Skip to main content

ML-KEM-768 constants

ParameterSize
Public key1184 bytes
Secret key2400 bytes
Ciphertext1088 bytes
Shared secret32 bytes

Core cryptographic operations

  1. generate_keypair() creates ML-KEM-768 keypairs (via the ml-kem crate, FIPS 203).
  2. encapsulate(public_key) returns (ciphertext, shared_secret).
  3. decapsulate(ciphertext, secret_key) recovers shared_secret.
  4. compute_view_tag(shared_secret) computes a 1-byte tag.

View tags and scanning efficiency

SPECTER uses a 1-byte view tag space (256 values):
  • False positive rate: 1 / 256 (about 0.39%)
  • Filter efficiency: about 99.6%

Address derivation

SPECTER currently derives wallet-compatible stealth keys using secp256k1 seed derivation:
  • Seed is derived via SHAKE256 domain-separated hash
  • Ethereum address is derived from secp256k1 public key (keccak256 path)
  • Sui address is derived from secp256k1 compressed key (blake2b-256 path)
As of the latest release, the pqcrypto-kem (Kyber) dependency has been fully replaced by the ml-kem crate, which implements the final NIST FIPS 203 standard. All encapsulation and decapsulation paths now use ml-kem directly. Stealth address derivation uses secp256k1 seed expansion for Ethereum/Sui wallet compatibility.

Security properties implemented in code

  • #![forbid(unsafe_code)] across core crates
  • Secret material zeroization (zeroize)
  • Constant-time equality checks (subtle::ConstantTimeEq)
  • Domain separation constants for SHAKE256 operations