // Prime modulus
W int `json:"w"` // Sparsity weight
Sigma float64 `json:"sigma"` // Error standard deviation
}
SLSSParams contains parameters for the Sparse Lattice Subset Sum problem.
type SLSSPublicKey ¶
type SLSSPublicKey struct {
A []int32 // m x n matrix (flattened, row-major)
T []int32 // m-vector
}
SLSSPublicKey is the public key for SLSS.
type SLSSResponse ¶
SLSSResponse is the response for SLSS in signatures.
type SLSSSecretKey ¶
type SLSSSecretKey struct {
S []int8 // Sparse n-vector in {-1, 0, 1}
}
SLSSSecretKey is the secret key for SLSS.
type SecurityAnalysis ¶
type SecurityAnalysis struct {
SLSS struct {
Dimension int
Sparsity int
EstimatedSecurity int
}
TDD struct {
TensorDim int
Rank int
EstimatedSecurity int
}
EGRW struct {
GraphSize int
WalkLength int
EstimatedSecurity int
}
Combined struct {
EstimatedSecurity int
QuantumSecurity int
}
}
SecurityAnalysis provides security estimates for a public key.
type SecurityLevel ¶
type SecurityLevel string
SecurityLevel represents the security level of kMOSAIC parameters.
const ( // MOS128 provides 128-bit post-quantum security. MOS128 SecurityLevel = "MOS-128" // MOS256 provides 256-bit post-quantum security. MOS256 SecurityLevel = "MOS-256" // Aliases with underscore for convenience MOS_128 SecurityLevel = MOS128 MOS_256 SecurityLevel = MOS256 )
type TDDCiphertext ¶
type TDDCiphertext struct {
Data []int32
}
TDDCiphertext is the ciphertext for TDD encryption.
type TDDCommitment ¶
type TDDCommitment struct {
W []int32
}
TDDCommitment is the commitment for TDD in signatures.
type TDDFactors ¶
TDDFactors contains the rank-r factor triples for tensor decomposition.
type TDDKeyPair ¶
type TDDKeyPair struct {
PublicKey TDDPublicKey
SecretKey TDDSecretKey
}
TDDKeyPair contains both public and secret keys for TDD.
type TDDParams ¶
type TDDParams struct {
N int `json:"n"` // Tensor dimension
R int `json:"r"` // Tensor rank
Q int `json:"q"` // Modulus
Sigma float64 `json:"sigma"` // Noise standard deviation
}
TDDParams contains parameters for the Tensor Decomposition Distinguishing problem.
type TDDPublicKey ¶
type TDDPublicKey struct {
T []int32 // n x n x n tensor (flattened)
}
TDDPublicKey is the public key for TDD.
type TDDResponse ¶
TDDResponse is the response for TDD in signatures.
type TDDSecretKey ¶
type TDDSecretKey struct {
Factors TDDFactors
}
TDDSecretKey is the secret key for TDD.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
k-mosaic-cli
command
Package main provides the k-mosaic-cli command line interface for kMOSAIC operations.
|
Package main provides the k-mosaic-cli command line interface for kMOSAIC operations. |
|
Package core provides parameter sets and validation for kMOSAIC.
|
Package core provides parameter sets and validation for kMOSAIC. |
|
Package entanglement implements the cryptographic binding for kMOSAIC.
|
Package entanglement implements the cryptographic binding for kMOSAIC. |
|
examples
|
|
|
basic
command
Package main demonstrates basic usage of the kMOSAIC library.
|
Package main demonstrates basic usage of the kMOSAIC library. |
|
Package kem implements the Key Encapsulation Mechanism for kMOSAIC.
|
Package kem implements the Key Encapsulation Mechanism for kMOSAIC. |
|
problems
|
|
|
egrw
Package egrw implements the Expander Graph Random Walk problem for kMOSAIC.
|
Package egrw implements the Expander Graph Random Walk problem for kMOSAIC. |
|
slss
Package slss implements the Sparse Lattice Subset Sum problem for kMOSAIC.
|
Package slss implements the Sparse Lattice Subset Sum problem for kMOSAIC. |
|
tdd
Package tdd implements the Tensor Decomposition Distinguishing problem for kMOSAIC.
|
Package tdd implements the Tensor Decomposition Distinguishing problem for kMOSAIC. |
|
Package sign implements the digital signature scheme for kMOSAIC.
|
Package sign implements the digital signature scheme for kMOSAIC. |