Revised FrodoKEM standardization status to reflect ISO consideration

Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
revised specification URL to be consistent with spec-version
2025-10-03 00:02:36 -04:00 · 2025-10-01 10:14:33 -04:00 · 2025-10-01 10:14:33 -04:00 · 2025-10-01 10:14:33 -04:00 · 2025-10-01 10:14:33 -04:00 · 2025-10-01 10:14:33 -04:00
26 changed files with 215 additions and 242 deletions
--- a/README.md
+++ b/README.md
--- a/docs/algorithms/kem/bike.yml
+++ b/docs/algorithms/kem/bike.yml
@ -21,6 +21,7 @@ principal-submitters:
 crypto-assumption: QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check)
 website: http://bikesuite.org/
 nist-round: 4
+standardization-status: Not selected by [NIST](https://bikesuite.org/files/v5.1/BIKE_Spec.2022.10.10.1.pdf)
 spec-version: 5.1
 primary-upstream:
  source: https://github.com/awslabs/bike-kem
--- a/docs/algorithms/kem/classic_mceliece.yml
+++ b/docs/algorithms/kem/classic_mceliece.yml
@ -18,6 +18,7 @@ crypto-assumption: Niederreiter's dual version of McEliece's public key encrypti
 website: https://classic.mceliece.org
 nist-round: 3
 spec-version: SUPERCOP-20221025
+standardization-status: Under [ISO](https://classic.mceliece.org/iso.html) consideration
 upstream-ancestors:
 - SUPERCOP-20221025 "clean" and "avx2" implementations
 advisories:
--- a/docs/algorithms/kem/frodokem.yml
+++ b/docs/algorithms/kem/frodokem.yml
@ -17,6 +17,7 @@ crypto-assumption: learning with errors (LWE)
 website: https://frodokem.org/
 nist-round: 3
 spec-version: NIST Round 3 submission
+standardization-status: Under [ISO](https://frodokem.org/) consideration
 primary-upstream:
  source: https://github.com/microsoft/PQCrypto-LWEKE/commit/b6609d30a9982318d7f2937aa3c7b92147b917a2
  spdx-license-identifier: MIT
--- a/docs/algorithms/kem/hqc.yml
+++ b/docs/algorithms/kem/hqc.yml
@ -18,6 +18,8 @@ principal-submitters:
 crypto-assumption: Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
 website: https://pqc-hqc.org/
 nist-round: 4
+standardization-status: Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf)
+  for upcoming standardization
 spec-version: 2023-04-30
 upstream-ancestors:
 - https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc
--- a/docs/algorithms/kem/kyber.yml
+++ b/docs/algorithms/kem/kyber.yml
@ -15,6 +15,8 @@ auxiliary-submitters:
 crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
 website: https://pq-crystals.org/
 nist-round: 3
+standardization-status: Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Kyber-Round3.zip)
+  as basis for ML-KEM (FIPS 203)
 spec-version: NIST Round 3 submission
 primary-upstream:
  source: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc
--- a/docs/algorithms/kem/ml_kem.md
+++ b/docs/algorithms/kem/ml_kem.md
@ -14,7 +14,7 @@
      - **Source**: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
      - **Implementation license (SPDX-Identifier)**: Apache-2.0
  - **icicle-icicle_cuda**:<a name="icicle-icicle_cuda"></a>
-      - **Source**: https://github.com/ingonyama-zk/icicle-liboqs/commit/8f215fd845928abfc2bb7d5ca15db76b839bee5c
+      - **Source**: https://github.com/ingonyama-zk/icicle-liboqs/commit/4ea3e612ff26e3e72b5e5bcfff4cf3dda45dc0a8
      - **Implementation license (SPDX-Identifier)**: MIT


--- a/docs/algorithms/kem/ml_kem.yml
+++ b/docs/algorithms/kem/ml_kem.yml
@ -15,6 +15,7 @@ auxiliary-submitters:
 crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
 website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
 nist-round: FIPS203
+standardization-status: Standardized by [NIST](https://csrc.nist.gov/pubs/fips/203/final)
 spec-version: ML-KEM
 primary-upstream:
  source: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
@ -24,7 +25,7 @@ optimized-upstreams:
    source: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
    spdx-license-identifier: Apache-2.0
  icicle-icicle_cuda:
-    source: https://github.com/ingonyama-zk/icicle-liboqs/commit/8f215fd845928abfc2bb7d5ca15db76b839bee5c
+    source: https://github.com/ingonyama-zk/icicle-liboqs/commit/4ea3e612ff26e3e72b5e5bcfff4cf3dda45dc0a8
    spdx-license-identifier: MIT
 parameter-sets:
 - name: ML-KEM-512
--- a/docs/algorithms/kem/ntru.yml
+++ b/docs/algorithms/kem/ntru.yml
@ -16,6 +16,7 @@ auxiliary-submitters:
 - Zhenfei Zhang
 crypto-assumption: NTRU in Z[x]/(q, x^n-1) with prime n and power-of-two q
 website: https://ntru.org/
+standardization-status: Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Round3.zip), under standardization consideration by [NTT](https://info.isl.ntt.co.jp/crypt/ntru/index.html)
 nist-round: 3
 spec-version: NIST Round 3 submission
 upstream-ancestors:
--- a/docs/algorithms/kem/ntruprime.yml
+++ b/docs/algorithms/kem/ntruprime.yml
@ -15,6 +15,7 @@ crypto-assumption: NTRU
 website: https://ntruprime.cr.yp.to
 nist-round: 3
 spec-version: supercop-20200826
+standardization-status: Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Prime-Round3.zip)
 upstream-ancestors:
 - https://github.com/jschanck/package-pqclean/tree/4d9f08c3/ntruprime
 - supercop-20210604
--- a/docs/algorithms/sig/cross.yml
+++ b/docs/algorithms/sig/cross.yml
@ -22,6 +22,8 @@ crypto-assumption: hardness of the restricted syndrome decoding problem for rand
  linear codes on a finite field
 website: https://www.cross-crypto.com/
 nist-round: 2
+standardization-status: Under [NIST](https://www.cross-crypto.com/CROSS_Specification_v2.2.pdf)
+  consideration
 spec-version: 2.2 + PQClean and OQS patches
 primary-upstream:
  source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/c8f7411fed136f0e37600973fa3dbed53465e54f
--- a/docs/algorithms/sig/falcon.yml
+++ b/docs/algorithms/sig/falcon.yml
@ -16,6 +16,8 @@ auxiliary-submitters:
 crypto-assumption: hardness of NTRU lattice problems
 website: https://falcon-sign.info
 nist-round: 3
+standardization-status: Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Falcon-Round3.zip)
+  for upcoming standardization
 spec-version: 20211101
 primary-upstream:
  source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
--- a/docs/algorithms/sig/mayo.yml
+++ b/docs/algorithms/sig/mayo.yml
@ -9,6 +9,8 @@ principal-submitters:
 crypto-assumption: multivariable quadratic equations, oil and vinegar
 website: https://pqmayo.org
 nist-round: 2
+standardization-status: Under [NIST](https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/mayo-spec-round2-web.pdf)
+  consideration
 spec-version: NIST Round 2 (February 2025)
 primary-upstream:
  source: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807
--- a/docs/algorithms/sig/ml_dsa.yml
+++ b/docs/algorithms/sig/ml_dsa.yml
@ -13,6 +13,7 @@ auxiliary-submitters:
 crypto-assumption: hardness of lattice problems over module lattices
 website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
 nist-round: FIPS204
+standardization-status: Standardized by [NIST](https://csrc.nist.gov/pubs/fips/204/final)
 spec-version: ML-DSA
 primary-upstream:
  source: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2
--- a/docs/algorithms/sig/slh_dsa.yml
+++ b/docs/algorithms/sig/slh_dsa.yml
@ -1,3 +1,5 @@
+# Generated from src/sig/slh_dsa/templates/slh_dsa_docs_yml_template.jinja
+# by copy_from_slh_dsa_c.py
 name: SLH-DSA
 type: signature
 principal-submitters:
@ -23,6 +25,8 @@ auxiliary-submitters:
 crypto-assumption: hash-based signatures
 website: https://csrc.nist.gov/pubs/fips/205/final
 nist-round: FIPS205
+standardization-status: Standardized by NIST
+spec-url: https://csrc.nist.gov/pubs/fips/205/final
 spec-version: SLH-DSA
 spdx-license-identifier: MIT or ISC or Apache 2.0
 primary-upstream:
--- a/docs/algorithms/sig/snova.yml
+++ b/docs/algorithms/sig/snova.yml
@ -13,6 +13,8 @@ principal-submitters:
 crypto-assumption: multivariable quadratic equations, oil and vinegar
 website: https://snova.pqclab.org/
 nist-round: 2
+standardization-status: Under [NIST](https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/snova-spec-round2-web.pdf)
+  consideration
 spec-version: Round 2
 primary-upstream:
  source: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
--- a/docs/algorithms/sig/sphincs.yml
+++ b/docs/algorithms/sig/sphincs.yml
@ -23,6 +23,8 @@ auxiliary-submitters:
 crypto-assumption: hash-based signatures
 website: https://sphincs.org/
 nist-round: 3
+standardization-status: Selected by [NIST](https://sphincs.org/data/sphincs+-r3.1-specification.pdf)
+  as basis for SLH-DSA (FIPS 205)
 spec-version: NIST Round 3 submission, v3.1 (June 10, 2022)
 spdx-license-identifier: CC0-1.0
 primary-upstream:
--- a/docs/algorithms/sig/uov.yml
+++ b/docs/algorithms/sig/uov.yml
@ -14,6 +14,8 @@ principal-submitters:
 - Bo-Yin Yang
 crypto-assumption: multivariable quadratic equations, oil and vinegar
 website: https://www.uovsig.org/
+standardization-status: Under [NIST](https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/uov-spec-round2-web.pdf)
+  consideration
 nist-round: 2
 spec-version: NIST Round 2 (February 2025)
 primary-upstream:
--- a/docs/algorithms/sig_stfl/lms.yml
+++ b/docs/algorithms/sig_stfl/lms.yml
@ -9,6 +9,7 @@ auxiliary-submitters:
 crypto-assumption: hash-based signatures
 website: https://www.rfc-editor.org/info/rfc8554
 nist-round: 
+standardization-status: Standardized by [IRTF](https://www.rfc-editor.org/info/rfc8554), approved by [NIST](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf)
 spec-version: 
 spdx-license-identifier: 
 primary-upstream:
--- a/docs/algorithms/sig_stfl/xmss.yml
+++ b/docs/algorithms/sig_stfl/xmss.yml
@ -9,6 +9,7 @@ auxiliary-submitters:

 crypto-assumption: hash-based signatures
 website: https://www.rfc-editor.org/info/rfc8391
+standardization-status: Standardized by [IRTF](https://www.rfc-editor.org/info/rfc8391), approved by [NIST](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf)
 nist-round:
 spec-version:
 spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
--- a/scripts/copy_from_upstream/copy_from_upstream.yml
+++ b/scripts/copy_from_upstream/copy_from_upstream.yml
@ -51,10 +51,10 @@ upstreams:
    name: icicle
    git_url: https://github.com/ingonyama-zk/icicle-liboqs.git
    git_branch: main
-    git_commit: 8f215fd845928abfc2bb7d5ca15db76b839bee5c
+    git_commit: 4ea3e612ff26e3e72b5e5bcfff4cf3dda45dc0a8
    kem_meta_path: '{pretty_name_full}_META.yml'
    kem_scheme_path: '.'
-    patches: [icicle-mlkem-enc-derand.patch]
+    patches: []
  -
    name: pqcrystals-dilithium-standard
    git_url: https://github.com/pq-crystals/dilithium.git
--- a/scripts/copy_from_upstream/patches/icicle-mlkem-enc-derand.patch
+++ b/scripts/copy_from_upstream/patches/icicle-mlkem-enc-derand.patch
@ -1,102 +0,0 @@
-diff --git a/ML-KEM-1024_META.yml b/ML-KEM-1024_META.yml
-index 5ad054f..49aa71a 100644
--- a/ML-KEM-1024_META.yml
-+++ b/ML-KEM-1024_META.yml
-@@ -25,10 +25,11 @@ implementations:
-     version: FIPS203
-     signature_keypair: icicle_ml_kem_1024_keypair
-     signature_enc: icicle_ml_kem_1024_enc
-+    signature_enc_derand: icicle_ml_kem_1024_enc_derand
-     signature_dec: icicle_ml_kem_1024_dec
-     sources: ./ml-kem-1024/icicle_ml-kem.cpp
-     supported_platforms:
-       - architecture: CUDA
-         operating_systems:
-           - Linux
-          - Darwin
-\ No newline at end of file
-+          - Darwin
-diff --git a/ML-KEM-512_META.yml b/ML-KEM-512_META.yml
-index c14cf33..c93caa1 100644
--- a/ML-KEM-512_META.yml
-+++ b/ML-KEM-512_META.yml
-@@ -25,10 +25,11 @@ implementations:
-     version: FIPS203
-     signature_keypair: icicle_ml_kem_512_keypair
-     signature_enc: icicle_ml_kem_512_enc
-+    signature_enc_derand: icicle_ml_kem_512_enc_derand
-     signature_dec: icicle_ml_kem_512_dec
-     sources: ./ml-kem-512/icicle_ml-kem.cpp
-     supported_platforms:
-       - architecture: CUDA
-         operating_systems:
-           - Linux
-          - Darwin
-\ No newline at end of file
-+          - Darwin
-diff --git a/ML-KEM-768_META.yml b/ML-KEM-768_META.yml
-index a1b88a8..1d580a8 100644
--- a/ML-KEM-768_META.yml
-+++ b/ML-KEM-768_META.yml
-@@ -25,10 +25,11 @@ implementations:
-     version: FIPS203
-     signature_keypair: icicle_ml_kem_768_keypair
-     signature_enc: icicle_ml_kem_768_enc
-+    signature_enc_derand: icicle_ml_kem_768_enc_derand
-     signature_dec: icicle_ml_kem_768_dec
-     sources: ./ml-kem-768/icicle_ml-kem.cpp
-     supported_platforms:
-       - architecture: CUDA
-         operating_systems:
-           - Linux
-          - Darwin
-\ No newline at end of file
-+          - Darwin
-diff --git a/icicle_cuda/ml-kem-1024/icicle_ml-kem.cpp b/icicle_cuda/ml-kem-1024/icicle_ml-kem.cpp
-index 33b38cb..793afb6 100644
--- a/icicle_cuda/ml-kem-1024/icicle_ml-kem.cpp
-+++ b/icicle_cuda/ml-kem-1024/icicle_ml-kem.cpp
-@@ -25,6 +25,11 @@ OQS_STATUS icicle_ml_kem_1024_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
-     return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
- }
- 
-+OQS_STATUS icicle_ml_kem_1024_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) {
-+    icicle::pqc::ml_kem::MlKemConfig config;
-+    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
-+}
-+
- OQS_STATUS icicle_ml_kem_1024_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
-     icicle::pqc::ml_kem::MlKemConfig config;
-     return icicle::pqc::ml_kem::decapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)sk, (std::byte*)ct, config, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
-diff --git a/icicle_cuda/ml-kem-512/icicle_ml-kem.cpp b/icicle_cuda/ml-kem-512/icicle_ml-kem.cpp
-index 89c4211..f73c539 100644
--- a/icicle_cuda/ml-kem-512/icicle_ml-kem.cpp
-+++ b/icicle_cuda/ml-kem-512/icicle_ml-kem.cpp
-@@ -25,6 +25,11 @@ OQS_STATUS icicle_ml_kem_512_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
-     return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber512Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
- }
- 
-+OQS_STATUS icicle_ml_kem_512_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) {
-+    icicle::pqc::ml_kem::MlKemConfig config;
-+    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber512Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
-+}
-+
- OQS_STATUS icicle_ml_kem_512_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
-     icicle::pqc::ml_kem::MlKemConfig config;
-     return icicle::pqc::ml_kem::decapsulate<icicle::pqc::ml_kem::Kyber512Params>((std::byte*)sk, (std::byte*)ct, config, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
-diff --git a/icicle_cuda/ml-kem-768/icicle_ml-kem.cpp b/icicle_cuda/ml-kem-768/icicle_ml-kem.cpp
-index 33b38cb..793afb6 100644
--- a/icicle_cuda/ml-kem-768/icicle_ml-kem.cpp
-+++ b/icicle_cuda/ml-kem-768/icicle_ml-kem.cpp
-@@ -25,6 +25,11 @@ OQS_STATUS icicle_ml_kem_1024_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
-     return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
- }
- 
-+OQS_STATUS icicle_ml_kem_1024_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) {
-+    icicle::pqc::ml_kem::MlKemConfig config;
-+    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
-+}
-+
- OQS_STATUS icicle_ml_kem_1024_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
-     icicle::pqc::ml_kem::MlKemConfig config;
-     return icicle::pqc::ml_kem::decapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)sk, (std::byte*)ct, config, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
--- a/scripts/update_alg_support_table.py
+++ b/scripts/update_alg_support_table.py
@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: MIT
+
+"""Helper functions for rendering the Algorithm Support table in README.md
+
+This is a separate module to facilitate code formatting and other dev tools,
+but it is not meant to be run by itself. Instead, run the legacy 
+scripts/update_docs_from_yaml.py to invoke update_readme in this module.
+"""
+
+import os
+
+import tabulate
+import yaml
+
+YAML_EXTS = [".yaml", ".yml"]
+ALG_SUPPORT_HEADER = [
+    "Algorithm family",
+    "Standardization status",
+    "Primary implementation",
+]
+COMMIT_HASH_LEN = 7
+
+
+def format_upstream_source(source: str) -> str:
+    """For each YAML data sheet, the primary-upstream.source field contains some
+    URL to the implementation. At this moment all URLs are links to GitHub, so
+    we can format them as follows:
+
+    <handle>/<repository>@<commit> if commit is available
+    <handle>/<repository> otherwise
+    with a link to the repository
+    """
+    # TODO: we might get GitLab or other non-GH link in the future but oh well
+    prefix = "https://github.com/"
+    if not prefix in source:
+        raise ValueError(f"Non-GitHub source {source}")
+    url_start = source.find(prefix)
+    # NOTE: split with no argument will split with all whitespaces
+    url = source[url_start:].split()[0]
+    # example: ["PQClean", "PQClean", "commit", "1eacfdaf..."]
+    tokens = url[len(prefix) :].split("/")
+    handle, repo = tokens[0], tokens[1]
+    output = f"{handle}/{repo}"
+    if "commit/" in url:
+        commit = tokens[3][:COMMIT_HASH_LEN]
+        output += f"@{commit}"
+    return f"[`{output}`]({url})"
+
+
+def render_alg_support_tbl(doc_dir: str, anchor_alg_name: bool = False) -> str:
+    """Render a markdown table summarizing the algorithms described by YAML data
+    sheets stored in the specified doc directory
+
+    :param anchor_alg_name: if set to True, then "algorithm family" will link to
+    the corresponding markdown document under docs/algorithms/<kem|sig|sig_stfl>
+    otherwise "algorithm family" will be plain text with no link.
+    """
+    # TODO: anchor_alg_name is turned off because Doxygen cannot handle links
+    # to markdown files under docs/algorithms/xxx
+    yaml_paths = [
+        os.path.abspath(os.path.join(doc_dir, filepath))
+        for filepath in os.listdir(doc_dir)
+        if os.path.splitext(filepath)[1].lower() in YAML_EXTS
+    ]
+    yaml_paths.sort()
+    rows = [ALG_SUPPORT_HEADER]
+    for yaml_path in yaml_paths:
+        with open(yaml_path) as f:
+            algdata = yaml.safe_load(f)
+        alg_name = algdata["name"]
+        dirname = "kem"
+        if "sig/" in yaml_path:
+            dirname = "sig"
+        elif "sig_stfl/" in yaml_path:
+            dirname = "sig_stfl"
+        md_basename = os.path.splitext(os.path.split(yaml_path)[1])[0]
+        md_url = f"docs/algorithms/{dirname}/{md_basename}.md"
+        std_status = algdata["standardization-status"]
+        spec_url = algdata.get("spec-url", None)
+        primary_impl = format_upstream_source(algdata["primary-upstream"]["source"])
+        rows.append(
+            [
+                f"[{alg_name}]({md_url})" if anchor_alg_name else f"{alg_name}",
+                f"[{std_status}]({spec_url})" if spec_url else std_status,
+                primary_impl,
+            ]
+        )
+    tbl = tabulate.tabulate(rows, tablefmt="pipe", headers="firstrow")
+    return tbl
+
+
+def update_readme(liboqs_dir: str):
+    """Per liboqs/issues/2045, update README.md with an algorithm support table
+
+    The algorithm support table is a summary of individual algorithms currently
+    integrated into liboqs. The primary source of information are the various
+    YAML files under docs/algorithms/<kem|sig|sig_stfl> directory. The table
+    summarizes the following attributes:
+    - Algorithm family (e.g. Kyber, ML-KEM)
+    - Standardization status, with link to specification
+    - Primary source of implementation
+    - (WIP) Maintenance status
+    """
+    kem_doc_dir = os.path.join(liboqs_dir, "docs", "algorithms", "kem")
+    kem_tbl = render_alg_support_tbl(kem_doc_dir)
+    sig_doc_dir = os.path.join(liboqs_dir, "docs", "algorithms", "sig")
+    sig_tbl = render_alg_support_tbl(sig_doc_dir)
+    sig_stfl_doc_dir = os.path.join(liboqs_dir, "docs", "algorithms", "sig_stfl")
+    sig_stfl_tbl = render_alg_support_tbl(sig_stfl_doc_dir)
+    md_str = f"""#### Key encapsulation mechanisms
+{kem_tbl}
+
+#### Signature schemes
+{sig_tbl}
+
+#### Stateful signature schemes
+{sig_stfl_tbl}
+"""
+    readme_path = os.path.join(liboqs_dir, "README.md")
+    fragment_start = "<!-- OQS_TEMPLATE_FRAGMENT_ALG_SUPPORT_START -->\n"
+    fragment_end = "<!-- OQS_TEMPLATE_FRAGMENT_ALG_SUPPORT_END -->"
+    with open(readme_path, "r") as f:
+        readme = f.read()
+        fragment_start_loc = readme.find(fragment_start) + len(fragment_start)
+        fragment_end_loc = readme.find(fragment_end)
+    with open(readme_path, "w") as f:
+        f.write(readme[:fragment_start_loc])
+        f.write(md_str)
+        f.write(readme[fragment_end_loc:])
--- a/scripts/update_docs_from_yaml.py
+++ b/scripts/update_docs_from_yaml.py
@ -1,11 +1,14 @@
+#!/usr/bin/env python3
 # SPDX-License-Identifier: MIT

 import argparse
-import sys
 import glob
+import os
+
 import tabulate
 import yaml
-import os
+
+from update_alg_support_table import update_readme

 def load_yaml(filename, encoding='utf-8'):
    with open(filename, mode='r', encoding=encoding) as fh:
@ -15,14 +18,14 @@ def file_get_contents(filename, encoding=None):
    with open(filename, mode='r', encoding=encoding) as fh:
        return fh.read()

-kem_yamls = []
-sig_yamls = []
-sig_stfl_yamls = []
-
 ########################################
 # Update the KEM markdown documentation.
 ########################################
 def do_it(liboqs_root):
+    kem_yamls = []
+    sig_yamls = []
+    sig_stfl_yamls = []
+
    for kem_yaml_path in sorted(glob.glob(os.path.join(liboqs_root, 'docs', 'algorithms', 'kem', '*.yml'))):
        kem_yaml = load_yaml(kem_yaml_path)
        kem_yamls.append(kem_yaml)
@ -339,104 +342,9 @@ def do_it(liboqs_root):
            out_md.write(tabulate.tabulate(table, tablefmt="pipe", headers="firstrow", colalign=("center",)))
            out_md.write('\n')

+    update_readme(liboqs_root)


-    ####################
-    # Update the README.
-    ####################
-    print("Updating README.md")
-
-    readme_path = os.path.join(liboqs_root, 'README.md')
-    start_identifier_tmpl = '<!--- OQS_TEMPLATE_FRAGMENT_LIST_{}_START -->'
-    end_identifier_tmpl = '<!--- OQS_TEMPLATE_FRAGMENT_LIST_{}_END -->'
-
-    # KEMS
-    readme_contents = file_get_contents(readme_path)
-
-    identifier_start = start_identifier_tmpl.format('KEXS')
-    identifier_end = end_identifier_tmpl.format('KEXS')
-
-    preamble = readme_contents[:readme_contents.find(identifier_start)]
-    postamble = readme_contents[readme_contents.find(identifier_end):]
-
-    with open(readme_path, mode='w', encoding='utf-8') as readme:
-        readme.write(preamble + identifier_start + '\n')
-
-        for kem_yaml in kem_yamls:
-            parameter_sets = kem_yaml['parameter-sets']
-            if any(impl['large-stack-usage'] for impl in parameter_sets[0]['implementations']):
-                readme.write('- **{}**: {}†'.format(kem_yaml['name'], parameter_sets[0]['name']))
-                if 'alias' in parameter_sets[0]:
-                    readme.write(' (alias: {})'.format(parameter_sets[0]['alias']))
-            else:
-                readme.write('- **{}**: {}'.format(kem_yaml['name'], parameter_sets[0]['name']))
-                if 'alias' in parameter_sets[0]:
-                    readme.write(' (alias: {})'.format(parameter_sets[0]['alias']))
-            for parameter_set in parameter_sets[1:]:
-                if any(impl['large-stack-usage'] for impl in parameter_set['implementations']):
-                    readme.write(', {}†'.format(parameter_set['name']))
-                    if 'alias' in parameter_set:
-                        readme.write(' (alias: {})'.format(parameter_set['alias']))
-                else:
-                    readme.write(', {}'.format(parameter_set['name']))
-                    if 'alias' in parameter_set:
-                        readme.write(' (alias: {})'.format(parameter_set['alias']))
-            readme.write('\n')
-
-        readme.write(postamble)
-
-    # Signatures
-    readme_contents = file_get_contents(readme_path)
-
-    identifier_start = start_identifier_tmpl.format('SIGS')
-    identifier_end = end_identifier_tmpl.format('SIGS')
-
-    preamble = readme_contents[:readme_contents.find(identifier_start)]
-    postamble = readme_contents[readme_contents.find(identifier_end):]
-
-    with open(readme_path, mode='w', encoding='utf-8') as readme:
-        readme.write(preamble + identifier_start + '\n')
-
-        for sig_yaml in sig_yamls:
-            # SPHINCS requires special handling.
-            if "SPHINCS" in sig_yaml["name"]:
-                for hash_func in ['SHA2', 'SHAKE']:
-                    parameter_sets = [pset for pset in sig_yaml['parameter-sets'] if hash_func in pset['name']]
-                    if any(impl['large-stack-usage'] for impl in parameter_sets[0]['implementations']):
-                        readme.write('- **SPHINCS+-{}**: {}†'.format(hash_func, parameter_sets[0]['name'].replace('_','\\_')))
-                    else:
-                        readme.write('- **SPHINCS+-{}**: {}'.format(hash_func, parameter_sets[0]['name'].replace('_','\\_')))
-                    for parameter_set in parameter_sets[1:]:
-                        if any(impl['large-stack-usage'] for impl in parameter_set['implementations']):
-                            readme.write(', {}†'.format(parameter_set['name'].replace('_', '\\_')))
-                        else:
-                            readme.write(', {}'.format(parameter_set['name'].replace('_', '\\_')))
-                    readme.write('\n')
-                continue
-            
-            parameter_sets = sig_yaml['parameter-sets']
-            if any(impl['large-stack-usage'] for impl in parameter_sets[0]['implementations']):
-                readme.write('- **{}**: {}†'.format(sig_yaml['name'], parameter_sets[0]['name'].replace('_','\\_')))
-                if 'alias' in parameter_sets[0]:
-                    readme.write(' (alias: {})'.format(parameter_sets[0]['alias']).replace('_','\\_'))
-            else:
-                readme.write('- **{}**: {}'.format(sig_yaml['name'], parameter_sets[0]['name'].replace('_','\\_')))
-                if 'alias' in parameter_sets[0]:
-                    readme.write(' (alias: {})'.format(parameter_sets[0]['alias']).replace('_','\\_'))
-            for parameter_set in parameter_sets[1:]:
-                if any(impl['large-stack-usage'] for impl in parameter_set['implementations']):
-                    readme.write(', {}†'.format(parameter_set['name'].replace('_', '\\_')))
-                    if 'alias' in parameter_set:
-                        readme.write(' (alias: {})'.format(parameter_set['alias']).replace('_','\\_'))
-                else:
-                    readme.write(', {}'.format(parameter_set['name'].replace('_', '\\_')))
-                    if 'alias' in parameter_set:
-                        readme.write(' (alias: {})'.format(parameter_set['alias']).replace('_','\\_'))
-            readme.write('\n')
-
-
-        readme.write(postamble)
-
 if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("--liboqs-root", default=".")
--- a/src/kem/ml_kem/icicle_ml-kem-768_icicle_cuda/icicle_ml-kem.cpp
+++ b/src/kem/ml_kem/icicle_ml-kem-768_icicle_cuda/icicle_ml-kem.cpp
@ -8,31 +8,31 @@
 #include "icicle/errors.h"

 extern "C" {
-#if defined(OQS_ENABLE_KEM_ml_kem_1024_icicle_cuda)
-OQS_STATUS icicle_ml_kem_1024_keypair(uint8_t *pk, uint8_t *sk) {
+#if defined(OQS_ENABLE_KEM_ml_kem_768_icicle_cuda)
+OQS_STATUS icicle_ml_kem_768_keypair(uint8_t *pk, uint8_t *sk) {
    uint8_t coins[icicle::pqc::ml_kem::ENTROPY_BYTES];
    OQS_randombytes(coins, icicle::pqc::ml_kem::ENTROPY_BYTES);

    icicle::pqc::ml_kem::MlKemConfig config;
-    return icicle::pqc::ml_kem::keygen<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, config, (std::byte*)pk, (std::byte*)sk) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
+    return icicle::pqc::ml_kem::keygen<icicle::pqc::ml_kem::Kyber768Params>((std::byte*)coins, config, (std::byte*)pk, (std::byte*)sk) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
 }

-OQS_STATUS icicle_ml_kem_1024_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
+OQS_STATUS icicle_ml_kem_768_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) {
    uint8_t coins[icicle::pqc::ml_kem::MESSAGE_BYTES];
    OQS_randombytes(coins, icicle::pqc::ml_kem::MESSAGE_BYTES);

    icicle::pqc::ml_kem::MlKemConfig config;
-    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
+    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber768Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
 }

-OQS_STATUS icicle_ml_kem_1024_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) {
+OQS_STATUS icicle_ml_kem_768_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) {
    icicle::pqc::ml_kem::MlKemConfig config;
-    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
+    return icicle::pqc::ml_kem::encapsulate<icicle::pqc::ml_kem::Kyber768Params>((std::byte*)coins, (std::byte*)pk, config, (std::byte*)ct, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
 }

-OQS_STATUS icicle_ml_kem_1024_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
+OQS_STATUS icicle_ml_kem_768_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) {
    icicle::pqc::ml_kem::MlKemConfig config;
-    return icicle::pqc::ml_kem::decapsulate<icicle::pqc::ml_kem::Kyber1024Params>((std::byte*)sk, (std::byte*)ct, config, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
+    return icicle::pqc::ml_kem::decapsulate<icicle::pqc::ml_kem::Kyber768Params>((std::byte*)sk, (std::byte*)ct, config, (std::byte*)ss) == icicle::eIcicleError::SUCCESS ? OQS_SUCCESS : OQS_ERROR;
 }
 #endif
 }
--- a/src/sig/slh_dsa/templates/slh_dsa_docs_yml_template.jinja
+++ b/src/sig/slh_dsa/templates/slh_dsa_docs_yml_template.jinja
@ -1,3 +1,5 @@
+# Generated from src/sig/slh_dsa/templates/slh_dsa_docs_yml_template.jinja
+# by copy_from_slh_dsa_c.py
 name: SLH-DSA
 type: signature
 principal-submitters:
@ -23,6 +25,8 @@ auxiliary-submitters:
 crypto-assumption: hash-based signatures
 website: https://csrc.nist.gov/pubs/fips/205/final
 nist-round: FIPS205
+standardization-status: Standardized by NIST
+spec-url: https://csrc.nist.gov/pubs/fips/205/final
 spec-version: SLH-DSA
 spdx-license-identifier: MIT or ISC or Apache 2.0
 primary-upstream:
@ -49,4 +53,4 @@ parameter-sets:
      large-stack-usage: true
      
  {% endfor %}
-  
+
Author	SHA1	Message	Date
Ganyu (Bruce) Xu	22e4a77725	Revised FrodoKEM standardization status to reflect ISO consideration Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	af558ebb66	revised specification URL to be consistent with spec-version Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	7e8edaef85	removed spec-url from lms.yml Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	402edd47d4	fixed typo Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	02f068a597	another try at improving phrasing of standardization status Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	626c827d1c	improved explanation for NTRU's standardization status Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	51db6ce896	rephrasing standardization status for PQC third round candidates Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	e0b57e2f1e	resolved failure to consistently produce the same README.md Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	87cf3df9ce	add git diff to basic check for debugging purpose Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	54256d31d7	algorithm family names will not link to docs/algorithms markdowns because Doxygen cannot handle them Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	57308e3d60	fixed invalid markdown anchors Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	2c15d82893	docs/algorithms/sig/sld_dsa.yml is generated from a Jinja template elsewhere Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	3a9f2abfd5	documentation; make primary implementation monospaced Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	b25cdb3298	Use split with no argument to split against any whitespace, not just space Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	40cc1a508a	wrap standardization status with url to spec Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	606ef108c6	some refactoring Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	c52e0f42c3	first draft of alg support table Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	44002abae2	still need to fill in the content Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
Ganyu (Bruce) Xu	7849f3fced	algorithm support table should replace the list of algorithms; minor refactor w.r.t. shebang, imports, and unnecessary global states Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>	2025-10-01 10:14:33 -04:00
nonam3e	e64026e27a	Fix/icicle ml kem 768 (#2288 ) * fix 768 version Signed-off-by: nonam3e <timur@ingonyama.com> * update upstream git commit Signed-off-by: nonam3e <timur@ingonyama.com> --------- Signed-off-by: nonam3e <timur@ingonyama.com>	2025-10-01 09:24:35 -04:00