KyberDecapsulate()
Recovers the shared secret from a Kyber ciphertext using your private key.
This is the recipient's side of a Kyber key exchange — the shared secret matches what the sender got from KyberEncapsulate().
Requires Extension: Crypto Extension
KyberDecapsulate( privateKey=any, ciphertext=string );
Returns: binary
| Argument | Description |
|---|---|
|
privateKey
any,
required
|
edit
Kyber private key (PEM string or Java object) |
|
ciphertext
string,
required
|
edit
Base64-encoded ciphertext from KyberEncapsulate |
Usage Notes
editImplicit rejection: If you decapsulate with the wrong private key, you get a different (incorrect) shared secret rather than an error. This is a deliberate security feature of the Kyber specification — it prevents an attacker from learning whether a ciphertext is valid. Your application should detect the mismatch at a higher level (e.g. AES decryption will fail with the wrong key).
Examples
edit// Decapsulate a Kyber ciphertext to recover the shared secret
// This is the recipient's side of the Kyber key exchange
// Recipient's key pair (private key must be kept secret)
keys = GenerateKeyPair( "Kyber768" );
// Sender encapsulates using recipient's public key
encapResult = KyberEncapsulate( keys.public );
// Sender transmits encapResult.ciphertext to the recipient
// Recipient decapsulates to recover the shared secret
sharedSecret = KyberDecapsulate( keys.private, encapResult.ciphertext );
// Use the shared secret for symmetric decryption
recipientKey = binaryEncode( sharedSecret, "base64" );
// decrypted = Decrypt( encrypted, recipientKey, "AES/CBC/PKCS5Padding", "Base64" );
// Wrong private key produces a different (incorrect) shared secret
// rather than throwing an error - this is by design (implicit rejection)
See also
- Cryptography
- GenerateKeyPair()
- KyberEncapsulate()
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)