Releases: open-quantum-safe/liboqs
liboqs nist-branch snapshot 2018-07
liboqs nist-branch snapshot 2018-07
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms.
This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.
This branch of liboqs can be used with the following Open Quantum Safe application integrations:
- OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.
Release notes
This snapshot of nist-branch was released on July 27, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-07.
What's New
This is the third snapshot release of liboqs nist-branch.
New key encapsulation mechanisms
The following KEMs have been added in the 2018-07 snapshot release:
- LEDAkem: 9 parameterizations:
LEDAKEM_C1_N02,LEDAKEM_C1_N03,LEDAKEM_C1_N04,LEDAKEM_C3_N02,LEDAKEM_C3_N03,LEDAKEM_C3_N04,LEDAKEM_C5_N02,LEDAKEM_C5_N03,LEDAKEM_C5_N04(contributed by Shravan Mashra (University of Waterloo))
New signature API and schemes
liboqs nist-branch now includes support for signature schemes via the API described in src/sig/sig.h; the API is based on the NIST and SUPERCOP APIs. Signature schemes can be tested using ./test_sig, benchmarked using ./speed_sig; example_sig contains a minimal example of using the signature API.
The following signature schemes have been added in the 2018-07 snapshot release:
- Picnic: 6 parameterizations:
picnic_L1_FS,picnic_L1_UR,picnic_L3_FS,picnic_L3_UR,picnic_L5_FS,picnic_L5_UR(contributed by Christian Paquin (Microsoft Research)) - qTESLA: 5 parameterizations:
qTESLA_I,qTESLA_III_size,qTESLA_III_speed,qTESLA_p_I,qTESLA_p_I(contributed by Christian Paquin (Microsoft Research))
Fixes
- Automatic detection of binutils version for BIKE build (contributed by Maxime Anvari)
Future work
Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/9.
liboqs nist-branch snapshot 2018-05
liboqs nist-branch snapshot 2018-05
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms.
This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.
This branch of liboqs can be used with the following Open Quantum Safe application integrations:
- OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.
Release notes
This snapshot of nist-branch was released on May 30, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-05.
What's New
This is the second snapshot release of liboqs nist-branch.
New key encapsulation mechanisms
The following KEMs have been added in the 2018-05 snapshot release:
- BIG QUAKE: 3 parameterization: BIG_QUAKE_1, BIG_QUAKE_3, BIG_QUAKE_5 (contributed by Shravan Mashra (University of Waterloo))
- BIKE: 9 parameterizations: BIKE1-L1, BIKE1-L3, BIKE1-L5, BIKE2-L1, BIKE2-L3, BIKE2-L5, BIKE3-L1, BIKE3-L3, BIKE3-L5; optimized builds on Linux platforms with AVX/AVX2/AVX512 support (contributed by Nir Drucker and Shay Gueron (Amazon Web Services))
- LIMA: 6 parameterizations: Lima-2p-1024-CCA-KEM, Lima-2p-2048-CCA-KEM, Lima-sp-1018-CCA-KEM, Lima-sp-1306-CCA-KEM, Lima-sp-1822-CCA-KEM, Lima-sp-2062-CCA-KEM (contributed by Douglas Stebila (McMaster University))
- Saber: 3 parameterizations: LightSaber-KEM, Saber-KEM, FireSaber-KEM (contributed by Douglas Stebila (McMaster University))
- SIKE: 2 parameterizations: Sike-p503, Sike-p751 (contributed by Christian Paquin (Microsoft Research))
General improvements
- Can now be built with multi-threaded make (e.g.,
make -j8) - The default pseudorandom number generator is now OpenSSL's
RAND_bytesfunction for better performance; applications can choose a different PRNG at runtime example_kemmatches documented example in https://github.com/open-quantum-safe/liboqs/wiki/Minimal-example-of-a-post-quantum-key-encapsulation-mechanism-(using-the-new-NIST-like)-API (contributed by Vlad Gheorghiu)
Fixes
- Fixed improperly built shared library
- Cleansed secret variables in example programs
Comparison to liboqs master
This snapshot release of nist-branch contains the following differences compared to the current version of liboqs master:
- Algorithms are formulated as key encapsulation mechanisms, rather than key exchange mechanisms.
- Integrations are "light touch" -- see README.md for more about integration philosophy.
- A different build process is used.
- A global
randombytesfunction is available for random number generation, rather than theOQS_RANDobject in master. - Signature schemes are not yet supported.
Future work
Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/8.
By the end of June 2018, we aim to release a new version of our master branch that uses the same API as nist-branch.
liboqs nist-branch snapshot 2018-04
liboqs nist-branch snapshot 2018-04
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms.
This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.
Release notes
This snapshot of nist-branch was released on April 10, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-04.
What's New
This is the first snapshot release of liboqs nist-branch.
This branch of liboqs aims to non-selectively incorporate submissions to the NIST Post-Quantum Cryptography project for the purposes of benchmarking and integration into a common API for liboqs-reliant applications.
This branch takes a "light touch" approach to incorporation:
- Source code from a NIST submission will be included ideally with no changes, in an "upstream" subdirectory.
- A thin wrapper will be written to provide the implementation using the liboqs API.
- The implementation will be added to the build process.
- To avoid namespace collisions between different algorithms, symbol renaming will be used on the compiled files.
New key encapsulation mechanisms
- FrodoKEM: 4 parameterizations: FrodoKEM-640-AES, FrodoKEM-640-cSHAKE, FrodoKEM-976-AES, FrodoKEM-976-cSHAKE.
- CRYSTALS-KYBER: 3 parameterizations: Kyber-512, Kyber-768, Kyber-1024.
- NewHopeNIST: 2 parameterizations: NewHope512-CCA-KEM, NewHope1024-CCA-KEM.
Generated executables and libraries
test_kem: Simple test harness for all enabled key encapsulation mechanisms.kat_kem: Known answer test generator for all enabled key encapsulation mechanisms, to compare against KAT values in NIST submissions.speed_kem: Benchmarking program for key encapsulation mechanisms; see./speed_kem --helpfor usage instructions.example_kem: Minimal runnable example showing the usage of the KEM API.liboqs.a: Static library.liboqs.so: Shared library.
Documentation
- Full Doxygen documentation of the public API (
oqs/common.h,oqs/config.h,oqs/kem.h, andoqs/rand.h). - Algorithm datasheets for all supported algorithms in docs/algorithms.
- Instructions for contributing new algorithms in CONTRIBUTING.md.
Application integrations
- OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.
Comparison to liboqs master
This snapshot release of nist-branch contains the following differences compared to the current version of liboqs master:
- Algorithms are formulated as key encapsulation mechanisms, rather than key exchange mechanisms.
- Integrations are "light touch" -- see README.md for more about integration philosophy.
- A different build process is used.
- A global
randombytesfunction is available for random number generation, rather than theOQS_RANDobject in master.
Future work
Snapshot releases of nist-branch will be made monthly.
By mid-May 2018, we intend to have nist-branch and master branch with the same API, and for our OpenSSL and OpenSSH integrations building against both nist-branch and master branch.