name: Classic McEliece type: kem principal-submitters: - Daniel J. Bernstein - Tung Chou - Tanja Lange - Ingo von Maurich - Rafael Misoczki - Ruben Niederhagen - Edoardo Persichetti - Christiane Peters - Peter Schwabe - Nicolas Sendrier - Jakub Szefer - Wen Wang crypto-assumption: Niederreiter's dual version of McEliece's public key encryption using binary Goppa codes website: https://classic.mceliece.org nist-round: 3 spec-version: SUPERCOP-20221025 upstream-ancestors: - SUPERCOP-20221025 "clean" and "avx2" implementations advisories: - Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised when using the algorithm at higher optimization levels, and any other compiler and architecture. - Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. parameter-sets: - name: Classic-McEliece-348864 claimed-nist-level: 1 claimed-security: IND-CCA2 length-public-key: 261120 length-ciphertext: 96 length-secret-key: 6492 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-348864f claimed-nist-level: 1 claimed-security: IND-CCA2 length-public-key: 261120 length-ciphertext: 96 length-secret-key: 6492 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt - bmi1 common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-460896 claimed-nist-level: 3 claimed-security: IND-CCA2 length-public-key: 524160 length-ciphertext: 156 length-secret-key: 13608 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-460896f claimed-nist-level: 3 claimed-security: IND-CCA2 length-public-key: 524160 length-ciphertext: 156 length-secret-key: 13608 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt - bmi1 common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-6688128 claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1044992 length-ciphertext: 208 length-secret-key: 13932 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-6688128f claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1044992 length-ciphertext: 208 length-secret-key: 13932 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt - bmi1 common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-6960119 claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1047319 length-ciphertext: 194 length-secret-key: 13948 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-6960119f claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1047319 length-ciphertext: 194 length-secret-key: 13948 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt - bmi1 common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-8192128 claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1357824 length-ciphertext: 208 length-secret-key: 14120 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - name: Classic-McEliece-8192128f claimed-nist-level: 5 claimed-security: IND-CCA2 length-public-key: 1357824 length-ciphertext: 208 length-secret-key: 14120 length-shared-secret: 32 implementations-switch-on-runtime-cpu-features: true implementations: - upstream-id: clean supported-platforms: all common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream - upstream-id: avx2 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - popcnt - bmi1 common-crypto: - AES: liboqs - SHA3: liboqs no-secret-dependent-branching-claimed: false no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: true upstream: primary-upstream auxiliary-submitters: [] primary-upstream: spdx-license-identifier: Public domain source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181 with copy_from_upstream patches