This is a reference implementation of the key encapsulation mechanism from Bodo Möller's paper "A Public-Key Encryption Scheme with Pseudo- Random Ciphertexts" (ESORICS 2004). To the best of my knowledge this cryptosystem has never been implemented before. I have implemented only the key encapsulation mechanism, not the full hybrid cryptosystem. There are other slight deviations from the paper; see comments in the header files.
CC0: To the extent possible under law, I, Zachary Weinberg, do hereby waive all copyright and related or neighboring rights to this reference implementation.