KyberLib: Uncover Essential Installation Prerequisites

Welcome to KyberLib User Guide. Get started with our Robust Rust library designed for CRYSTALS-Kyber Post-Quantum Cryptography (PQC) and compatible with no_std.

KyberLib:  Setup and Usage Guide


KyberLib is a robust Rust library designed for CRYSTALS-Kyber Post-Quantum Cryptography, offering strong security guarantees. This library is compatible with no_std, making it suitable for embedded devices and avoids memory allocations. Additionally, it contains reference implementations with no unsafe code and provides an optimized AVX2 version by default on x86_64 platforms. You can also compile it to WebAssembly (WASM) using wasm-bindgen.


Core Features

Advanced Features


See Documentation ⧉ for full API details.


Getting Started

It takes just a few minutes to get up and running with kyberlib.


The minimum supported Rust toolchain version is currently Rust 1.56.0 or later (stable).


To install kyberlib, you need to have the Rust toolchain installed on your machine. You can install the Rust toolchain by following the instructions on the Rust website ⧉.

Once you have the Rust toolchain installed, you can install kyberlib using the following command:

cargo install kyberlib



To use the kyberlib library in your project, add the following to your Cargo.toml file:

kyberlib = "0.0.2"

Add the following to your file:

extern crate kyberlib;
use kyberlib::*;

then you can use the functions in your application code.

For optimisations on x86 platforms enable the avx2 feature and the following RUSTFLAGS:

export RUSTFLAGS="-C target-feature=+aes,+avx2,+sse2,+sse4.1,+bmi2,+popcnt"

Key Encapsulation

// Generate Keypair
let keys_bob = keypair(&mut rng)?;

// Alice encapsulates a shared secret using Bob's public key
let (ciphertext, shared_secret_alice) = encapsulate(&keys_bob.public, &mut rng)?;

// Bob decapsulates a shared secret using the ciphertext sent by Alice
let shared_secret_bob = decapsulate(&ciphertext, &keys_bob.secret)?;

assert_eq!(shared_secret_alice, shared_secret_bob);

Unilaterally Authenticated Key Exchange

let mut rng = rand::thread_rng();

// Initialize the key exchange structs
let mut alice = Uake::new();
let mut bob = Uake::new();

// Generate Bob's Keypair
let bob_keys = keypair(&mut rng)?;

// Alice initiates key exchange
let client_init = alice.client_init(&bob_keys.public, &mut rng)?;

// Bob authenticates and responds
let server_response = bob.server_receive(
  client_init, &bob_keys.secret, &mut rng

// Alice decapsulates the shared secret

// Both key exchange structs now have the same shared secret
assert_eq!(alice.shared_secret, bob.shared_secret);

Mutually Authenticated Key Exchange

Follows the same workflow except Bob requires Alice’s public keys:

let mut alice = Ake::new();
let mut bob = Ake::new();

let alice_keys = keypair(&mut rng)?;
let bob_keys = keypair(&mut rng)?;

let client_init = alice.client_init(&bob_keys.public, &mut rng)?;

let server_response = bob.server_receive(
  client_init, &alice_keys.public, &bob_keys.secret, &mut rng

alice.client_confirm(server_response, &alice_keys.secret)?;

assert_eq!(alice.shared_secret, bob.shared_secret);


The KyberLibError enum has two variants:



To get started with kyberlib, you can use the examples provided in the examples directory of the project.

To run the examples, clone the repository and run the following command in your terminal from the project root directory.

Example 1: Implements an authenticated key exchange protocol

Alice and Bob exchange public keys to derive a shared secret in a way that authenticates each party.

Run the following command in your terminal from the project root directory.

cargo run --example ake

Example 2: Demonstrates key encapsulation and decapsulation

Alice generates a keypair. Bob encapsulates a secret using Alice’s public key. Alice decapsulates the secret using her private key. This allows secure communication.

Run the following command in your terminal from the project root directory.

cargo run --example kem

Example 3: Implements an unauthenticated key exchange protocol

Alice and Bob exchange public information to derive a shared secret without authenticating each other. Provides confidentiality but not authentication.

Run the following command in your terminal from the project root directory.

cargo run --example uake



For comprehensive information and resources related to KyberLib, we invite you to explore our extensive documentation.

Detailed guides, API references, and examples are available on ⧉, where you’ll find in-depth material to support your development needs.

For library-specific details and to access our collection of Rust libraries, visit ⧉.

Additionally, you can explore ⧉ to find a wide range of Rust crates, which include the necessary tools and libraries to enhance your projects.

These resources are designed to provide you with the most up-to-date and thorough information to assist in your development endeavours.