{"id":27202508,"url":"https://github.com/rozbb/saber-rs","last_synced_at":"2025-09-20T07:12:05.530Z","repository":{"id":245631165,"uuid":"816798687","full_name":"rozbb/saber-rs","owner":"rozbb","description":"A pure-Rust implementation of the Saber key encapsulation mechanism (KEM)","archived":false,"fork":false,"pushed_at":"2025-02-19T06:36:19.000Z","size":1197,"stargazers_count":5,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-09T22:00:46.370Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rozbb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-18T12:29:14.000Z","updated_at":"2025-02-19T06:36:22.000Z","dependencies_parsed_at":"2024-06-23T04:27:32.864Z","dependency_job_id":"ccd7a5ed-33e7-4208-943f-c0ba39a1402b","html_url":"https://github.com/rozbb/saber-rs","commit_stats":null,"previous_names":["rozbb/saber-rs"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozbb%2Fsaber-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozbb%2Fsaber-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozbb%2Fsaber-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozbb%2Fsaber-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rozbb","download_url":"https://codeload.github.com/rozbb/saber-rs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozbb%2Fsaber-rs/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259236365,"owners_count":22826306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-09T22:00:16.810Z","updated_at":"2025-09-20T07:12:00.436Z","avatar_url":"https://github.com/rozbb.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"saber_kem\n=========\n\nThis crate is a pure-Rust, no-std implementation of [draft 3](https://www.esat.kuleuven.be/cosic/pqcrypto/saber/files/saberspecround3.pdf) of the Saber key encapsulation mechanism (KEM). Saber is a lattice-based KEM that is designed to be secure against classical and quantum adversaries. It comes three variants:\n\n* LightSaber, which is designed to have security roughly equivalent to AES-128\n* Saber, which is designed to have security roughly equivalent to AES-192\n* FireSaber, which is designed to have security roughly equivalent to AES-256\n\nWarning\n-------\n\nThis crate has not been audited in any sense of the word. Use at your own risk.\n\nWhy Saber?\n----------\n\nIn general, if you are looking to use a post-quantum KEM and have no other requirements, you should use ML-KEM (aka \"Kyber\", its pre-standardization name), since it is faster and more standardized than Saber. However, Saber has two small benefits over Kyber:\n\n* All Saber public keys and ciphertexts pack perfectly into bytes. So if you need to perform a keyed permutation on a KEM's public keys, as is required in some ideal-cipher-based constructions such as [CAKE](https://eprint.iacr.org/2023/470), you can simply use a wide-block cipher over a serialized Saber public key. In comparison Kyber requires you to define a permutation over arrays of mod-q values (note: Kyber public keys actually can be compressed to pack into bytes, but nobody has proven it secure; Theorem 2 of the [original paper](https://eprint.iacr.org/2017/634) only considers the uncompressed scheme).\n* Relatedly, all Saber arithmetic is modulo a power of two, which is extremely simple for CPUs to work with. Arithmetic modulo a prime can yield much faster computations, but it can also cause accidental timing leaks due to compilers being too smart. Such vulnerabilities have affected [Kyber](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ) and [curve25519](https://rustsec.org/advisories/RUSTSEC-2024-0344.html). I don't claim any of these other projects are insecure, just that this is a specific issue they must contend with going forward, that Saber does not have to.\n\nCompatibility\n-------------\n\nThis crate is compatible with Saber's [C reference implementation](https://github.com/KULeuven-COSIC/SABER/tree/f7f39e4db2f3e22a21e1dd635e0601caae2b4510). Known-answer tests (KATs) test vectors can be found in [`tests/`](tests/). Test vectors were taken directly from the previously linked repo, and converted to JSON using [`tests/convert_rsp_to_json.py`](tests/convert_rsp_to_json.py).\n\nExample code\n------------\n\nThe following code can be found in [`examples/simple.rs`](examples/simple.rs).\n\n```rust\nuse saber_kem::lightsaber::{\n    LightsaberCiphertext, LightsaberPublicKey, LightsaberSecretKey, LIGHTSABER_CIPHERTEXT_LEN,\n};\n\nlet mut rng = rand::rng();\n\n// Generate a keypair\nlet sk = LightsaberSecretKey::generate(\u0026mut rng);\nlet pk = sk.public_key();\n\n// Serialize the secret key, maybe to save on disk\nlet mut sk_bytes = [0u8; LightsaberSecretKey::SERIALIZED_LEN];\nsk.to_bytes(\u0026mut sk_bytes);\nlet slice_containing_sk = sk_bytes.as_slice();\n\n// Deserialize the secret key\n// The API only accepts fixed-len slices, so we have to cast it first\nassert_eq!(\n    slice_containing_sk.len(),\n    LightsaberSecretKey::SERIALIZED_LEN\n);\nlet sk_arr = slice_containing_sk.try_into().unwrap();\nlet sk = LightsaberSecretKey::from_bytes(sk_arr);\n\n// Also serialize and deserialize the public key\nlet mut pk_bytes = [0u8; LightsaberPublicKey::SERIALIZED_LEN];\npk.to_bytes(\u0026mut pk_bytes);\nlet slice_containing_pk = pk_bytes.as_slice();\n// The API only accepts fixed-len slices, so we have to cast it first\nassert_eq!(\n    slice_containing_pk.len(),\n    LightsaberPublicKey::SERIALIZED_LEN\n);\nlet pk_arr = slice_containing_pk.try_into().unwrap();\nlet pk = LightsaberPublicKey::from_bytes(pk_arr);\n\n// Encapsulate a shared secret, ss1, to pk\nlet (_ct, _ss1) = pk.encapsulate(\u0026mut rng);\n// Alternatively, if you have a buffer and want to avoid an extra allocation, encapsulate in\n// place. LightSaberCiphertext is just a byte array, so no conversion necessary:\nlet mut ct = [0u8; LIGHTSABER_CIPHERTEXT_LEN];\nlet ss1 = pk.encapsulate_in_place(\u0026mut rng, \u0026mut ct);\nlet slice_containing_ct = ct.as_slice();\n\n// Deserializing is also straightforward\nassert_eq!(slice_containing_ct.len(), LIGHTSABER_CIPHERTEXT_LEN);\nlet receiver_ct: \u0026LightsaberCiphertext = slice_containing_ct.try_into().unwrap();\n\n// Use the secret key to decapsulate the ciphertext\nlet ss2 = sk.decapsulate(receiver_ct);\n\n// Check the shared secrets are equal. NOTE is not a constant-time check (ie not secure). We\n// only do this for testing purposes.\nassert_eq!(ss1.as_bytes(), ss2.as_bytes());\n\nprintln!(\"KEM ran successfully\");\n```\n\nBenchmarks\n----------\n\nWe have implemented benchmarks for key generation, encapsulation, and decapsulation for all variants. Simply run `cargo bench`.\n\nLicense\n-------\n\nLicensed under either of\n\n * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))\n * MIT license ([LICENSE-MIT](LICENSE-MIT))\n\nat your option.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frozbb%2Fsaber-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frozbb%2Fsaber-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frozbb%2Fsaber-rs/lists"}