mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-10-04 00:02:01 -04:00
769412623c
* Fix an issue where run_tests tried to run tests from upstream. Fix by @DStebila * No longer checking spdx on files copied from upstream * Added compiler checking for gcc. Must be at least 9.4.0. * Added pqclean's aarch64 optimized kyber implementation to liboqs * stripping asimd flag for ARM64_V8 as it isn't needed and will cause errors when trying to specify it during compilation * Updated kyber docs * Updated kyber markdown so that no-secret-dependent-branching-checked-by-valgrind correctly says false for the new aarch64 implementation * Added automated updating of legacy yaml format, and added some yaml files which don't get automatically updated * Fixed a bug where optimized upstreams would use the primary upstream's supported platform * Fixed a bug with copy_from_upstream.py's verify function where it would always use the default upstream location when comparing with diff * Added reporting for implementations that are in upstream but aren't yet integrated into liboqs * Added support to ignore implementations from upstream in copy_from_upstream.yml. This is to prevent implementations that haven't been integrated into LIBOQS yet from being pulled in by copy_from_upstream.py. It also silences the warning when verifying. * Adding updated ymls and md files for docs * copy_from_upstream.py now also calls update_docs_from_yaml.py
12 KiB
12 KiB
NTRU-Prime
- Algorithm type: Key encapsulation mechanism.
- Main cryptographic assumption: NTRU.
- Principal submitters: Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Chitchanok Chuengsatiansup, Tanja Lange, Adrian Marotzke, Bo-Yuan Peng, Nicola Tuveri, Christine van Vredendaal, Bo-Yin Yang.
- Authors' website: https://ntruprime.cr.yp.to
- Specification version: supercop-20200826.
- Primary Source:
- Source:
7eb978b4a7 - Implementation license (SPDX-Identifier): Public domain , which takes it from:
- https://github.com/jschanck/package-pqclean/tree/4d9f08c3/ntruprime, which takes it from:
- supercop-20210604
- Source:
Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---|---|---|---|---|---|---|
| ntrulpr653 | IND-CCA2 | 1 | 897 | 1125 | 1025 | 32 |
| ntrulpr761 | IND-CCA2 | 2 | 1039 | 1294 | 1167 | 32 |
| ntrulpr857 | IND-CCA2 | 3 | 1184 | 1463 | 1312 | 32 |
| ntrulpr1277 | IND-CCA2 | 5 | 1847 | 2231 | 1975 | 32 |
| sntrup653 | IND-CCA2 | 1 | 994 | 1518 | 897 | 32 |
| sntrup761 | IND-CCA2 | 2 | 1158 | 1763 | 1039 | 32 |
| sntrup857 | IND-CCA2 | 3 | 1322 | 1999 | 1184 | 32 |
| sntrup1277 | IND-CCA2 | 5 | 2067 | 3059 | 1847 | 32 |
ntrulpr653 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.
ntrulpr761 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
ntrulpr857 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
ntrulpr1277 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
sntrup653 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
sntrup761 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
sntrup857 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
sntrup1277 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | clean | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2 | False | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Explanation of Terms
- Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.