Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@openpgp/crystals-kyber-js
Advanced tools
This fork implements the ML-KEM changes from the NIST FIPS-203 (draft): it exports
MlKem512, 768, 1024
instead ofKyber512, 768, 1024
.
This library is published on npm (as@openpgp/crystals-kyber-js
) but not on deno. We recommend you use the upstream repo. The rest of the README refers to the upstream library.
This module is based on
ntontutoveanu/crystals-kyber-javascript,
but includes the following improvements:
For Node.js, you can install crystals-kyber-js
via npm/yarn:
npm install crystals-kyber-js
Then, you can use it as follows:
import { Kyber768 } from "crystals-kyber-js";
async function doKyber() {
// A recipient generates a key pair.
const recipient = new Kyber768(); // MlKem512 and MlKem1024 are also available.
const [pkR, skR] = await recipient.generateKeyPair();
//// Deterministic key generation is also supported
// const seed = new Uint8Array(64);
// globalThis.crypto.getRandomValues(seed); // node >= 19
// const [pkR, skR] = await recipient.deriveKeyPair(seed);
// A sender generates a ciphertext and a shared secret with pkR.
const sender = new Kyber768();
const [ct, ssS] = await sender.encap(pkR);
// The recipient decapsulates the ciphertext and generates the same shared secret with skR.
const ssR = await recipient.decap(ct, skR);
// ssS === ssR
return;
}
try {
doKyber();
} catch (err) {
console.log("failed: ", err.message);
}
Using npm:
npm install crystals-kyber-js
Using yarn:
yarn add crystals-kyber-js
Using deno.land:
// use a specific version
import { Kyber768 } from "https://deno.land/x/crystals_kyber@1.1.1/mod.ts";
// use the latest stable version
import { Kyber768 } from "https://deno.land/x/crystals_kyber/mod.ts";
Followings are how to use this module with typical CDNs. Other CDNs can be used as well.
Using esm.sh:
<!-- use a specific version -->
<script type="module">
import { Kyber768 } from "https://esm.sh/crystals-kyber-js@1.1.1";
// ...
</script>
<!-- use the latest stable version -->
<script type="module">
import { Kyber768 } from "https://esm.sh/crystals-kyber-js";
// ...
</script>
Using unpkg:
<!-- use a specific version -->
<script type="module">
import { Kyber768 } from "https://unpkg.com/crystals-kyber-js@1.1.1";
// ...
</script>
git clone git@github.com:dajiaji/crystals-kyber-js.git
cd crystals-kyber-js
npm install -g esbuild
deno task dnt
deno task minify > $YOUR_SRC_PATH/crystals-kyber.js
This section shows some typical usage examples.
import { Kyber768 } from "crystals-kyber-js";
// const { Kyber768 } = require("crystals-kyber-js");
async function doKyber() {
const recipient = new Kyber768();
const [pkR, skR] = await recipient.generateKeyPair();
const sender = new Kyber768();
const [ct, ssS] = await sender.encap(pkR);
const ssR = await recipient.decap(ct, skR);
// ssS === ssR
return;
}
try {
doKyber();
} catch (err) {
console.log("failed: ", err.message);
}
import { MlKem512 } from "https://deno.land/x/crystals_kyber@1.1.1/mod.ts";
async function doKyber() {
const recipient = new MlKem512();
const [pkR, skR] = await recipient.generateKeyPair();
const sender = new MlKem512();
const [ct, ssS] = await sender.encap(pkR);
const ssR = await recipient.decap(ct, skR);
// ssS === ssR
return;
}
try {
doKyber();
} catch (_err: unknown) {
console.log("failed.");
}
<html>
<head></head>
<body>
<script type="module">
import { MlKem1024 } from "https://esm.sh/crystals-kyber@1.1.1";
globalThis.doKyber = async () => {
try {
const recipient = new MlKem1024();
const [pkR, skR] = await recipient.generateKeyPair();
const sender = new MlKem1024();
const [ct, ssS] = await sender.encap(pkR);
const ssR = await recipient.decap(ct, skR);
// ssS === ssR
return;
} catch (err) {
alert("failed: ", err.message);
}
}
</script>
<button type="button" onclick="doKyber()">do CRYSTALS-KYBER</button>
</body>
</html>
We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.
FAQs
A ML-KEM implementation written in TypeScript
The npm package @openpgp/crystals-kyber-js receives a total of 0 weekly downloads. As such, @openpgp/crystals-kyber-js popularity was classified as not popular.
We found that @openpgp/crystals-kyber-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.