mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-12-05 00:03:00 -05:00
3ca1a36909
* Initial derive keypair commit Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com> Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Add pqcrystals-ml_kem_ipd.patch Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com> Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Fix encaps key in scheme and revert whitespace changes Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Hopefully corrected patch file Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Corrected missing derand in kem_scheme Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Fix indentation Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Run copy_from_upstream Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> derand testing tentative changes Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Add missing function declarations Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Add template for avx2 derand functions Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Run copy_from_upstream Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> WIP: Add changes for coin length Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Update patch to include coin lengths Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Bootstrap Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Conditional copy Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Run copy_from_upstream Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Separate coins variable into two distinct variables Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com> Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Add derand fixes - Add support for BIKE, FrodoKEM, sntrup - Add hooks for testing - Add missing kem comment to documentation - Don't run decaps() in test_kem_derand if encaps_derand() fails - Add markdown documentation changes Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> WIP trying to fix build errors Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Fix remaining build issues Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Resolve unused parameter issues for BIKE Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Resolve unused paramter issues for FrodoKEM Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Fix whitespace inconsistency Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Fix whitepace issue Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Insert unused attributes Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Void all unused parameters Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Use tab instead of spaces in kem_scheme Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Run copy_from_upstream Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Fix kem_derand python tests Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Initialize coins in test_kem_derand Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Update patch to work with mlkem-native Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Update docs generation and templating Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Run copy_from_upstream [full tests] [extended tests] Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Don't call randombytes on zero-length arrays Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Run format script Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Remove encaps_derand support Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Run copy_from_upstream Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Skip encaps/decaps in test_kem_derand Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Refactor test code Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * s/coins/seed/g Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Improve output Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> * Improve formatting [full tests] [extended tests] Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> --------- Signed-off-by: Eddy Kim <e84kim@uwaterloo.ca> Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca> Co-authored-by: Eddy Kim <Eddy.M.Kim@outlook.com>
9.8 KiB
9.8 KiB
FrodoKEM
- Algorithm type: Key encapsulation mechanism.
- Main cryptographic assumption: learning with errors (LWE).
- Principal submitters: Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, Douglas Stebila.
- Authors' website: https://frodokem.org/
- Specification version: NIST Round 3 submission.
- Primary Source:
- Source:
b6609d30a9 - Implementation license (SPDX-Identifier): MIT
- Source:
Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) |
|---|---|---|---|---|---|---|---|---|
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA |
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA |
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA |
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA |
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA |
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA |
FrodoKEM-640-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|---|---|---|---|---|---|---|---|
| Primary Source | master | All | All | None | True | True | False |
| Primary Source | master | x86_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.
FrodoKEM-640-SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | master | All | All | None | True | True | False |
| Primary Source | master | x86_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
FrodoKEM-976-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | master | All | All | None | True | True | False |
| Primary Source | master | x86_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
FrodoKEM-976-SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | master | All | All | None | True | True | False |
| Primary Source | master | x86_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
FrodoKEM-1344-AES implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | master | All | All | None | True | True | False |
| Primary Source | master | x86_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
FrodoKEM-1344-SHAKE implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | master | All | All | None | True | True | False |
| Primary Source | master | x86_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Explanation of Terms
- Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.