mlkem: Module-Lattice-based Key-Encapsulation Mechanism

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.

[maintain] [Publish]

Warnings:

[option-o2] 'ghc-options: -O2' is rarely needed. Check that it is giving a real benefit and not just imposing longer compile times on your users.
[missing-upper-bounds] On library, these packages miss upper bounds: - basement - deepseq - memory - cryptonite Please add them. There is more information at https://pvp.haskell.org/

Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM) implemented in Haskell.

[Skip to Readme]

Properties

Versions	0.1.0.0
Change log	CHANGELOG.md
Dependencies	base (>=4.7 && <5), basement (>=0.0.8), cryptonite (>=0.26), deepseq, memory [details]
License	BSD-3-Clause
Copyright	2025 Olivier Chéron
Author	Olivier Chéron
Maintainer	olivier.cheron@gmail.com
Category	Crypto
Home page	https://codeberg.org/ocheron/hs-mlkem#readme
Bug tracker	https://codeberg.org/ocheron/hs-mlkem/issues
Source repo	head: git clone https://codeberg.org/ocheron/hs-mlkem
Uploaded	by OlivierCheron at 2025-10-25T12:09:43Z

Modules

Crypto
- PubKey
  - Crypto.PubKey.ML_KEM

Flags

Manual Flags

Name	Description	Default
use_crypton	Use crypton instead of cryptonite	Disabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

mlkem-0.1.0.0.tar.gz [browse] (Cabal source package)
Package description (as included in the package)

Maintainer's Corner

Package maintainers

OlivierCheron

For package maintainers and hackage trustees

edit package information

Readme for mlkem-0.1.0.0

[back to package description]

ML-KEM

Module-Lattice-based Key-Encapsulation Mechanism implemented in Haskell.

See FIPS 203.

Example session:

> import Crypto.PubKey.ML_KEM
> import Data.Proxy
> let params = Proxy :: Proxy ML_KEM_768
> (encapKey, decapKey) <- generate params
> (sharedKey, ciphertext) <- encapsulate encapKey
> let sharedKey' = decapsulate decapKey ciphertext
> sharedKey == sharedKey'
True

Notes

The library does its best to destroy secrets and intermediate buffers from memory after use, despite the implementation in functional style. This relies on finalization by the garbage collector and is not guaranteed to run before the program exits. Also, depending on optimizations applied, lambdas may capture variables and move them to the heap. This could theoretically include machine words containing secret information that would not then be destroyed.

Best performance is obtained with the LLVM code generator.

Testing

The test suite executes all NIST test vectors but necessary files are not included in the package to limit its size. Instead, two files are downloaded from the project repository during execution, and this relies on commands sh and curl to run the script tests/get-vectors.sh. If not applicable to your environment, please execute the same steps manually. It will be needed only the first time.