{\rtf1\ansi\ansicpg1252\cocoartf1404\cocoasubrtf470 {\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\froman\fcharset0 Times-Roman;\f2\fmodern\fcharset0 Courier; } {\colortbl;\red255\green255\blue255;} \margl1440\margr1440\vieww16960\viewh16200\viewkind0 \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \f0\fs24 \cf0 PQC - API notes\ \ Most of the API information is derived from the \f1\b \expnd0\expndtw0\kerning0 eBATS: ECRYPT Benchmarking of Asymmetric Systems \f0\b0 (https://bench.cr.yp.to/ebats.html). This has been done to facilitate benchmarking algorithm performance. Please look at the eBATS page for more information on how to submit an algorithm for performance benchmarking. There are two sets of API calls listed for each primitive. The first set is the API call directly from the eBATS page, or something very similar for the Key Encapsulation Mechanism section. The second set of calls is for testing purposes. The calls extend the eBATS calls for functions that utilize randomness by providing a pointer to specify a randomness string. This will allow algorithms that utilize randomness to be able to provide reproducible results. For example, this will allow testing of KAT files and other sample values.\kerning1\expnd0\expndtw0 \ \ Public-key Signatures\ See \f1\fs32 \expnd0\expndtw0\kerning0 https://bench.cr.yp.to/call-sign.html \f0 \fs24 for more information on Public-key Signature API and performance testing.\ \ The first thing to do is to create a file called \i api.h \i0 . This file contains the following four lines (with the sizes set to the appropriate values):\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 #define CRYPTO_SECRETKEYBYTES 256\ #define CRYPTO_PUBLICKEYBYTES 85\ #define CRYPTO_BYTES 128\ #define CRYPTO_RANDOMBYTES 64\ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 indicating that your software uses a 256-byte (2048-bit) secret key, an 85-byte (680-bit) public key, \i at most \i0 128 bytes of overhead in a signed message compared to the original message, and 64 bytes of random input. \f2\fs26 \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ Then create a file called \i sign.c \i0 with the following function calls:\ \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 eBATS calls\ Generates a keypair - \i pk \i0 is the public key and \i sk \i0 is the secret key.\ \ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 \expnd0\expndtw0\kerning0 int crypto_sign_keypair(\ unsigned char *pk,\ unsigned char *sk\ )\ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 Sign a message: \i sm \i0 is the signed message, \i m \i0 is the original message, and \i sk \i0 is the secret key.\ \ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 int crypto_sign(\ unsigned char *sm, unsigned long long *smlen,\ const unsigned char *m, unsigned long long mlen,\ const unsigned char *sk\ )\ \ \f0\fs24 Verify a message signature: \i m \i0 is the original message, \i sm \i0 is the signed message, \i pk \i0 is the public key. \f2\fs26 \ \ int crypto_sign_open(\ const unsigned char *m, unsigned long long *mlen,\ const unsigned char *sm, unsigned long long smlen,\ const unsigned char *pk\ )\ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 KAT calls\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 \expnd0\expndtw0\kerning0 int crypto_sign_keypair_KAT(\ unsigned char *pk,\ unsigned char *sk,\ const unsigned char *randomness\ )\ \ int crypto_sign_KAT(\ unsigned char *sm, unsigned long long *smlen,\ const unsigned char *m, unsigned long long mlen,\ const unsigned char *sk,\ const unsigned char *randomness\ )\ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 \ Public-key Encryption\ See \f1\fs32 \expnd0\expndtw0\kerning0 https://bench.cr.yp.to/call-encrypt.html \f0 \fs24 for more information on Public-key Encryption API and performance testing.\kerning1\expnd0\expndtw0 \ \expnd0\expndtw0\kerning0 \ The first thing to do is to create a file called \i api.h \i0 . This file contains the following four lines (with the sizes set to the appropriate values):\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 #define CRYPTO_SECRETKEYBYTES 256\ #define CRYPTO_PUBLICKEYBYTES 64\ #define CRYPTO_BYTES 48\ #define CRYPTO_RANDOMBYTES 64\ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 indicating that your software uses a 256-byte (2048-bit) secret key, a 64-byte (512-bit) public key, \i at most \i0 48 bytes of overhead in a encrypted message compared to the original message, and 64 bytes of random input. \f2\fs26 \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ Then create a file called \i encrypt.c \i0 with the following function calls:\ \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 eBATS calls\ Generates a keypair - \i pk \i0 is the public key and \i sk \i0 is the secret key.\ \ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 \expnd0\expndtw0\kerning0 int crypto_encrypt_keypair(\ unsigned char *pk,\ unsigned char *sk\ )\ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 Encrypt a plaintext: \i c \i0 is the ciphertext, \i m \i0 is the plaintext, and \i pk \i0 is the public key. \f2\fs26 \ \ int crypto_encrypt(\ unsigned char *c, unsigned long long *clen,\ const unsigned char *m, unsigned long long mlen,\ const unsigned char *pk\ )\ \ \f0\fs24 Decrypt a ciphertext: \i m \i0 is the plaintext, \i c \i0 is the ciphertext, and \i sk \i0 is the secret key. \f2\fs26 \ \ int crypto_encrypt_open(\ unsigned char *m, unsigned long long *mlen,\ const unsigned char *c, unsigned long long clen,\ const unsigned char *sk\ ) \f0\fs24 \kerning1\expnd0\expndtw0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 \ KAT calls\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 \expnd0\expndtw0\kerning0 int crypto_encrypt_keypair_KAT(\ unsigned char *pk,\ unsigned char *sk,\ const unsigned char *randomness\ )\ \ int crypto_encrypt_KAT(\ unsigned char *c, unsigned long long *clen,\ const unsigned char *m, unsigned long long mlen,\ const unsigned char *pk,\ const unsigned char *randomness\ )\ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 \ Key Encapsulation Mechanism (KEM)\ The calls in the eBATS specification do not meet the calls specified in the call for algorithms. However, attempts were made to match the specifications for the other algorithms. \ \expnd0\expndtw0\kerning0 \ The first thing to do is to create a file called \i api.h \i0 . This file contains the following four lines (with the sizes set to the appropriate values):\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 #define CRYPTO_SECRETKEYBYTES 192\ #define CRYPTO_PUBLICKEYBYTES 64\ #define CRYPTO_BYTES 64\ #define CRYPTO_RANDOMBYTES 64\ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 indicating that your software uses a 192-byte (1536-bit) secret key, a 64-byte (512-bit) public key, a 64-byte (512-bit) shared secret, and 64 bytes of random input.\kerning1\expnd0\expndtw0 \ \ Then create a file called \i kem.c \i0 with the following function calls:\ \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 eBATS-like calls\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 \expnd0\expndtw0\kerning0 \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 Generates a keypair - \i pk \i0 is the public key and \i sk \i0 is the secret key. \f2\fs26 \expnd0\expndtw0\kerning0 \ \ int crypto_kem_keygenerate(\ unsigned char *pk,\ unsigned char *sk\ )\ \ \f0\fs24 Encapsulate \i - pk \i0 is the public key, \i ct \i0 is a key encapsulation message (ciphertext), \i ss \i0 is the shared secret. \f2\fs26 \ \ int crypto_kem_encapsulate(\ const unsigned char *pk,\ unsigned char *ct,\ unsigned char *ss\ )\ \ \f0\fs24 Decapsulate - \i ct \i0 is a key encapsulation message (ciphertext), \i sk \i0 is the private key, \i ss \i0 is the shared secret\ \pard\pardeftab720\partightenfactor0 \f2\fs26 \cf0 \ int crypto_kem_decapsulate(\ const unsigned char *ct,\ const unsigned char *sk,\ unsigned char *ss\ )\ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 \cf0 KAT calls \f2\fs26 \expnd0\expndtw0\kerning0 \ \pard\pardeftab720\partightenfactor0 \cf0 int crypto_kem_keygenerate(\ unsigned char *pk,\ unsigned char *sk,\ const unsigned char *randomness\ )\ \ int crypto_kem_encapsulate(\ const unsigned char *pk,\ unsigned char *ct,\ unsigned char *ss,\ const unsigned char *randomness\ ) \f0\fs24 \ \f2\fs26 \ \ \pard\pardeftab720\partightenfactor0 \f0\fs24 \cf0 \kerning1\expnd0\expndtw0 \ }