mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-12-12 00:04:16 -05:00
0b64ca3c91
* Update Classic McEliece * Run copy_from_upstream.py * Change crypto_declassify.h license * Remove old McEliece vec/avx directories * Add add_compile_options(-Wno-language-extension-token) to comipler_opts.cmake * Fix CI errors. Reduce McEliece optimisation from -03 to -01. Patch PQClean McEliece. * Update liboqs version number. Fix comments. * Increment SOVERSION. * Update Classic McEliece advisories. Replace * Update Classic McEliece documentation YAML. Update KEM CMakeLists Jinja template.
6.5 KiB
6.5 KiB
Kyber
- Algorithm type: Key encapsulation mechanism.
- Main cryptographic assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- Principal submitters: Peter Schwabe.
- Auxiliary submitters: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- Authors' website: https://pq-crystals.org/
- Specification version: NIST Round 3 submission.
- Primary Source:
- Source:
518de2414awith copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0 or Apache-2.0
- Source:
- Optimized Implementation sources:
518de2414awith copy_from_upstream patches- pqclean-aarch64:
- Source:
d742438e5cwith copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0
- Source:
- pqclean-aarch64:
Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---|---|---|---|---|---|---|
| Kyber512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
Kyber512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.
Kyber768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Kyber1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Explanation of Terms
- Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.