mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-10-04 00:02:01 -04:00
1d6e213aa3
* Add patches Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com> * Add Classic McEliece sanitization patch Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com> --------- Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
383 lines
11 KiB
YAML
383 lines
11 KiB
YAML
name: Classic McEliece
|
|
type: kem
|
|
principal-submitters:
|
|
- Daniel J. Bernstein
|
|
- Tung Chou
|
|
- Tanja Lange
|
|
- Ingo von Maurich
|
|
- Rafael Misoczki
|
|
- Ruben Niederhagen
|
|
- Edoardo Persichetti
|
|
- Christiane Peters
|
|
- Peter Schwabe
|
|
- Nicolas Sendrier
|
|
- Jakub Szefer
|
|
- Wen Wang
|
|
crypto-assumption: Niederreiter's dual version of McEliece's public key encryption
|
|
using binary Goppa codes
|
|
website: https://classic.mceliece.org
|
|
nist-round: 3
|
|
spec-version: SUPERCOP-20221025
|
|
upstream-ancestors:
|
|
- SUPERCOP-20221025 "clean" and "avx2" implementations
|
|
advisories:
|
|
- Classic-McEliece-460896, Classic-McEliece-460896f, Classic-McEliece-6960119, and
|
|
Classic-McEliece-6960119f parameter sets fail memory leak testing on x86-64 when
|
|
building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised
|
|
when using the algorithm at higher optimization levels, and any other compiler and
|
|
architecture.
|
|
- Current implementation of the algorithm may not be constant-time. Additionally,
|
|
environment specific constant-time leaks may not be documented; please report potential
|
|
constant-time leaks when found.
|
|
parameter-sets:
|
|
- name: Classic-McEliece-348864
|
|
claimed-nist-level: 1
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 261120
|
|
length-ciphertext: 96
|
|
length-secret-key: 6492
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-348864f
|
|
claimed-nist-level: 1
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 261120
|
|
length-ciphertext: 96
|
|
length-secret-key: 6492
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
- bmi1
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-460896
|
|
claimed-nist-level: 3
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 524160
|
|
length-ciphertext: 156
|
|
length-secret-key: 13608
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-460896f
|
|
claimed-nist-level: 3
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 524160
|
|
length-ciphertext: 156
|
|
length-secret-key: 13608
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
- bmi1
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-6688128
|
|
claimed-nist-level: 5
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 1044992
|
|
length-ciphertext: 208
|
|
length-secret-key: 13932
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-6688128f
|
|
claimed-nist-level: 5
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 1044992
|
|
length-ciphertext: 208
|
|
length-secret-key: 13932
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
- bmi1
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-6960119
|
|
claimed-nist-level: 5
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 1047319
|
|
length-ciphertext: 194
|
|
length-secret-key: 13948
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-6960119f
|
|
claimed-nist-level: 5
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 1047319
|
|
length-ciphertext: 194
|
|
length-secret-key: 13948
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
- bmi1
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-8192128
|
|
claimed-nist-level: 5
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 1357824
|
|
length-ciphertext: 208
|
|
length-secret-key: 14120
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- name: Classic-McEliece-8192128f
|
|
claimed-nist-level: 5
|
|
claimed-security: IND-CCA2
|
|
length-public-key: 1357824
|
|
length-ciphertext: 208
|
|
length-secret-key: 14120
|
|
length-shared-secret: 32
|
|
implementations-switch-on-runtime-cpu-features: true
|
|
implementations:
|
|
- upstream-id: clean
|
|
supported-platforms: all
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
- upstream-id: avx2
|
|
supported-platforms:
|
|
- architecture: x86_64
|
|
operating_systems:
|
|
- Linux
|
|
- Darwin
|
|
required_flags:
|
|
- avx2
|
|
- popcnt
|
|
- bmi1
|
|
common-crypto:
|
|
- AES: liboqs
|
|
- SHA3: liboqs
|
|
no-secret-dependent-branching-claimed: false
|
|
no-secret-dependent-branching-checked-by-valgrind: false
|
|
large-stack-usage: true
|
|
upstream: primary-upstream
|
|
auxiliary-submitters: []
|
|
primary-upstream:
|
|
spdx-license-identifier: Public domain
|
|
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
|
|
with copy_from_upstream patches
|