-
Notifications
You must be signed in to change notification settings - Fork 705
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove support for BIKE, SIKE, and Kyber (Round 2) #3392
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just an observation, do we need more kyber tests (not as part of this, but in general) ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. Nit: all but one test in tests/integration/s2n_pq_handshake_test.py
are testing classical algorithms. Not sure it makes sense to keep those tests, but I won't complain about more tests :)
Resolved issues:
N/A
Description of changes:
Now that the 3rd Round of the NIST PQ standardization process has closed, and NIST has selected Kyber for eventual standardization, we'd like to focus more of our efforts towards Kyber. As a result, this pull request removes support for the other PQ KEM algorithms that have been added to s2n throughout the NIST PQ standardization effort so far. Both BIKE and SIKE have progressed into Round 4 of the NIST standardization process, and either algorithm may still end up being selected for standardization at the end of Round 4. If that happens, we'll likely add support for them back to s2n in the future, but in the meantime, we'd like to reduce the number of PQ KEM algorithms that we are maintaining.
This PR removes support for the following NIST PQ KEM candidate algorithms in s2n:
In general, this PR contains the following changes:
pq-crypto
directory except for Kyber Round 3.Call-outs:
I haven't run every test permutation locally.
Some of the older s2n TLS security policies that have "PQ" in their name have had all of their PQ KEM algorithms removed. After this change, those policies will gracefully downgrade to non-PQ algorithms during the TLS handshake rather than break anyone still using them. To avoid surprising or impacting customers with this behavior change, these older PQ security policies have been preemptively deprecated and removed from the AWS SDK's:
Testing:
How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?
Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.