Skip to content
Advanced crypto library for the Go language
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
encrypt/ecies Next steps on making Kyber a correct Go module Jan 25, 2019
examples Next steps on making Kyber a correct Go module Jan 25, 2019
group Implementation of the modified BLS signature scheme Apr 9, 2019
pairing leave bn256 as in master Apr 21, 2019
proof Next steps on making Kyber a correct Go module Jan 25, 2019
share fix test without EnoughApprovals May 1, 2019
shuffle Next steps on making Kyber a correct Go module Jan 25, 2019
sign Add a reference test for BDN public-keys aggregation Apr 30, 2019
suites removing comments and useless panic Apr 22, 2019
util Next steps on making Kyber a correct Go module Jan 25, 2019
xof Adding blake2xs Feb 1, 2019
.gitattributes Git attributes to make go.{mod,sum} differences default to shown. Jan 25, 2019
.gitignore Remove forgotten temp file, and start ignoring them now. Dec 19, 2018
.travis.yml Next steps on making Kyber a correct Go module Jan 25, 2019
LICENSE added mpl-v2 license Jun 13, 2017
Makefile Stop testing create_stable Dec 11, 2018 Merge branch 'master' into master Mar 4, 2019
doc.go Add a security reporting address. Feb 21, 2019
encoding.go Update for new module import paths Jan 25, 2019
go.mod changes fitting for master Apr 21, 2019
go.sum Update for new module import paths Jan 25, 2019
group.go changes fitting for master Apr 21, 2019
hash.go Documentation fixes. Nov 27, 2017
random.go Update docs for v1 release. Dec 13, 2017
xof.go Fixes from code review from Linus. Dec 15, 2017

Docs Build Status

DEDIS Advanced Crypto Library for Go

This package provides a toolbox of advanced cryptographic primitives for Go, targeting applications like Cothority that need more than straightforward signing and encryption. Please see the Godoc documentation for this package for details on the library's purpose and API functionality.

This package includes a mix of variable time and constant time implementations. If your application is sensitive to timing-based attacks and you need to constrain Kyber to offering only constant time implementations, you should use the suites.RequireConstantTime() function in the init() function of your main package.

Versioning - Development

We use the following versioning model:

  • crypto.v0 was the first semi-stable version. See migration notes.
  • kyber.v1 never existed, in order to keep kyber, onet and cothorithy versions linked
  • was the last stable version
  • Starting with v3.0.0, kyber is a Go module, and we respect semantic versioning.

So if you depend on the master branch, you can expect breakages from time to time. If you need something that doesn't change in a backward-compatible way you should use have a go.mod file in the directory where your main package is.


First make sure you have Go version 1.11 or newer installed.

The basic crypto library requires only Go and a few third-party Go-language dependencies that can be installed automatically as follows:

go get

You can recursively test all the packages in the library as follows:

go test -v ./...

A note on deriving shared secrets

Traditionally, ECDH (Elliptic curve Diffie-Hellman) derives the shared secret from the x point only. In this framework, you can either manually retrieve the value or use the MarshalBinary method to take the combined (x, y) value as the shared secret. We recommend the latter process for new softare/protocols using this framework as it is cleaner and generalizes across different types of groups (e.g., both integer and elliptic curves), although it will likely be incompatible with other implementations of ECDH. See the Wikipedia page on ECDH.

Reporting security problems

This library is offered as-is, and without a guarantee. It will need an independent security review before it should be considered ready for use in security-critical applications. If you integrate Kyber into your application it is YOUR RESPONSIBILITY to arrange for that audit.

If you notice a possible security problem, please report it to

You can’t perform that action at this time.