Open Quantum Safe
Replies: 1 comment 2 replies
-
|
@dstebila I believe liboqs' FrodoKEM implementation resided in the liboqs repo and is not pulled from upstream. Do you know if there is a suitable upstream to pull the new FrodoKEM variant from? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, it would be good to have both variants of FrodoKEM in liboqs, and we'd be happy to have an update to do that. FrodoKEM is not automatically copied via the copy-from-upstream process, instead it was manually added by adapting the implementation in https://github.com/microsoft/PQCrypto-LWEKE. If memory serves, there were not too many changes needed to do so. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for both responses. By taking a look at the reference repository, it seems that indeed would not be a huge development. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi! Current implementation of FrodoKEM present on
liboqsis based on the proposal for the first NIST PQC Standardization Process. After the selections made by NIST at the end of this round, the FrodoKEM team made important modifications to the submission: the NIST specification became the one named as "ephemeral" in which a salt is not included (and was renamed to eFrodoKEM). A new variant called FrodoKEM was constructed, which is suitable for applications in which many ciphertexts might be produced relative to a single public key, and includes further changes to address IND-CCA concerns.Since FrodoKEM is recommended by a number of standardization bodies beyond NIST (is on track to become an ISO standard, appears as an internet draft, is recommended by agencies such as BSI), I believe it would be interesting to include both variants as part of
liboqscapabilitiesBeta Was this translation helpful? Give feedback.
All reactions