FrodoKEM Guide

Introduction

This guide explains how to use Kyber Club's FrodoKEM tools to generate quantum-safe keypairs, encapsulate data, and decapsulate it securely. We'll follow a scenario with Alice and Bob to demonstrate the process. FrodoKEM, based on the Learning With Errors (LWE) problem, is a robust alternative to ML-KEM, particularly suitable for highly sensitive information due to its conservative security design. Please note that FrodoKEM tools are in beta, pending NIST standardisation.

Use Scenario: Alice and Bob

Alice wants to receive sensitive data from Bob, protected against future quantum computer attacks. She uses Kyber Club's FrodoKEM tools to generate a keypair and shares the public key with Bob. Bob encapsulates the data using this key, and Alice decapsulates it with her private key. This ensures only Alice can access the data, even if intercepted, making FrodoKEM ideal for highly sensitive information.

Step-by-Step Guide

Follow these steps to use our FrodoKEM tools effectively:

1. Generate a Keypair (Alice)

   Visit the keypair generation tool. This creates keypairs for FrodoKEM-640-AES, FrodoKEM-976-AES, and FrodoKEM-1344-AES, each offering different security levels. We recommend FrodoKEM-976-AES for a balance of security and performance, suitable for most sensitive data.

   Action: Download each keypair or copy them to a secure location. For example, click 'Download' next to FrodoKEM-976-AES to save 'FrodoKEM-976-AES-public.txt' and 'FrodoKEM-976-AES-private.txt'. Alternatively, use the 'Download All as ZIP' button to get all keypairs in one file.

   Important: Store both public and private keys securely. The private key must remain confidential and stored offline, as it cannot be regenerated. Without it, encapsulated data cannot be decapsulated.

2. Share the Public Key (Alice)

   Send the public key (e.g., 'FrodoKEM-976-AES-public.txt') to Bob via a trusted channel, such as secure email or messaging. Never share the private key.

   Tip: Confirm with Bob that he received the correct public key to prevent encapsulation errors.

3. Encapsulate Data (Bob)

   Bob visits the encapsulation tool. He pastes Alice's public key into the text box or uploads the public key file. Then, he enters the data to encapsulate - either by pasting text (up to 1KB) or uploading a file (up to 5MB, such as a document or image).

   Action: Click 'Generate FrodoKEM Encapsulation'. The tool detects the FrodoKEM variant (e.g., 976-AES) from the public key and produces encapsulated data in JSON format. Bob can copy this output or download it as a file (e.g., 'frodokem-976-aes-encrypted.txt' for pasted data or 'document.pdf.FrodoKEM-976-AES.enc.txt' for files).

   Tip: File uploads include the original filename in the output for easy identification.

4. Send Encapsulated Data (Bob)

   Bob sends the encapsulated data to Alice, either by sharing the JSON text or the downloaded file, using any communication method, as the data is quantum-safe.

5. Decapsulate Data (Alice)

   Alice visits the decapsulation tool. She pastes her private key (e.g., from 'FrodoKEM-976-AES-private.txt') or uploads the private key file. Then, she pastes the encapsulated JSON data or uploads the file received from Bob (up to 7MB).

   Action: Click 'Decapsulate Data'. The tool detects the FrodoKEM variant and recovers the original data, which Alice can download (e.g., 'document.pdf' for files or 'frodokem-976-aes-decapsulated.txt' for pasted data).

   Important: Keep the decapsulated data secure, as it is no longer protected.

Safekeeping Your Keys

The private key is essential for decapsulation and cannot be regenerated. If lost, encapsulated data becomes inaccessible. Follow these best practices:

• Store private keys offline, such as on a secure USB drive or encrypted storage device.
• Back up keys in multiple secure locations to prevent loss from hardware failure.
• Never share your private key, even with trusted parties.
• Use strong passwords and encryption for any device or file containing your keys.

Public keys can be shared freely but should be sent via a trusted channel to avoid tampering.

Why FrodoKEM?

FrodoKEM is a viable alternative to ML-KEM, especially for highly sensitive information. Its design, based on the Learning With Errors (LWE) problem, offers a conservative security approach, making it ideal for applications requiring maximum quantum resistance. While ML-KEM is NIST-standardised, FrodoKEM's larger key sizes and robust structure provide strong protection for critical data.

Additional Tips

• Choose the Right Variant: FrodoKEM-976-AES balances security (Level 3+) and performance. Use FrodoKEM-640-AES for resource-constrained devices or FrodoKEM-1344-AES for highly sensitive data requiring Level 5+ security.
• Verify Inputs: Ensure public and private keys are correct to avoid encapsulation or decapsulation failures.
• Data Size Limits: The encapsulation tool accepts pasted text up to 1KB or files up to 5MB. The decapsulation tool supports files up to 7MB to handle larger outputs.
• Beta Notice: FrodoKEM tools are in beta, awaiting NIST standardisation. For production use, consider our ML-KEM tools.
• Security Assurance: Data and keys are processed in memory and not stored. See our Privacy Policy for details.

Need Help?

If you encounter errors, have questions, or wish to suggest improvements, please visit our contact page. We're here to help you secure your data with quantum-safe cryptography.