JDK-8305384 : KEM: Implementation
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 21
  • Submitted: 2023-03-31
  • Updated: 2023-05-23
  • Resolved: 2023-05-23
Related Reports
CSR :  
JDK-8297878 - KEM: Implementation
Description
Summary
-------

Introduce an API for Key Encapsulation Mechanism (KEM). KEM is an encryption technique for securing symmetric keys using public key cryptography.

Problem
-------

KEM is a modern cryptographic technique that is designed to encrypt symmetric keys using asymmetric or public key cryptography. It is increasing in popularity and will be an important cryptographic mechanism for providing protection against quantum computers. The Java Platform
contains a comprehensive set of cryptographic APIs called the Java Cryptography Architecture (JCA), but none of the APIs are a good match for a KEM — see [the Alternatives section on this JEP page](https://openjdk.org/jeps/8301034). It is important that the Java Platform provides a specific API for KEMs.

Solution
--------

A new JCA primitive engine `KEM` is introduced. Users can instantiate a KEM instance using one of the `getInstance` methods, and call its `newEncapsulator` or `newDecapsulator` to create an encapsulator object (on the sender side) or a decapsulator object (on the receiver side). Then they can call `encapsulate` or `decapsulate` on the new objects.

A `KEMSpi` class is created for security providers to implement KEM algorithms. A security provider needs to
implement the `KEMSpi`, `EncapsulatorSpi`, and `DecapsulatorSpi` interfaces.

The user API classes and SPI classes are mostly parallel. The major difference is that the user side `Encapsulator` and `Decapsulator` classes have a `providerName()` method that returns the name of the security provider. User side classes also have more overloaded methods for common and special use cases.

Specification
-------------


### New Java SE APIs

The attachment `kem20230502.txt` contains `KEM` and its inner classes for end user, and `KEMSpi` and its inner classes for implementors. They are also available [online](https://cr.openjdk.org/~weijun/8297878/csr.01/java.base/javax/crypto/package-summary.html). Only names starting with `KEM` are uploaded.

### A new security standard name section

## `KEM` Algorithms

The algorithm names in this section can be specified when generating an
instance of `KEM`.

    ------------------  ---------------------------------------------------------
    Algorithm Name      Description
    ------------------  ---------------------------------------------------------
    DHKEM               DH-Based KEM as defined in
                        [RFC 9180](https://www.rfc-editor.org/rfc/rfc9180#name-dh-based-kem-dhkem).
    ------------------  ---------------------------------------------------------
Comments
Thanks for the suggestion. The `Kem` name does have its merit but it's probably too late to make any change. We come to this final design after many rounds of talks with external developers and 3rd-party security providers.
23-05-2023
Moving to Approved. I'd prefer the name of "Kem" rather than "KEM" and will re-approve if you make that change. (Yes, the APIs in the JDK are inconsistent on whether or not acronyms should be in ALL-CAPS vs CamelCase, but we have "Mac" not "MAC" and I think CamelCase reads better.)
23-05-2023
Moving to Provisional.
21-04-2023