Git Patch to Generate Known Answer Tests ( KATs ) from ML-KEM "Official" Reference Implementation

ml_kem_kat_generation.patch

diff --git a/ref/hex_print.h b/ref/hex_print.h
new file mode 100644
index 0000000..be80ffc
--- /dev/null
+++ b/ref/hex_print.h
@@ -0,0 +1,11 @@
+#include <stdint.h>
+#include <stdio.h>
+
+inline void
+to_hex(const uint8_t* const bytes, const size_t blen)
+{
+  for (size_t i = 0; i < blen; i++) {
+    printf("%.2x", bytes[i]);
+  }
+  printf("\n");
+}
diff --git a/ref/kem.c b/ref/kem.c
index 63abc10..f899621 100644
--- a/ref/kem.c
+++ b/ref/kem.c
@@ -7,6 +7,7 @@
 #include "verify.h"
 #include "symmetric.h"
 #include "randombytes.h"
+#include "hex_print.h"
 /*************************************************
 * Name:        crypto_kem_keypair_derand
 *
@@ -52,7 +53,19 @@ int crypto_kem_keypair(uint8_t *pk,
 {
   uint8_t coins[2*KYBER_SYMBYTES];
   randombytes(coins, 2*KYBER_SYMBYTES);
+
+  printf("d = ");
+  to_hex(coins, KYBER_SYMBYTES);
+  printf("z = ");
+  to_hex(coins + KYBER_SYMBYTES, KYBER_SYMBYTES);
+
   crypto_kem_keypair_derand(pk, sk, coins);
+
+  printf("pk = ");
+  to_hex(pk, KYBER_PUBLICKEYBYTES);
+  printf("sk = ");
+  to_hex(sk, KYBER_SECRETKEYBYTES);
+
   return 0;
 }
 
@@ -116,7 +129,18 @@ int crypto_kem_enc(uint8_t *ct,
 {
   uint8_t coins[KYBER_SYMBYTES];
   randombytes(coins, KYBER_SYMBYTES);
+
+  printf("m = ");
+  to_hex(coins, KYBER_SYMBYTES);
+
   crypto_kem_enc_derand(ct, ss, pk, coins);
+
+  printf("ct = ");
+  to_hex(ct, KYBER_CIPHERTEXTBYTES);
+  printf("ss = ");
+  to_hex(ss, KYBER_SSBYTES);
+  printf("\n");
+
   return 0;
 }
 

Steps for Generating Known Answer Tests for ML-KEM-{512, 768, 1024}

ML-KEM was previously known as Kyber (https://pq-crystals.org/kyber/index.shtml) and it's being standardized by NIST. Currently we've a draft standard from NIST for FIPS 203 @ https://doi.org/10.6028/NIST.FIPS.203.ipd.

Note

These KATs are used to test functional correctness & compatibility of ML-KEM implementation https://github.com/itzmeanjan/ml-kem.

• Create working directory

cd
mkdir tmp
cd tmp

• Clone ML-KEM official implementation

git clone https://github.com/pq-crystals/kyber.git
git checkout d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 # `standard` branch

Warning

Don't forget to setup environment following ML-KEM official implementation documents ( see the README.md in ML-KEM repository ).

• Clone this gist ( the git patch file )

git clone https://gist.github.com/c8f5bc9640d0f0bdd2437dfe364d7710.git

• Copy patch file to ML-KEM repository

cp c8f5bc9640d0f0bdd2437dfe364d7710/ml_kem_kat_generation.patch kyber/

• Apply git patch

cd kyber
git apply ml_kem_kat_generation.patch

• Check status to find out which files were touched

git status

• Generate KATs for ML-KEM-{512, 768, 1024} ( see content of file ml_kem_{512, 768, 1024}.kat )

pushd ref

make nistkat/PQCgenKAT_kem512
./nistkat/PQCgenKAT_kem512 > ../ml_kem_512.kat
sha256sum  ../ml_kem_512.kat # 400401e93802b636c5d91728d140706bb440ad56ecf65374cebe95477e35da9a

make nistkat/PQCgenKAT_kem768
./nistkat/PQCgenKAT_kem768 > ../ml_kem_768.kat
sha256sum ../ml_kem_768.kat # bd81da0ce1ba9bc179f5a35452fa8f86ecf41703b7e38e06ef1a61117b55b2f5

make nistkat/PQCgenKAT_kem1024
./nistkat/PQCgenKAT_kem1024 > ../ml_kem_1024.kat
sha256sum ../ml_kem_1024.kat # 793d5499432af8200c38cba815f7218262f2a595450012eb520cc1d380120324

popd