crypto

package

v0.1.1 Latest Latest Go to latest Published: May 16, 2026 License: BSD-3-Clause Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/luxfi/session

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto provides post-quantum cryptographic operations for SessionVM using github.com/luxfi/crypto for ML-KEM-768 and ML-DSA-65.

Index ¶

Constants
Variables
func Decapsulate(secretKey, ciphertext []byte) (sharedSecret []byte, err error)
func Decrypt(key, ciphertext []byte) ([]byte, error)
func DecryptFromSender(secretKey, ciphertext []byte) ([]byte, error)
func DeriveSessionID(kemPublicKey, dsaPublicKey []byte) (string, error)
func Encapsulate(recipientPublicKey []byte) (ciphertext, sharedSecret []byte, err error)
func Encrypt(key, plaintext []byte) ([]byte, error)
func EncryptToRecipient(recipientPublicKey, plaintext []byte) ([]byte, error)
func Sign(secretKey, message []byte) (signature []byte, err error)
func Verify(publicKey, message, signature []byte) bool
type Identity
- func GenerateIdentity() (*Identity, error)

Constants ¶

View Source

const (
	// PQ Session ID prefix (07 = post-quantum)
	PQPrefix = "07"

	// Legacy Session ID prefix (05 = X25519/Ed25519)
	LegacyPrefix = "05"

	// ML-KEM-768 sizes (NIST Level 3, FIPS 203)
	MLKEMPublicKeySize  = mlkem.MLKEM768PublicKeySize
	MLKEMSecretKeySize  = mlkem.MLKEM768PrivateKeySize
	MLKEMCiphertextSize = mlkem.MLKEM768CiphertextSize
	MLKEMSharedKeySize  = mlkem.MLKEM768SharedKeySize

	// ML-DSA-65 sizes (NIST Level 3, FIPS 204)
	MLDSAPublicKeySize = mldsa.MLDSA65PublicKeySize
	MLDSASecretKeySize = mldsa.MLDSA65PrivateKeySize
	MLDSASignatureSize = mldsa.MLDSA65SignatureSize
)

Variables ¶

View Source

var (
	ErrInvalidPublicKey  = errors.New("invalid public key")
	ErrInvalidSecretKey  = errors.New("invalid secret key")
	ErrInvalidSignature  = errors.New("invalid signature")
	ErrInvalidCiphertext = errors.New("invalid ciphertext")
	ErrDecryptionFailed  = errors.New("decryption failed")
)

Functions ¶

func Decapsulate ¶

func Decapsulate(secretKey, ciphertext []byte) (sharedSecret []byte, err error)

Decapsulate performs ML-KEM-768 key decapsulation

func Decrypt ¶

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt decrypts a message using XChaCha20-Poly1305

func DecryptFromSender ¶

func DecryptFromSender(secretKey, ciphertext []byte) ([]byte, error)

DecryptFromSender decrypts a message using our secret key

func DeriveSessionID ¶

func DeriveSessionID(kemPublicKey, dsaPublicKey []byte) (string, error)

DeriveSessionID derives a session ID from public keys

func Encapsulate ¶

func Encapsulate(recipientPublicKey []byte) (ciphertext, sharedSecret []byte, err error)

Encapsulate performs ML-KEM-768 key encapsulation Returns: ciphertext, shared secret

func Encrypt ¶

func Encrypt(key, plaintext []byte) ([]byte, error)

Encrypt encrypts a message using XChaCha20-Poly1305

func EncryptToRecipient ¶

func EncryptToRecipient(recipientPublicKey, plaintext []byte) ([]byte, error)

EncryptToRecipient encrypts a message for a recipient using their public key

func Sign ¶

func Sign(secretKey, message []byte) (signature []byte, err error)

Sign creates an ML-DSA-65 signature

func Verify ¶

func Verify(publicKey, message, signature []byte) bool

Verify verifies an ML-DSA-65 signature

Types ¶

type Identity ¶

type Identity struct {
	// Session ID: "07" + hex(Blake2b-256(KEM_pk || DSA_pk))
	SessionID string `json:"sessionId"`

	// ML-KEM-768 keypair (for receiving encrypted messages)
	KEMPublicKey []byte `json:"kemPublicKey"`
	KEMSecretKey []byte `json:"kemSecretKey,omitempty"`

	// ML-DSA-65 keypair (for signing messages)
	DSAPublicKey []byte `json:"dsaPublicKey"`
	DSASecretKey []byte `json:"dsaSecretKey,omitempty"`
	// contains filtered or unexported fields
}

Identity represents a post-quantum identity for the Session network

func GenerateIdentity ¶

func GenerateIdentity() (*Identity, error)

GenerateIdentity creates a new post-quantum identity using ML-KEM-768 and ML-DSA-65

func (*Identity) DecryptFrom ¶

func (i *Identity) DecryptFrom(ciphertext []byte) ([]byte, error)

DecryptFrom decrypts a message from a sender

func (*Identity) EncryptTo ¶

func (i *Identity) EncryptTo(recipient *Identity, plaintext []byte) ([]byte, error)

EncryptTo encrypts a message for another identity

func (*Identity) PublicIdentity ¶

func (i *Identity) PublicIdentity() *Identity

PublicIdentity returns only the public parts of the identity

func (*Identity) SignMessage ¶

func (i *Identity) SignMessage(message []byte) ([]byte, error)

SignMessage signs a message and returns signature with message prepended

func (*Identity) VerifyMessage ¶

func (i *Identity) VerifyMessage(signedMessage []byte) ([]byte, bool)

VerifyMessage verifies a signed message (signature || message format)

Source Files ¶

View all Source files

identity.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL