TIMECOP
/ crypto_kem

Primitives for crypto_kem

This page lists all primitives grouped under operation crypto_kem.

For each primitive, all listed implementations were checked across a number of compilers, compiler options, and hosts.

The progress bar shows the relative number of successes, fails, and errors:

  • Success. The constant-time checker didn't find any cases where the execution time of the tested code depends on secret data.
  • Fail. The execution time of the tested code depends on secret data.
  • Error.

Errors can have multiple causes:
  • The constant-time checker encountered an error and couldn't be completed.
  • Valgrind found memory issues, but none of them are related to constant-time checks.
  • The constant-time checker timed out after 6 minutes.
  • The tested code produced invalid results. More details can be found near the start of the output file. Example:
    crypto_aead_decrypt returns nonzero 

The absolute number of successes, fails, and errors is shown to the left of the progress bar.

The following code was used to flag secret data, and test implementations:

1void timecop_doit(void)
2{
3 poison(k, klen);
4 poison(s, slen);
5 crypto_kem_enc(c,k,p);
6 unpoison(c, clen);
7 crypto_kem_dec(t,c,s);
8}

Click an implementation to see all checked compiler options.

bigquake1
Implementations:
bigquake3
Implementations:
bigquake5
Implementations:
dags3
Implementations:
dags5
Implementations:
edonk128k08n72nu8l8
Description
An alternative Edon-K KEM proposal in Category 1.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 128-bit key (e.g. AES128) - Category 1
Designers
Danilo Gligoroski
Implementations:
edonk128k16n80nu4l6
Description
An alternative Edon-K KEM proposal in Category 1.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 128-bit key (e.g. AES128) - Category 1
Designers
Danilo Gligoroski
Implementations:
edonk128k16n80nu8l6
Description
An alternative Edon-K KEM proposal in Category 1.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 128-bit key (e.g. AES128) - Category 1
Designers
Danilo Gligoroski
Implementations:
edonk128k32n96nu4l4
Description
An alternative Edon-K KEM proposal in Category 1.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 128-bit key (e.g. AES128) - Category 1
Designers
Danilo Gligoroski
Implementations:
edonk128ref
Description
Reference proposal KEM Edon-K128 in Category 1.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 128-bit key (e.g. AES128) - Category 1
Designers
Danilo Gligoroski
Implementations:
edonk192k16n112nu4l8
Description
An alternative Edon-K KEM proposal in Category 3.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 192-bit key (e.g. AES192) - Category 3
Designers
Danilo Gligoroski
Implementations:
edonk192k32n128nu4l6
Description
An alternative Edon-K KEM proposal in Category 3.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 192-bit key (e.g. AES192) - Category 3
Designers
Danilo Gligoroski
Implementations:
edonk192k48n144nu4l4
Description
An alternative Edon-K KEM proposal in Category 3.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 192-bit key (e.g. AES192) - Category 3
Designers
Danilo Gligoroski
Implementations:
edonk192ref
Description
Reference proposal KEM Edon-K192 in Category 3.
Conjectured security requires computational resources comparable to
or greater than those required for key search on a block cipher with
a 192-bit key (e.g. AES192) - Category 3
Designers
Danilo Gligoroski
Implementations:
kindi256342
Implementations:
kindi256522
Implementations:
kindi512222
Implementations:
kindi512241
Implementations:
kindi512321
Implementations:
kyber1024
Implementations:
kyber512
Implementations:
kyber768
Implementations:
lake1
Implementations:
lake2
Implementations:
lake3
Implementations:
ledakem12
Implementations:
ledakem13
Implementations:
ledakem14
Implementations:
ledakem32
Implementations:
ledakem33
Implementations:
ledakem34
Implementations:
ledakem52
Implementations:
ledakem53
Implementations:
ledakem54
Implementations:
locker1
Implementations:
locker2
Implementations:
locker3
Implementations:
locker4
Implementations:
locker5
Implementations:
locker6
Implementations:
locker7
Implementations:
locker8
Implementations:
locker9
Implementations:
newhope1024cca
Implementations:
newhope512cca
Implementations:
ntruhrss701
Implementations:
ntrukem443
Implementations:
ntrukem743
Implementations:
ntrulpr4591761
Description
NTRU LPRime 4591^761
Designers
Alphabetical order:
Daniel J. Bernstein
Chitchanok Chuengsatiansup
Tanja Lange
Christine van Vredendaal
Implementations:
pqrsa15
Implementations:
ramstakers216091
Implementations:
ramstakers756839
Implementations:
rsa2048
Designers
Ronald L. Rivest
Adi Shamir
Leonard M. Adleman
Michael O. Rabin (small exponent)
Victor Shoup (session key is hash of random integer)
Implementations:
sntrup4591761
Description
Streamlined NTRU Prime 4591^761
Designers
Alphabetical order:
Daniel J. Bernstein
Chitchanok Chuengsatiansup
Tanja Lange
Christine van Vredendaal
Implementations: