Open Quantum Safe
HQC round 4 rng initialization #1746
Replies: 1 comment 1 reply
-
I personally don't; maybe @dstebila @SWilson4 ? In general, we provide a direct link in the documentation to allow checking back with every algorithm-specific source of truth. Should you get insight there, it'd be nice to link the rationale here, too for others to benefit searching this archive. |
Beta Was this translation helpful? Give feedback.
-
|
HQC started using SHA3 instead of the NIST DRBG in the Round 4 submission. I don't know what the rationale for this decision was. I feel your pain as I had to make workarounds in both PQClean and liboqs to switch out the KAT PRNG for HQC specifically. The good news is that the "proprietary" DRBG is just SHAKE256, so it's not a lot of work to get it running. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
We have just upgraded to liboqs-0.10.0 which includes the HQC round 4 implementation. Our generic test suite for KEM algorithms is feeding the seed of the KAT files to a DRBG in AES256 counter mode as required by NIST but the HQC tests miserably fail because the RNG initialization is done in a proprietary way. I see that the liboqs project has adapted the RNG initalization for HQC accordingly in order for the KAT tests to succeed. Any information on why HQC has chosen a different approach which is really a PITA?
Beta Was this translation helpful? Give feedback.
All reactions