Support derandomized key generation for ML-KEM

SWilson4 · SWilson4 · commit 0d3aa6553972 · 2025-03-19T14:17:38.000-04:00
Signed-off-by: Spencer Wilson &lt;spencer.wilson@uwaterloo.ca&gt;
diff --git a/src/main/java/org/openquantumsafe/KeyEncapsulation.java b/src/main/java/org/openquantumsafe/KeyEncapsulation.java
@@ -20,6 +20,7 @@ class KeyEncapsulationDetails {
         long length_secret_key;
         long length_ciphertext;
         long length_shared_secret;
+        long length_keypair_seed;
 
         /**
          * \brief Print KEM algorithm details
@@ -33,7 +34,9 @@ void printKeyEncapsulation() {
                 "\n  Length public key (bytes): " + this.length_public_key +
                 "\n  Length secret key (bytes): " + this.length_secret_key +
                 "\n  Length ciphertext (bytes): " + this.length_ciphertext +
-                "\n  Length shared secret (bytes): " + this.length_shared_secret
+                "\n  Length shared secret (bytes): " + this.length_shared_secret +
+                "\n Length keypair seed (bytes): "
+                + ((this.length_keypair_seed > 0) ? this.length_keypair_seed : "N/A")
             );
         }
 
@@ -114,6 +117,18 @@ public KeyEncapsulation(String alg_name, byte[] secret_key)
      */
     private native int generate_keypair(byte[] public_key, byte[] secret_key);
 
+    /**
+     * \brief Wrapper for OQS_API OQS_STATUS OQS_KEM_keypair_derand(const OQS_KEM *kem,
+     *                              uint8_t *public_key, uint8_t *secret_key,
+     *                              const uint8_t *seed);
+     * \param Public key
+     * \param Secret key
+     * \param Seed
+     * \return Status
+     */
+    private native int generate_keypair_derand(byte[] public_key,
+                                               byte[] secret_key, byte[] seed);
+
     /**
      * \brief Wrapper for OQS_API OQS_STATUS OQS_KEM_encaps(const OQS_KEM *kem,
      *                                               uint8_t *ciphertext,
@@ -159,6 +174,27 @@ public byte[] generate_keypair() throws RuntimeException {
         return this.public_key_;
     }
 
+    /**
+     * \brief Invoke native generate_keypair_derand method using the PK and SK lengths
+     * from alg_details_. Check return value and if != 0 throw Exception.
+     */
+    public byte[] generate_keypair(byte[] seed) throws RuntimeException {
+        if (seed.length != alg_details_.length_keypair_seed) {
+            throw new RuntimeException("Incorrect seed length");
+        }
+
+        int rv_ = generate_keypair_derand(this.public_key_, this.secret_key_, seed);
+        if (rv_ != 0) throw new RuntimeException("Cannot generate keypair from seed");
+        return this.public_key_;
+    }
+
+    /**
+     * \brief Return seed length
+     */
+    public long get_keypair_seed_length() {
+        return alg_details_.length_keypair_seed;
+    }
+
     /**
      * \brief Return public key
      */
diff --git a/src/test/java/org/openquantumsafe/KEMTest.java b/src/test/java/org/openquantumsafe/KEMTest.java
@@ -8,6 +8,7 @@
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.stream.Stream;
 
 public class KEMTest {
@@ -56,6 +57,42 @@ public void testAllKEMs(String kem_name) {
         System.out.println(sb.toString());
     }
 
+    /**
+     * Test KEMs with derandomized keypair generation.
+     */
+    @ParameterizedTest(name = "Testing {arguments}")
+    @MethodSource("getDerandSupportedKEMsAsStream")
+    public void testKEMsWithDerand(String kem_name) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(kem_name);
+        sb.append(String.format("%1$" + (40 - kem_name.length()) + "s", ""));
+
+        // Create client and server
+        KeyEncapsulation client = new KeyEncapsulation(kem_name);
+        KeyEncapsulation server = new KeyEncapsulation(kem_name);
+
+        // Generate seed
+        byte[] seed = Rand.randombytes(client.get_keypair_seed_length());
+
+        // Generate client key pair
+        byte[] client_public_key = client.generate_keypair(seed);
+
+        // Server: encapsulate secret with client's public key
+        Pair<byte[], byte[]> server_pair = server.encap_secret(client_public_key);
+        byte[] ciphertext = server_pair.getLeft();
+        byte[] shared_secret_server = server_pair.getRight();
+
+        // Client: decapsulate
+        byte[] shared_secret_client = client.decap_secret(ciphertext);
+
+        // Check if equal
+        assertArrayEquals(shared_secret_client, shared_secret_server, kem_name);
+
+        // If successful print KEM name, otherwise an exception will be thrown
+        sb.append("\033[0;32m").append("PASSED").append("\033[0m");
+        System.out.println(sb.toString());
+    }
+
     /**
      * Test the MechanismNotSupported Exception
      */
@@ -71,4 +108,12 @@ private static Stream<String> getEnabledKEMsAsStream() {
         return enabled_kems.parallelStream();
     }
 
+    /**
+     * Method to convert the list of derand-supported KEMs to a stream for input to testAllSigs
+     */
+    private static Stream<String> getDerandSupportedKEMsAsStream() {
+        return Arrays.asList(
+                "ML-KEM-512", "ML-KEM-768", "ML-KEM-1024"
+            ).parallelStream();
+    }
 }
