xs/vendor/blitter.com/go/kyber/README.md

### Kyber - IND-CCA2-secure Key Encapsulation Mechanism
#### Yawning Angel (yawning at schwanenlied dot me)

[![GoDoc](https://godoc.org/git.schwanenlied.me/yawning/kyber.git?status.svg)](https://godoc.org/git.schwanenlied.me/yawning/kyber.git)

This package implements the Kyber IND-CCA2-secure key encapsulation
mechanism (KEM), based on the hardness of solving the learning-with-errors
(LWE) problem over module lattices as submitted to the NIST Post-Quantum
Cryptography project.

This implementation is a port of the Public Domain reference implementation
by Joppe Bos, Léo Ducas, Eike Kiltz , Tancrède Lepoint, Vadim Lyubashevsky,
John Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé.

Additionally implementations of Kyber.AKE and Kyber.UAKE as presented in
the Kyber paper are included for users that seek an authenticated key
exchange.

Note that the algorithm is not finalized yet, and may change in a backward
incompatible manner in the future.  The designers currently recommend
combining Kyber with an established pre-quantum algorithm like ECDH, and
using the Kyber-768 parameter set.

For more information, see the [project home page](https://pq-crystals.org/kyber/index.shtml).
1/3 Updated Makefile to allow VENDOR flag (adds -vendor to version string) 2/3 Added vendor/ dir to lock down dependent pkg versions. The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still inconsistently refer to git.schwanenlied.me/, breaking build. Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an issue. Until the two aforementioned issues are resolved, locking to last-good versions is probably the best way forward for now. To build with vendored deps, use make VENDOR=1 clean all 3/3 Moved body of CI push script into bacillus/ 2020-01-29 21:25:14 +00:00			`### Kyber - IND-CCA2-secure Key Encapsulation Mechanism`
			`#### Yawning Angel (yawning at schwanenlied dot me)`

			`[![GoDoc](https://godoc.org/git.schwanenlied.me/yawning/kyber.git?status.svg)](https://godoc.org/git.schwanenlied.me/yawning/kyber.git)`

			`This package implements the Kyber IND-CCA2-secure key encapsulation`
			`mechanism (KEM), based on the hardness of solving the learning-with-errors`
			`(LWE) problem over module lattices as submitted to the NIST Post-Quantum`
			`Cryptography project.`

			`This implementation is a port of the Public Domain reference implementation`
			`by Joppe Bos, Léo Ducas, Eike Kiltz , Tancrède Lepoint, Vadim Lyubashevsky,`
			`John Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé.`

			`Additionally implementations of Kyber.AKE and Kyber.UAKE as presented in`
			`the Kyber paper are included for users that seek an authenticated key`
			`exchange.`

			`Note that the algorithm is not finalized yet, and may change in a backward`
			`incompatible manner in the future. The designers currently recommend`
			`combining Kyber with an established pre-quantum algorithm like ECDH, and`
			`using the Kyber-768 parameter set.`

			`For more information, see the [project home page](https://pq-crystals.org/kyber/index.shtml).`