Implement Covercrypt CCA

Cargo.toml

@@ -32,7 +32,7 @@ serialization = []
 
 [dependencies]
 cosmian_crypto_core = { git="https://github.com/Cosmian/crypto_core.git", branch="develop", default-features = false, features = ["ser", "sha3", "aes", "curve25519"] }
-pqc_kyber = { version = "0.4", features = ["std", "hazmat"] }
+pqc_kyber = { version = "0.7", features = ["std", "kyber768"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = { version = "1.0", features = ["preserve_order"] }
 tiny-keccak = { version = "2.0.2", features = ["shake", "kmac"] }

examples/decrypt.rs

@@ -1,8 +1,8 @@
 use cosmian_cover_crypt::core::EncryptedHeader;
 
-const USK: &str = "AubJg6rkTo7EjT2A7jswv5tq2uR5kZflMxbqogOl+WYNWUDwr8yvmgGSe7D6kHLYHHjW78VWtfV3kjRUrT3gRAsMAAEAnzQygadC4nJKHl4nP9VkHqU/62dVM4NVCkNlmFSBMgMCAQkBAPRl3kM+kOijMKDR0OjOWq2h0N+MhQzdi/uRUwKTi08HAgMJAQCbcxAJ960xi+CDtCeg/l7uux1a/DFzPUOFk94Apdt4CwIECQEAdt+vYI9Hga7eEgBhLTi97eDgp7NGCZV0JTrvKdxJlAMCBQkBAU2GnUJtqBUZ6rRtbdP6gvC5KmOjgMKk1V8p14iiL18E8lwJjdmrcweORogGSlVUZ4OW9IM+IzRJaLqfz0VMGsItYRpkLHQVmslsJxrMs0mzFWt0nsfD6bRzhlFSyWdByEOr1nCJnhClpJWAhAZSUxJe4vOlWlNJOKQDAWKA/4K6vsxRfBachXQ/9GeXbxAValix03xgLdwpszZPM/SshSKgxVIGvojFmNEU5KERtXEw9RVxXWImMVRCuMoMy4MIaRw9tSkczirJSOl9F9WT8jK8OfGSiDdbY9UFmrRijMUIw2QLeWquYtUHyCo3qwd+aTy/yFhgbhEd4vqKttk8XUIAjSuyNSGiJ7tDsNBwJjopdeOdWslOk5pccaYWSfuGo4UHomg1MvA+G5Oc0kqOzegtIAk1DdRGv1tEG1RW8YSGD7WdIyDBo0IAlhBAdRwEjwMmvrg7S5FwFlyVtoKTd9F8AFK3TKep0iO8RwJ9tXci5isYdGlCd6wasDAdEPS87PZYXWxXuLSGuMyZanE6dCJsDkRhBYh/BgWwSbOkFRQlLzyW4YRml/kufGNM+BwU6mAbmIgqcqKOL+yut/hGQCd//7QO43t+9LYXlTGmFcOPGdmNnftagNGiiNSEATwjiOi5jSG6HcRR8vhwSCdZEDBBH7UUDJpCXAMhlfRn1+Ab/9lpAnifDKKwFBeT+MFUqvtRqbAM9qxs0yeMDwkVfudkXJQcTdAlTQQSfIypF/AOjlquVipC8cp6sOlihLekenynkOKN0tRn/ZwsRHTF0qGk+9c/nvorT4GmySckjGFUMrdhauDIoOQG8gcpPhYSV5tQvxeI/QFCAO27PHSrNgM2jKRz/Liwj2C4xeJ77bQ735DLnNCf/7VRLHiPP3ksONKSdoWovUU/A5m0ZONTpyK9+5csIghLV+iyniMeKVhAsctb5BF7+EmYAIeiUOR2Kbigc3OBiyZ8qyFfA5cwwZddLQwJxKYw3vg9dlZiO+tOImNi9AlICmakS8HDv3qs/Vs5QqKiUbc1JWV9u6pQ9ne/dOC1LdUy+cMGj9Ei3IAqTQmMYKij8AdFWIowwgUaTAdqysyf6qiUpftNRCKIDmhMv7pT1tQxq2QYNLNe+SgSOLF4n8ImdSOc9CyxElVW+sSafjmmloWg/vt/OQOokzZfg/ChbgKtprrHiVJGrGctaidZ+szIFsrOh6lkSOsKJRTNgUUSg/M/lgZvrJSHNXlzVlI+foG9VIMXeeYikFe+bnidJJMXgJxLf8kD2CqFKcmTBKMK+BtKTsZIO1eNNoYJWnULZ+Gq+0OR8XdB/UxP5Qtr4cOSdRgbO4pEf1F457LDWUMM1kCEuFM277ZmjdJHhpxQ1fev9bwb+4N5MfmMnsRQdtah9gwmj7QdlquF7rekMhNT9ejHQTYViBeriJuCP5O0Q8aVbUVsNtqcAzVA3MoPOTJUrJsi2eUd6wOXYyJQfJAse9rPhhRX5yJj4qCpDsohSHl6GMONEhoX+EOknIipyrA5gKIcp4oR4BEfDIx3JZdXYgUuDIeWgjGFyWB4KSHG+lDA5QK+18m5yjUcAgIJAQBJRyFcnp4xeqU+4o2EhSGhyddvgCqaGyaEqg8x7QhEBwEDAQCXqQaNJM0LcrJZ6hsKyGpZzMyoVDcA5gd/6nDiPtwGAwECAQBz8wIlGmV3y72iGooihsWtbaJ+CjKbtkm/Mi6ApqlxAQEEAQCrKwmaGsOj2sU86qB+n5OMLYv7fJgINf1ialqCW8WzAAEJAQBDkSIuL2/Ps0u4q/HCZtjnOxqsCmrs8afW4kFSn5sgBQEBAQB2+33uGp6vrBwQpuLLbgwkYiDrWLT8FfQZx6qh4tOTCAEFAQFuTG99mFUWwOXJ3dEGoceH+z7eabZw7HrdIAJlzApZARyml2TjHhQjrfM2ExyHhmuVAmx2ZqkHJyWBTytYzOKXy5U0vHk2cACJbtLAMc9SgRwgOu6JH/2iIh6GeavhRNzxZGeXXEjIJrpAgEOlJkbaKP4HGmIFR9lSaooTrIjyrOAht+JEEA45QshBP+VBskikBvUUFSLLlmW0O/CaFnkIvQtUBzdmbxlpPvwjyY8Xx/bAKtSRgRT3kGgMd4vkwCgMSQa3uOrWJlUXJFfGaAScPKwFX8jxYvjlbgBci1pRMa6KuvuqwkMIXqZnt6V1zJEWYPkYc4fKRll0JOLps+a5TIKroTBsRHLxAZH5DuyQRNjKQ3b8OWJgNY05EVQiHKCllCalGZ28DY3mW8ULG+1KaW0EUEBQAbzkbBFcGKOVZW/pEdhVp7pWhu9pJRebeWblv7KwE/oTYSfzRqI4fHC1f/+qiSsQDCgqOLI6wlWcy8HStZ+DPtvxDRBYDcjjQxjkPlI4fbvKvpVLvGQMWZcXB8AsOnN6LnMxYYvbAedaKtqFh8r8g+nRXj05XLecUnQqeWR2u8mFxhQli7DkVuLIvXX4g/T3P3cIVp0HGEGriARFXrODNnehkHIxPxMwrDK2cAEkTYiQkrc3JkQyKw4JiJ30W1XmZG+Am3/JtSLSkk1YmJsIJUSaAdijcr10NucqctMbCgtbiwY3EZJ6Wkuqd2XBYlXyp+1gZACBs+rVhNiISlC5tSKxYkp8IykkaN7Cnt3lQGhGmND2RAPMb8xljTnrKQYgOn+rfS+TA5zKAhwQNLF0IgfYPDi0mZTMDdL3z5A7v0T1xSsaNkEQs0aDPXWbfKoqp36VU8FLUyqYsel7Qd0qyBO2ZLn8Zu5Dbjr5ifCkXkvatr7ZC3eRTY6VwuNanwSBVQPzOnNjIiWrUgdxRadwnifliecZSYXaBrxKrogZpqvbuH5xGqTzIKbXeWOGnHWLXaDAk80cEvNAqSD2UNpJCaDii2EGgw6xGl+zm57lU07nDQqcrlMYxd2TJ/PZapIWSw3cAdtwbltwWiE8XAYbDEucjlaMrXOEhw0KF5TsuqjnKnqQYmS6e4azxlpoPstqpriUVAhZlullTeFppjxqrCwXovJBjBMintjoPRR1HjDoLAz2RmU8X+/5wHp6YBe4Q1XgEEK4ZPVkbHsmOiumLU/oU8XhNUy5bEcGHvCxtG4WTqqQuEI2nASyGxoHyxAkde9LpoZGLvXMYNKysjS3Bvbcv5zWEDQ5CptrlaQGRnWhh6qoreyWObpgkW3LVIXBM9MEj+Uasb7gEmnkXi4nMUrSBiyGyxIjhooVXHjqpGPVvkVBN4kRT2/Glc4giq9onItwnsZGxWzAXtCVmEfGdPjAMFFXQaE4d9kDqhN7ASkbSzuryn6aYuc0LiCMj2VSzqeXtGoFaD48fhQiiiTlEjgwNnDZvmYzU+dMfdmwBN9RAzhGjurEUaVXBsKjpYn8i8hIZf9ZE/LovkFKwsJWae7SqKFjvKcBgiXgedojpJTahFj4TktgKS4GWL8ZMAbCGe5EH0tGcGwbZftOpr+CzWAXfIwnJy/KLcC2KSg/2ns1NTLhsNGD9c6f";
+const USK: &str = "AqKlPbW5wr7hZN9mSA+pAji3YhvGRS4HAoK5S2TMrsINUsIRMnwtk4O1e42r1uRqoThmyP5SWdH0tRVf1thZ/wQMAgQJAQCYiWntbXfpfAjYeg+JMceEXvcZLGSsukmojjnZATSiAgEEAQBuWr/epW3eb/0sL1kRIW1xUpK6AAkMCtxD8rPaLH8gCgEFAQE18MBlszeHsvUbW5iZkjsZV0Pi9ZrUsNlvyfa5IJVlBrYQcLzGu3/zU2zqnVcjlfS7eF6Qbf8wYodEQdyZC3EHdm7qrNA2xiTVKR3WsXkSaOZ1ezKhAX4Hp5fGMiljTCzUjXjJaJOpQ8jABlxCS6ZRSr7wu5a6TaLJPZvlMrvRcOAxtXVyF3JWxhqaHd5qWZ+ZAoIMCjzbRZBFhVTSIaZFxziGeWisGh94PWXoqEZDT3kpa6Ajo6eUNoeKNWKyXCDWyZO7Ln6FOQi6JMqDPyAXHcVrhpexHuAQrT7HsVT1k13yflXmCzt2ZCCkVHOEHz7Gf8PXcVJGj7Ihiys5S4XiYBemrDNDMMekZADBPG7BR465SUdshQuldIRgB/lFd06UTRjWQq1oQ/BjjguSdOwzm3a0n9IJEcL8dq7ixOPwyywVztuoqv/4Ams2qCC7V+98nhSVjLsplJaYpHZjEcXRSgB5tAzZTte7Ss5rdserP6Fgu+pZA8ALFOzlNpSouJ2hOVOXIPGBW/yldg7SHPCMJ9iMMCIocyQpvQ+iww6QZ+jTBQEbDUO6sfFSedyJjwTrEc8oBO7aVPYHWo+KdEPmgT9qHg6TnF5JgEMnTtzjxEDLdszRneNHrCTVGtxHaehWQaV7hz4KY/ZlDGmLZfZIk+A2GSx0N97WRe4bCdFLf2+nY6SLT1MbrE1ElzWjwLYXOltna0omGQSBgvg6DSmpZoEmpt7bDLXXoGYDL76miHaRQBKSdD6aOLiATja1HRtQGA9Bim11k1tVJpK0zDEWPFxlDCkwFflcjv1GmXkCPxmsaCGlx2midVgGNOlWW6rzjNGYGJQZsIyiS/ILt3ARbbYaTYg4gQk2GfdoC9QWY75hCO0BP2DcGswEY3UAbkzVjAoDZ0Q6xpcnoyGiBUUcq+IqP44kLWsRqnfpUoeXhm9xIxnFa9hnspnxRx5SjEiKOzFjbo4IJLulRucQtRXGBdRms1mYxTsDeOZ0L0NxbTKqLY/3Bx02BdTDwvYFj5XXqaEagtdmDJ1EIua6qFLVRq3Ab6jbkoMRqFqcJ+9oNd4kuJdipm55cfpbXG0pKD8UFymStHvVFZ7TWC+ZgqZAWMOCuJXnf/+WNXizGreDrcFYlLGDjja0nr7UqGsJgrqITTqrMlTMl0bEYgU7jSTsRiFVdcHpdBSlJs50AzlMD3FXYuQliEVlh6yrPmLAZ7qhue6wRmGpbQW7PCXJryapsn1HXeMklICmKT3Kaw4pueCoAOurz+6BgbzCg+upscCGqYQGmZspvzWQpIDTrlkppLpyXWcVXPtqIhBLcdTIC5hghiXXqQmZOLSAsB4Bom56MNGpa8thFSG7iTHVimmTYQEFSO5yQbWHX9UjqnjpfPY1b4GldwwwYFzWTfdxL9xpuYqFDUmltbxVPF6jFnE6YmyRgMnLDei7vJCHNKlVHgspkhc7f456rdTLFT3cU162UxfEDKRmCReYs+R6ekc0OoKLNj1IpdsHrfGYiw1JKfQnJcSiziBTAGlSCUs6a7DnlMshc4ODsG1Mmr+hilsGwal6cRyjySW5JJj2E6MEJ5A0AdUlw9jXXE6DhYDjpaWZC2UJwg+MjhkTi2OVseVXwkn3VVoCVPxknjVsSzIwNQH4nlxWB0p0OR8xPwIai3nKG9uYQBsgHjJKJnpBALT4DZobK/ZqAd/hVc0CZ696xyO0j24nGa5Dk5GoGUaTqelsYVp5mF6au7M4d5y4ZTk0TSkptnWqReSju2miWErls7MAQiooxY/2u7uXjYzRi+pAZqJ2U7+Aj+6RGxDVC804V9TXHiMzqCVGRi9jDDnGb1ClT9yKEmu0YDx2pxrol+SZW/pzSBiAMlwyTRJMc/jaWkoZtBXkGmv4K5Apc0tlT8UI0LTrqNS0f/HniMWsF8I5VcfSwopxRM1VFQ/btACbdoCDis2YPSP1KgvEjTuruwPEG8hiTlaEx5Ozg5iWuT6zhuKKjrWQgOQKiThTeaAsQ3L0rOR1uwO3pizYqrHFg80QubuwTrJwxolmbj2xCWQ4njhhPNKweRMaW69gi9uzRrqGgmi3smlTyKCizmzWBA/jF8n7TwQmaf8igrR1rTLzH+oqE8sMSWlzXxDgLLvIr+CGkkN0d4bpfqH4W5zyetYKECT4ZwgSEB+SryRXi1jHdJ4RejJkKKXsGGGQDI23ee2sdySsCakSby9JQSJ3fYIKTihlHE2IuAkKWLZrGwJDF59rnA5zWexQjdYGViTVD5/byxlDHZxEiaumYTDif+Csetu7iMZRd3vQGa2oj85xrhq8jh17g9ahaBSAKSTmFVjWHrWKjHnUsV8Jc+qyzVPFTbvmjqkRKjlbYf2RbscUw3dimu1QLxMaQlwSPIfrOi9Hbf77xPb8gQ9LD/KZtdY4p8Z7UlLcXVCaoO54msU5w87jL//5L4RZWFn6vG3yY/L4japmFZSwMcRXl0jCWsQSAtgouOXKmB52fGF6Li/Tr8hsg8wBunMiHqpDCc5Ck/cpjp2oFuLqXp+BqzxFcfW0K+WFPfljmwFgDmS7Pv07TtP1vsAbnV20ZDZ4d3tmtXvlgvMJYV5XdQnUgwNoVJcMD4X1z7yrtByQwu5FUrGhW5mAghdEFP7hmZZyyUwluKjmdTCcv4cVjyCiNgVst1l4tsFGbVXxgLQVz0pil+18t+m5P1GFNX0XBYeGyJnrr97SAvWhNd4jMVYVfz+AagkKDyWxzTsmKHhmKr5kaTOUDquLBzBrJ/ujgy2JAZFMrWfonbRlj216inIxvWcGLOWjaFmGeXsnrzMByE8yjcj8H3sXATcDPBg7tXG6ghITxhhCrx6xRlTnsv7cTGjrsT7WXFMwMZy6ugCRnW7ZUt4JVbFGWmN0O73BZyyhLolnOFRkq4JSrReGAwFzt5q3cPGTkqjMr4ylg3zpW3lpxoC2FfHFqbspDOikUz7Eav/zvUb7mf26zVjxlM+qVqKbtskJS9IKc8+6yWyEEqJqGczhdOJERrrjgrPaHb+kUpiihPUStHMBZk40ELKRmfVQx5SWmI5rVrFjxdCDpDP1rs3BPNu6MHKkBfajYWlWzeFggXXCiaMjyoh0d1TlzfLbSyGjng1B1H7t3sTHex2IdxPKZIPYwm6v8OcuyQ4H4bxbyuUC1Edqq8fjhQEr3QGW4oDKT3VN5jGH+CMIrYrCaEq5fOnoOuL6FngyqFCQOT8D9CHsd5XdaUo+oL/B7jbCDQIBCQEAcEBZgDzYZB4V2KXy3HanVcYt8qnMPm2jHCJnWeDJUAABAQEAmGpt0ftYSLRgeXVKrDiQDIK3hPBKi3pqXE38hfzblA8CBQkBAScxMbUYFI9+tRQ2NpZoRk4geEvZGrHLPYJsCNVWcmkL1EUkLZIAXENkaCOAirSRNvcyO+EcaaGXlRMwsvYO8He7/Il3DUGgOyOpUenERTSZtUAJkRaEKxU2HYYkOAYIuNe1BQuwbiecPKNP6np1mwp1LydjI4E1EdSm+2wqLDBb+FqJZKoS6VAtYyyoSkrIw8xyrKV/eUeVHkUj2op62YlCVqubHuICHsNmHktlfEWXHKqRc/zNYsRq66a++dk/JklhnDxhWkzHOcAM91lpu7RdJttofwWyQihehByhkRxmFjAyiMaRjjBG2LieafLEkZCaXFJG16uqVWhisQugNGU2oxxOf/Yn6+h0xySeaHVGxuLCFjWjktaGz1lrFpg5LLzMg6k67nKUHguj1+sh8VNKn4u/qhaf9wOWAGs4k/U0H2XFAE0KwfM5aqg0MndXkacTWzVQmzoy1Ro/jUGsNjplX+dU//Y70URTI3iXuwPOmdheYZaW5Tw3M9kjAuqkTwq0RYZe5WiAZqMhvisDbKLNNytewtegYuNIyRNqaBtEYjezVlcriHvEoKQR5wU5GbOMFOx8hlgzD8cS+ZAlNyxChWWmIKRJmfFTgjs072gAWVWZ2iheroaY0SgcXDquffIo4zxDE+NNRBKuffuUodSEwZlnO6h6ELcDYdK2AWzCE6c0Q1sxuuZGHHd2rxNi0lQF19GNbzZgSdSamCOklhMhi2hcFbiWjIsO2HScE+yRvYouFNkCzgeFeXsf3jphe4QhMmBw4pt5D/bExvIQj5R37WXJJ0a+CmRozhTEMhqJJ8Z1yieFHiDHgZVDHQa1daKzRhhVCOuFwQSHBXGHe0FX8xAPx4BShjpsy9OjLahv+Tg7O0I37oaSBVifFSHDFoKipsuCYkxjGrULPxFRj/DF3Aam3aOSWLo5OtBFuXqUIVQZNvakZFkgz2xhDDMxmjEADoFFmDWLEoo4hEkv5rUc34OrCLxIswq7c+aBGryfxlfDdvzDEsC21qiSmRweR0u/CzJND0xApeKeMYrKXJp02ZKpaOgLhDXNUqR18WKmcyA8NlYCozho9qkHuOegBamtsTgCmkDL73JX5EJT+1QDiwI/vHFrrrdFq6JwEli5Crtqq9SncuTMgjfBlKgSOca2iAh9ZRYDCNWa9wm2z+pz63cqERaxR+NX46whR6dftRg5LVvEC5qOttccjhJe9fat9ppPVuPJXxs/SycXqUYkhkB00vh4YomzAwedoplVT2RPSBWE4HNZHzB6wNVtrwtJoWFN17F1rwkT9Ax40hGSjjUG6uci1EKEmnIEndc2cIbDq3HK/fwIC8s5qSsAPykU1EYiTaSIfxVz0xw/snaHslqvKseI87QxSaespzWcFBNVy3hSLLC0pubLs+YuCMUvUFq4nEPDTcaXwWqbbTe1jUNiU/N457VBFMyR65Ky2cQhsDyeuDTKLmqwClQ37PbFFae9nQCb9WEDdWk5oSRhZYHDzbqtrDJTtlZVjrhlA6NBLOIBHgBeZ7OG5GloQaqk8ZcCaLfMGEREsOg1NeCV/jETa0LOPSVSu7sS4jjMxRUETAM+gqYYEapBK1GCJBmYAgTJ9PVRj9DJa6BE8fEdPqqfUEgeRpO2NTONsJpsFIIhKbQ++fTHKEw9z8On9ppK0TS7ZiJQE2V94xCUZwG6tdls3gwuRxMmyaQ2WVuUHWdsuoW20wmmumZIQhAtsJCaEgRP/koRK7CkalE1+HRihci8azgwi8SyBClXcnyeeENTNsdKHhWNTjxBM6MnF0Qb0VRuDKsEWANvCaaqf9YnFvU5/3iWzdyP/kwKG7I1oKWvrnMbWzsZsxgMRsZe1DOvi5d+wAIanAsymhQV6Kyi4LNHP+pkhzFqCtkslwkfWXqXuZRgSKPM1IcW6sNULfKaj+HKV+QkpwASY4jC5+DMUee5A0ia0IiCQ/kRkCeKf3k8OuMY3zIytFgzLTZ2RgNfmoXEjjh17JA6/vN35pM0GCSXxCXKBXKh39eeTXm6GIA9gFsfcPtcFvyQofpTqksK1ka12wl6nUIN5syJcZWhJCWYHpyq5YgJ/xOXGyYt8owVSuoFKPkSoZkiasJJ4iuJ2DvJKPm6eEgiMTSpCvd1ePsxoAadu3QHXSYeyvpIUSZQWhaLUTsngfy95gEXw9hd4BdDQ8N8MvW0XKcMLgGaPHun2qpoGUocgQNFOOeLrXA9jghXQ9yUQcTECdodJHRI09RGG7XAu6RWeNdUuwlMLtOG0NrJ3RFzPFBKmpnEyKg9yax9nYamTCEm0lQxr1u2bEpQrZsG5CMEsURY7CdLB2CTCJE/iWkHBDvN33BI28UOpgWEWVVQAKEihIRBHeM04purKqq6/IqzRDSxOLE4m+Vx+wRsO0NjALjJaQykMOdCMWGwVTOpxqihLFa2aEZg3vF+0qhKGCRACdMasldLJnaFs7U9KoK3PPDNSmVazbRYhrRcYmnAP6eVXehSk+vIQfm50/YEHesPqBR6FRarbhwBEzZNVAgsQtRP38iH4bqQbAlj5Es04iI/2drMQFV8mxrGMDN2EMdTZNkzuKWqNGIs7+ePkTKT6LERGMZxBjKOfDwNa5JaXJJKelCEF2p0FbfPMpCjaAkm5XYcAZUybodAokGrtBsBgXay6tzBDWaJlYdp/IdYsCyNMAodg7HLf5rEgAwSK8G0TziyEsGbIVMlQ6hueJeg0FhJJFPMnuIgGaDDDSMwhIsXDiERCSyqwqFYWiXK9HwNURZv3zuXn7DCMpphQyxnpbKA3QC6BlckafERLINxpauPVPZCZkGK77wJYnoQI1okFWYoOHgur/qOWhOvJTWAwbsTMEetkyMshGVpGpU7+BqqI/GKfCmlfgYtLCJ6QRsYLrohOLO3+9sP66kuSSNsptx9+PuBlQEJwnQs34kqguOKPQQSoNofhmikIVUd4GHKqykmlfihiYGTiSxQlgMzzqsuE4VGT7DGjVERniXPVqFN1PQPROAWxvePjmFf0ulufBoSqDZ2uKV+VMkhDzGdcKAeE+Wr6MYYJrspU+Yd4lzOoYpVDBCF7jaFJqk0Djes+iwIsKBnv6OB4RVXc/ViGUh5jGcyqA1yie5YlUHugQJD5eVTuHXpPJf5pUzT6b6XwZiXFXTqZW+4wKLyUpdt6gpZwS9F3f1Lw3FWXYCLkVxHotQujpw9B3vaMJuP9EgVDQ6byvJ88aygQvzE/uEhRu5+ijZNAQIBAMM3XzlwJTi8kXJA/7MTFAqtvL9k2mFLbM8KaCCW41oEAQkBAHmVm8+HWnsPe27dGVA7o+irD2uLWacKmbVIR3BM+KMNAQMBAOFiKA8IjyBvio2y20OO5VIzGQ4PCIAZ49wQlm3YUtsIAgIJAQBloqG8YSadZOuFtYnakRr9CC86+EgFwEyLfPCloezqBQIDCQEAyUVwj0MkWJYZG9Weja3vkiRIdOMJ2a/FuJZ0PK/OXQ0AAQB2yikxgct8K9BCr65zq+odoXuK0KC2G91/z4gjFu1yAVRk2CHZOTCOhthtJH/zNaWLSKeFEqcpr3eEmxSQb1Ro";
 
-const HEADER: &str = "xjVmiELa1aImn5Z5KWZpkALkqkypgonZhhv6ZTCdtUQVjBz09pM7k1qLg9wR6lWiJi49xeIspSln4GoFwM7dJgVvdWk48RlGpUfTEIQX+zk7AQEjIukFORWf4BQTxkQ/CoZ2ivdSK0vYilRIeyOnSZ9rJU9Q7x0Rhih0NMut7KCjhoJdgkUAjilvqr9880EaoS90XhSHvzSFu5dV8i7tWHleUWdUxMiCWF1kG88H7oxGn+8bCgM/7xT8knVEbJ+Ts6m8aU9fy3Za6Of5G/eEU9j0q+DU+U3GFGkJu0IriAPTBoNh34JBe+JTecT5k92AXU7TzJV/rFYKlLVWgGk/DcTHCmZjzqr9uEBHLZWaXGhVlzpjQgqYY/bI03jx6twk78LyKLFTbLJo8f5haYxtH/47Qt5lisXkoo6ACENlOG07C8Y6Q6j/cf8CmWp9qCHcybpnU6IwZpjW8yo+6HULGpqp7cBq8L9bFZp5MYZg1xqZ8pi9rwz6jPfFAOHeX8Ke3kEK2obuy8xncbm+sVnuNLh8jaLfN04WnC3T5d/GHuSpY53zWF4cNO5+Sz04VpE0tW4ZymI6DB5bYZJts4fJEXO1jlywVL9Fea4PVsHFrdxiO72BKSBSvu63NU6khjpndP93Zv1/eyXulkKGE1YKibML/48gClU9h/s7GHqncEQ0VjB5i2C1tm0UV1imbJKspDxAl5VGJoTJZeM+4phFJVL4KpQ8Sny+WA1gTmcl0OHGD9R2YdaAM8g+j/kvCuaK8eoRi/K27GSMJry8DuVu3Zm5K++xatAgZsa9+LaJFtGrPh8Xikgks+NBQeXj3bKOHGEe0lXSmKus2n8S/MWNQr8LTyKbyGdKzSWk9RLk+OtLwRDpkUIwZnliwJJgVp4EMByAt9x56sr+V60av9PDwt0gvvbYnKj8AB4mc8W8gUkDKjCau9f0VU8FjeSd0VJOrQjiH6EY56kNltJnN8mAen2HU5LlhsIWsMnvAT/xOZkDV6OJ3zgGZEZRqJdR7R6era4QeUGBUIELmXJjSOutwmT/Q3lMxqO5MrBcO93FEMzYbGZKsmjPY2D+o8SNtUJnwqFVTn5JZBMLLopQkGnuYxnCE3r3jxLailt4cgg7EJcXZhb8xIr7af1ndu2Ewb4T6Jgc37jK55tOijSjJr7qw88IUAHp/yacJe/LsFbNsxaUtjhtdqKdbm1PBbnNFOv1+O43hcoW7PgxGk7Pt1CUAJ+gI15rAmRo/s7dFdI+TLGGHhnQFXiQO+1fsWydjjR/AV1grEj56NZNKwkH6FbThRI95D2y1V33+Tdg3nu6jbZB6MN1SMnBCURJoPRN5YB5Ed263j7v+XcsLKoXf14QNYuTCPqyigEoWEsd+yyjt2yWTjZtyte+FRdgauG+12GBrXzR6UnuaXWtl7Dl0GPmtFUALnIbUnLwQx5fBwpKluOMTpcrDHUJGupnZCdXuKJD8aF0fqzZjKkkpGMRm7yG32PeqFOzx9gKPnHUT7EOEKXMPK/NIFSXpez9GbDRkzeCXrweMiShzFBb2kGC/CIbFRJJ5wA=";
+const HEADER: &str = "/m73Gzm5LhMZmNEpFubAuQJUu3QzyOH1fJCrJynNWprMuzGViQ1nlE6v111VBxt8cnpYD8oR1TAHUBBFm2f0Tpz11KNRhs1KeNLW8Pjs4c9bAQH8CAAVK0PKJXcjuDokdVD1WBYkCZEEXmG508jhFJT7UJ/PiggCLI+hcubhLo+9PVQPCSpkYBmoQQNpDhsKMnRku3NyGnQJHF/3du5LOB5me5ln9BphUiIAWVg6u6UMnD5+TqzLzxqGM85cbh4GloEs/0DvlHv2Uy1GLo51JnvUIysh7TiShikYfE5EH3FQWSJIdrZLhmbUKW3Np47AEfFgNXfu3FWlgbrzbkfnRN7HHBXWJIwlzp+A1xstcO7zHzs0AzwJ8hlk2O111uDW3ppQguKHfwIg1v1LtFxA4pB0SQ207e18yrd91KKIBpSywOgbc9zDKXxD+BA3MFj1xjvlRqzkQCYwrAP4RDYkzZ2V0z8Xwmbkl6jabI6jTKyYlU3s1ZLxxemKxWChWb0VYb4v9l8GAXlO0V+iSplwVFZOOsrWiCFwd521TSQwTVBNnDQJcz0bX9wPrK8HiOKZyVZB8RfPWbH7PhY+2yrvn+QF+GZRKckXU34kJgZBZ9nn3leRo1buvg/RGPw9vMmueLnhmfJhVTSDLnlQ7v+jIHMR3mxsW7SJ7e5YWITkSb3VqFyzdSINc39FzRxNbEXuSkpyqD9DV2LVXmUlVJwmGjiUCB+z/K9j2d0i1SFRLAjG3J3gQl68lexn0WJF47dK9l9PyuCYWa1vmY2+SZW5oJq/fkbX1FUuWcGgtFWoHHCR89e7m2eD20kwVmirjaGgIIwifXXNjrGckoDT82TZTBidnqIZFy1nF4CztBJMrjhPa1a2j2bSJWpS/qjmuUJrkFs7gozNm/cvJfIoek994AwGy9t9Z1WcpL90k9CCdzSpxoaOeV3747SzMUN7fbCfeGg/LqxmBjTViTFEpAWCz50vYqS48nutf4wxcilvFxtvJD6/iH/7dh1x48Q6E/DZ8bAQWml4Usd/g/cu3WR327H5qxazUL28vGDZGi/S4hBtvs6rhk+utZXgbwsHe1/+d4Bdv+PjZkRpgl4tOJl5wtgdgmIQNbZZfegIs51NKF9+OzxasbMoJ9ZY674juZrIwuPafGE63oRldT+v5A8HAMSsO8O+5awKekyoHXooPlD/e0rfw/c0tGHprGNNM0fh1VThll7ZhYfvZlH0sAFxqTlln2xnx3Uw4s6g25iJRs8m7NC4rbWo93fNki+7Fo615YLFvcH4dlVay3705nTjnqbwhxsnYczWpSWtey/1VmPmUxWFxUXfya73Rc242ZbSZzmD2GLAeAHY7QYhQJZzbV6/iC+f+c8hqbE0F1K1xG8UMoA/sXPnfHHZfEMSEcTpR5x6tX4UdB3kfGDM9L0cVkX6b2uvt20C3LHCvVQYn/Fi7iSzRS64tRIqHnk88Sj+9b0/uFigpTh6fjcgRfLr1Ys58qhl/BoBx4JyvGpDKcjGHVBnHcXAY+RguQHUTabqdOBXSKK49ZzSRlTSPdKjYOSqTAY5kfjwYzwMh9HiFdnyV3mXYYukDUjB/3XQO6JPgYsF8oVsnEuzKX6kGw/FN0apflTfQcVOx9wgxge3A10fAA==";
 
 fn main() {
     use base64::{

src/abe_policy/policy.rs

@@ -242,7 +242,6 @@ impl Policy {
 /// - D1::A1 && D2::B2
 /// - D2::A2
 /// - D2::B2
-#[allow(dead_code)]
 pub fn combine(
     dimensions: &[(&String, &Dimension)], // TODO: signature depends on the HashMap iterator type
 ) -> Vec<(Vec<u32>, EncryptionHint, AttributeStatus)> {

src/core/ae.rs

@@ -2,38 +2,42 @@ use cosmian_crypto_core::{
     reexport::rand_core::CryptoRngCore, Aes256Gcm, Dem, FixedSizeCBytes, Instantiable, Nonce,
     RandomFixedSizeCBytes, SymmetricKey,
 };
+use zeroize::Zeroizing;
 
 use crate::Error;
 
 /// Authenticated Encryption trait
 pub trait AE<const KEY_LENGTH: usize> {
     /// Encrypts the given plaintext `ptx` using the given `key`.
     fn encrypt(
+        rng: &mut impl CryptoRngCore,
         key: &SymmetricKey<KEY_LENGTH>,
         ptx: &[u8],
-        rng: &mut impl CryptoRngCore,
     ) -> Result<Vec<u8>, Error>;
 
     /// Decrypts the given ciphertext `ctx` using the given `key`.
     ///
     /// # Error
     ///
     /// Returns an error if the integrity of the ciphertext could not be verified.
-    fn decrypt(key: &SymmetricKey<KEY_LENGTH>, ctx: &[u8]) -> Result<Vec<u8>, Error>;
+    fn decrypt(key: &SymmetricKey<KEY_LENGTH>, ctx: &[u8]) -> Result<Zeroizing<Vec<u8>>, Error>;
 }
 
 impl AE<{ Self::KEY_LENGTH }> for Aes256Gcm {
     fn encrypt(
+        rng: &mut impl CryptoRngCore,
         key: &SymmetricKey<{ Self::KEY_LENGTH }>,
         ptx: &[u8],
-        rng: &mut impl CryptoRngCore,
     ) -> Result<Vec<u8>, Error> {
         let nonce = Nonce::<{ Self::NONCE_LENGTH }>::new(&mut *rng);
         let ciphertext = Self::new(key).encrypt(&nonce, ptx, None)?;
         Ok([nonce.as_bytes(), &ciphertext].concat())
     }
 
-    fn decrypt(key: &SymmetricKey<{ Self::KEY_LENGTH }>, ctx: &[u8]) -> Result<Vec<u8>, Error> {
+    fn decrypt(
+        key: &SymmetricKey<{ Self::KEY_LENGTH }>,
+        ctx: &[u8],
+    ) -> Result<Zeroizing<Vec<u8>>, Error> {
         if ctx.len() < Self::NONCE_LENGTH {
             return Err(Error::CryptoCoreError(
                 cosmian_crypto_core::CryptoCoreError::DecryptionError,
@@ -43,5 +47,6 @@ impl AE<{ Self::KEY_LENGTH }> for Aes256Gcm {
         Self::new(key)
             .decrypt(&nonce, &ctx[Self::NONCE_LENGTH..], None)
             .map_err(Error::CryptoCoreError)
+            .map(Zeroizing::new)
     }
 }

src/core/api.rs

@@ -4,10 +4,11 @@ use std::{
 };
 
 use cosmian_crypto_core::{kdf256, reexport::rand_core::SeedableRng, CsRng, Secret, SymmetricKey};
+use zeroize::Zeroizing;
 
 use super::{
     ae::AE,
-    primitives::{mpk_keygen, prune, update_coordinate_keys, usk_keygen},
+    primitives::{prune, update_coordinate_keys, usk_keygen},
     MIN_TRACING_LEVEL,
 };
 use crate::{
@@ -67,7 +68,7 @@ impl Covercrypt {
                 (EncryptionHint::Classic, AttributeStatus::EncryptDecrypt),
             )]),
         )?;
-        let mpk = mpk_keygen(&msk)?;
+        let mpk = msk.mpk()?;
 
         Ok((msk, mpk))
     }
@@ -92,8 +93,7 @@ impl Covercrypt {
             msk,
             policy.generate_universal_coordinates()?,
         )?;
-        let mpk = mpk_keygen(msk)?;
-        Ok(mpk)
+        msk.mpk()
     }
 
     /// Generates new keys for each coordinate in the semantic space of the
@@ -112,7 +112,7 @@ impl Covercrypt {
             msk,
             policy.generate_semantic_space_coordinates(ap)?,
         )?;
-        mpk_keygen(msk)
+        msk.mpk()
     }
 
     /// Removes all but the latest secret of each coordinate in the semantic
@@ -130,7 +130,7 @@ impl Covercrypt {
             msk,
             &policy.generate_semantic_space_coordinates(access_policy)?,
         );
-        mpk_keygen(msk)
+        msk.mpk()
     }
 
     /// Generates a USK associated to the given access policy.
@@ -255,7 +255,7 @@ pub trait CovercryptPKE<Aead, const KEY_LENGTH: usize> {
         usk: &UserSecretKey,
         ciphertext: &[u8],
         enc: &Encapsulation,
-    ) -> Result<Option<Vec<u8>>, Error>;
+    ) -> Result<Option<Zeroizing<Vec<u8>>>, Error>;
 }
 
 impl<const KEY_LENGTH: usize, E: AE<KEY_LENGTH>> CovercryptPKE<E, KEY_LENGTH> for Covercrypt {
@@ -276,7 +276,7 @@ impl<const KEY_LENGTH: usize, E: AE<KEY_LENGTH>> CovercryptPKE<E, KEY_LENGTH> fo
         let mut sym_key = SymmetricKey::default();
         kdf256!(&mut sym_key, &seed);
         let mut rng = self.rng.lock().expect("poisoned lock");
-        let res = E::encrypt(&sym_key, plaintext, &mut *rng)?;
+        let res = E::encrypt(&mut *rng, &sym_key, plaintext)?;
         Ok((enc, res))
     }
 
@@ -285,7 +285,7 @@ impl<const KEY_LENGTH: usize, E: AE<KEY_LENGTH>> CovercryptPKE<E, KEY_LENGTH> fo
         usk: &UserSecretKey,
         ciphertext: &[u8],
         enc: &Encapsulation,
-    ) -> Result<Option<Vec<u8>>, Error> {
+    ) -> Result<Option<Zeroizing<Vec<u8>>>, Error> {
         if SEED_LENGTH < KEY_LENGTH {
             return Err(Error::ConversionFailed(format!(
                 "insufficient entropy to generate a {}-byte key from a {}-byte seed",