Assets 2

liboqs nist-branch snapshot 2018-07

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

This branch of liboqs can be used with the following Open Quantum Safe application integrations:

  • OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.

Release notes

This snapshot of nist-branch was released on July 27, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-07.

What's New

This is the third snapshot release of liboqs nist-branch.

New key encapsulation mechanisms

The following KEMs have been added in the 2018-07 snapshot release:

  • LEDAkem: 9 parameterizations: LEDAKEM_C1_N02, LEDAKEM_C1_N03, LEDAKEM_C1_N04, LEDAKEM_C3_N02, LEDAKEM_C3_N03, LEDAKEM_C3_N04, LEDAKEM_C5_N02, LEDAKEM_C5_N03, LEDAKEM_C5_N04 (contributed by Shravan Mashra (University of Waterloo))

New signature API and schemes

liboqs nist-branch now includes support for signature schemes via the API described in src/sig/sig.h; the API is based on the NIST and SUPERCOP APIs. Signature schemes can be tested using ./test_sig, benchmarked using ./speed_sig; example_sig contains a minimal example of using the signature API.

The following signature schemes have been added in the 2018-07 snapshot release:

  • Picnic: 6 parameterizations: picnic_L1_FS, picnic_L1_UR, picnic_L3_FS, picnic_L3_UR, picnic_L5_FS, picnic_L5_UR (contributed by Christian Paquin (Microsoft Research))
  • qTESLA: 5 parameterizations: qTESLA_I, qTESLA_III_size, qTESLA_III_speed, qTESLA_p_I, qTESLA_p_I (contributed by Christian Paquin (Microsoft Research))

Fixes

  • Automatic detection of binutils version for BIKE build (contributed by Maxime Anvari)

Future work

Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/9.

@dstebila dstebila released this May 31, 2018 · 28 commits to nist-branch since this release

Assets 2

liboqs nist-branch snapshot 2018-05

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

This branch of liboqs can be used with the following Open Quantum Safe application integrations:

  • OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.

Release notes

This snapshot of nist-branch was released on May 30, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-05.

What's New

This is the second snapshot release of liboqs nist-branch.

New key encapsulation mechanisms

The following KEMs have been added in the 2018-05 snapshot release:

  • BIG QUAKE: 3 parameterization: BIG_QUAKE_1, BIG_QUAKE_3, BIG_QUAKE_5 (contributed by Shravan Mashra (University of Waterloo))
  • BIKE: 9 parameterizations: BIKE1-L1, BIKE1-L3, BIKE1-L5, BIKE2-L1, BIKE2-L3, BIKE2-L5, BIKE3-L1, BIKE3-L3, BIKE3-L5; optimized builds on Linux platforms with AVX/AVX2/AVX512 support (contributed by Nir Drucker and Shay Gueron (Amazon Web Services))
  • LIMA: 6 parameterizations: Lima-2p-1024-CCA-KEM, Lima-2p-2048-CCA-KEM, Lima-sp-1018-CCA-KEM, Lima-sp-1306-CCA-KEM, Lima-sp-1822-CCA-KEM, Lima-sp-2062-CCA-KEM (contributed by Douglas Stebila (McMaster University))
  • Saber: 3 parameterizations: LightSaber-KEM, Saber-KEM, FireSaber-KEM (contributed by Douglas Stebila (McMaster University))
  • SIKE: 2 parameterizations: Sike-p503, Sike-p751 (contributed by Christian Paquin (Microsoft Research))

General improvements

Fixes

  • Fixed improperly built shared library
  • Cleansed secret variables in example programs

Comparison to liboqs master

This snapshot release of nist-branch contains the following differences compared to the current version of liboqs master:

  • Algorithms are formulated as key encapsulation mechanisms, rather than key exchange mechanisms.
  • Integrations are "light touch" -- see README.md for more about integration philosophy.
  • A different build process is used.
  • A global randombytes function is available for random number generation, rather than the OQS_RAND object in master.
  • Signature schemes are not yet supported.

Future work

Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/8.

By the end of June 2018, we aim to release a new version of our master branch that uses the same API as nist-branch.

@dstebila dstebila released this Apr 10, 2018 · 48 commits to nist-branch since this release

Assets 2

liboqs nist-branch snapshot 2018-04

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

Release notes

This snapshot of nist-branch was released on April 10, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-04.

What's New

This is the first snapshot release of liboqs nist-branch.

This branch of liboqs aims to non-selectively incorporate submissions to the NIST Post-Quantum Cryptography project for the purposes of benchmarking and integration into a common API for liboqs-reliant applications.

This branch takes a "light touch" approach to incorporation:

  • Source code from a NIST submission will be included ideally with no changes, in an "upstream" subdirectory.
  • A thin wrapper will be written to provide the implementation using the liboqs API.
  • The implementation will be added to the build process.
  • To avoid namespace collisions between different algorithms, symbol renaming will be used on the compiled files.

New key encapsulation mechanisms

  • FrodoKEM: 4 parameterizations: FrodoKEM-640-AES, FrodoKEM-640-cSHAKE, FrodoKEM-976-AES, FrodoKEM-976-cSHAKE.
  • CRYSTALS-KYBER: 3 parameterizations: Kyber-512, Kyber-768, Kyber-1024.
  • NewHopeNIST: 2 parameterizations: NewHope512-CCA-KEM, NewHope1024-CCA-KEM.

Generated executables and libraries

  • test_kem: Simple test harness for all enabled key encapsulation mechanisms.
  • kat_kem: Known answer test generator for all enabled key encapsulation mechanisms, to compare against KAT values in NIST submissions.
  • speed_kem: Benchmarking program for key encapsulation mechanisms; see ./speed_kem --help for usage instructions.
  • example_kem: Minimal runnable example showing the usage of the KEM API.
  • liboqs.a: Static library.
  • liboqs.so: Shared library.

Documentation

  • Full Doxygen documentation of the public API (oqs/common.h, oqs/config.h, oqs/kem.h, and oqs/rand.h).
  • Algorithm datasheets for all supported algorithms in docs/algorithms.
  • Instructions for contributing new algorithms in CONTRIBUTING.md.

Application integrations

  • OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.

Comparison to liboqs master

This snapshot release of nist-branch contains the following differences compared to the current version of liboqs master:

  • Algorithms are formulated as key encapsulation mechanisms, rather than key exchange mechanisms.
  • Integrations are "light touch" -- see README.md for more about integration philosophy.
  • A different build process is used.
  • A global randombytes function is available for random number generation, rather than the OQS_RAND object in master.

Future work

Snapshot releases of nist-branch will be made monthly.

By mid-May 2018, we intend to have nist-branch and master branch with the same API, and for our OpenSSL and OpenSSH integrations building against both nist-branch and master branch.