Package org.bouncycastle.crypto.kems

Class SAKKEKEMExtractor

java.lang.Object

org.bouncycastle.crypto.kems.SAKKEKEMExtractor

All Implemented Interfaces:

EncapsulatedSecretExtractor

public class SAKKEKEMExtractor
extends Object
implements EncapsulatedSecretExtractor

Implements the receiver side of the SAKKE (Sakai-Kasahara Key Encryption) protocol as defined in RFC 6508. This class extracts the shared secret value (SSV) from encapsulated data using the receiver's private key.

The extraction process follows these steps (RFC 6508, Section 6.2.2):

1. Parse encapsulated data into R_(b,S) and H
2. Compute pairing result w = <R_(b,S), K_(b,S)>
3. Recover SSV via SSV = H XOR HashToIntegerRange(w, 2^n)
4. Validate R_(b,S) by recomputing it with derived parameters

See Also:

• Sakai-Kasahara Key Encryption (SAKKE)

Constructor Summary

Constructors

Constructor	Description
SAKKEKEMExtractor(SAKKEPrivateKeyParameters privateKey)	Initializes the extractor with cryptographic parameters from the receiver's private key.

Method Summary

Modifier and Type	Method	Description
byte[]	extractSecret(byte[] encapsulation)	Extracts the shared secret value (SSV) from encapsulated data as per RFC 6508.
int	getEncapsulationLength()	Return the length in bytes of the encapsulation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SAKKEKEMExtractor

public SAKKEKEMExtractor(SAKKEPrivateKeyParameters privateKey)

Initializes the extractor with cryptographic parameters from the receiver's private key.

Parameters:

privateKey - The receiver's private key containing public parameters (curve, prime, generator, etc.) and the Receiver Secret Key (RSK). Must not be null.

Method Details

extractSecret

public byte[] extractSecret(byte[] encapsulation)

Extracts the shared secret value (SSV) from encapsulated data as per RFC 6508.

Specified by:

extractSecret in interface EncapsulatedSecretExtractor

Parameters:

encapsulation - The encapsulated data containing:

• R_(b,S): Elliptic curve point (uncompressed format, 257 bytes)
• H: Integer value (n/8 bytes)

Returns:

The extracted SSV as a byte array.

Throws:

IllegalStateException - If: Validation of R_(b,S) fails

getEncapsulationLength

public int getEncapsulationLength()

Description copied from interface: EncapsulatedSecretExtractor

Return the length in bytes of the encapsulation.

Specified by:

getEncapsulationLength in interface EncapsulatedSecretExtractor

Returns:

length in bytes of an encapsulation for this parameter set.