mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-10-04 00:02:01 -04:00
0807ecf9af
* currently there is a bug where pytest doesn't work but the individual tests work... looking into it still. * Fix an issue where run_tests tried to run tests from upstream. Fix by @DStebila * No longer checking spdx on files copied from upstream * pqclean's aarch64 kyber implementation is now being pulled from. Still need to clean things up. * pqclean kyber fragment was left behind. It's now added * Added compiler checking for gcc. Must be at least 9.4.0. Need to track down clang and appleclang * Need to figure out how to handle commen dependencies from multiple upstreams * Cleaned up copy_from_upstream.py a bit * Added pqclean's aarch64 optimized kyber implementation to liboqs * Added pqclean's aarch64 optimized kyber implementation to liboqs * Fixed an isssue where 'empty' conditionals were added to kem_scheme.c files when there were no required flags * reverting sabre to version prior to updated copy_from_upstream script * stripping asimd flag for ARM64_V8 as it isn't needed and will cause errors when trying to specify it during compilation * Fixed an issue where empty conditionals would appear when no required flags were specified * Updated kyber docs * Updated kyber docs with better formatting * Adding updated kyber documentation * Reverting documentation that was erroniously updated while updating kyber. * Reverted ntruprime too far back by mistake * Updated kyber doc's yml no-secret-dependent-branching-checked-by-valgrind to false * Updated kyber markdown so that no-secret-dependent-branching-checked-by-valgrind correctly says false for the new aarch64 implementation
11 KiB
11 KiB
Kyber
- Algorithm type: Key encapsulation mechanism.
- Main cryptographic assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- Principal submitters: Peter Schwabe.
- Auxiliary submitters: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- Authors' website: https://pq-crystals.org/
- Specification version: NIST Round 3 submission.
- Primary Source:
- Source:
faf5c3fe33with copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0
- Source:
- Optimized Implementation sources:
faf5c3fe33with copy_from_upstream patches- pqclean-aarch64:
- Source:
7eb978b4a7with copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0
- Source:
- pqclean-aarch64:
Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---|---|---|---|---|---|---|
| Kyber512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber512-90s | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber768-90s | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
| Kyber1024-90s | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
Kyber512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.
Kyber512-90s implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT,SSE2,SSSE3 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Kyber768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Kyber768-90s implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT,SSE2,SSSE3 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Kyber1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Kyber1024-90s implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT,SSE2,SSSE3 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Explanation of Terms
- Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.