Skip to content

v1.0.0

Choose a tag to compare

View all tags
@gh4rib gh4rib released this 13 Jun 21:06
· 1 commit to main since this release
v1.0.0
987ae5e

Release Notes: PQPG v1.0.0

This release marks the most significant architectural expansion in the history of the Post-Quantum Privacy Guard (PQPG). We have successfully bridged three distinct cryptographic universes—Cloudflare's circl (Pure Go), Katzenpost's hpqc (Assembly/CGO), and the Open Quantum Safe liboqs project (Static C-FFI)—under a single, unified SOLID routing layer.

PQPG is no longer just a Privacy Guard; it is a mathematically absolute, 240-suite hybrid post-quantum testing ground and deployment engine.

Major Features

  • The Hardware-Accelerated OQS Extension Engine:
    Introduced a dedicated, statically-linked liboqs C-FFI pipeline exclusively for Linux/AMD64. This unlocks an entirely new 120-suite hardware-accelerated profiler featuring experimental and bleeding-edge algorithms.
  • Multivariate & MPC-in-the-Head Primitives:
    Natively integrated advanced computational signature schemes including MAYO, Oil and Vinegar (OV), SNOVA, MQOM2, and CROSS.
  • Advanced Code-Based & Extended Lattices:
    Full support for BIKE (L1/L3/L5), extended parameter sets for FrodoKEM/eFrodo, and the complete NTRU family (HPS/HRSS).
  • Extreme Pre-Hashed SPHINCS+:
    Added hardcore SLH-DSA variants utilizing Pre-Hashed SHA2 and SHAKE constructs, engineered specifically for failsafe software release engineering and massive payload signing.
  • The Universal Namespace Router (crypto.Registry):
    The dynamic registry now intelligently parses explicit URI-style namespaces. Requests prefixed with Hpqc- route to Katzenpost adapters, Oqs- route to the C-FFI wrappers, and everything else defaults to CIRCL.
  • The Unified Adapter Handlers:
    A massive triumph in DRY (Don't Repeat Yourself) design. The OQS, HPQC, and CIRCL engines all funnel through the exact same network, vault, and stateless messaging handlers. The core state machine is completely blind to whether it is executing C code, Go assembly, or pure Go math.

Security & Memory Hygiene Enhancements

  • Strict CGO Memory Escaping: The oqs-adapter.go was engineered with critical memory boundaries. Private keys generated inside the C-allocated structs are safely copied into Go-managed memory slices before liboqs executes OQS_MEM_cleanse, ensuring zero memory leaks while surviving the Garbage Collector.
  • Separation of Capabilities: The UI has been heavily sanitized. Zero-Knowledge Proofs (ZKP, Groth16, VDF) and Shared Vaults (Feldman VSS) remain safely sandboxed inside the Core Engine, while the OQS Extension Engine provides a streamlined, dedicated path for stateless messaging, vaults, and detached signatures.
  • 64-Byte Combiner Entropy: The SHA3-512 KEM blending layer now perfectly passes 512 bits of pure entropy straight to the wide-block symmetric suite, maximizing the security margins for Threefish-1024 and Skein-1024.

Deprecations & Removals

  • Removed all fallback/stub files for OQS. The liboqs engine is now strictly enforced as an opt-in runtime path for supported Linux/AMD64 environments.
  • Deprecated hardcoded hybrid nomenclature (e.g., X-Wing) in the UI, enforcing the dynamic Hybrid- combiner syntax uniformly across the codebase.
Assets 2
Loading