mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-10-04 00:02:01 -04:00
8ee6039c74
* add bitflip test to test_sig.c Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * format code Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * - add sig->suf_cma - add command-line argument to test_sig.c (the number of bitflips) - update CROSS upstream to SUF-CMA Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * %d to %ld for size_t bitflips Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * cast argument bitflips to size_t Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * replace atoi() with strtol() Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * cast bit_index to %llu Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * update bitflip tests: - revert CROSS to EUF-CMA - add test_bitflip_message - exclude stateful signatures for now Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * remove bitflips_as_str in printf Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * test_bitflip as a single function, add support for stateful signatures Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * add OQS_TEST_CT_DECLASSIFY after test_bitflip_stfl Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * [extended tests] Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * more OQS_TEST_CT_DECLASSIFY [extended tests] Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * patch dilithium to add suf-cma Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * run copy_from_upstream.py Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * SUF-CMA in dilithium docs, run copy_from_upstream.py Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * correct sizeof in OQS_randombytes call (thank you @SWilson4!) Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * factor bitflip testing functions out into test_helpers.c Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * --allow-multiple-definition for Windows .dll in test_kem_mem Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> * --allow-multiple-definition for Windows .dll in test_sig and test_sig_stfl Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --------- Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com>
6.6 KiB
6.6 KiB
CRYSTALS-Dilithium
- Algorithm type: Digital signature scheme.
- Main cryptographic assumption: hardness of lattice problems over module lattices.
- Principal submitters: Vadim Lyubashevsky.
- Auxiliary submitters: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé.
- Authors' website: https://pq-crystals.org/dilithium/
- Specification version: 3.1.
- Primary Source:
- Source:
3e9b9f1412with copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0 or Apache-2.0
- Source:
- Optimized Implementation sources:
3e9b9f1412with copy_from_upstream patches- oldpqclean-aarch64:
- Source:
8e220a8730with copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
- Source:
- oldpqclean-aarch64:
Parameter set summary
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|---|---|---|---|---|---|---|
| Dilithium2 | NA | SUF-CMA | 2 | 1312 | 2528 | 2420 |
| Dilithium3 | NA | SUF-CMA | 3 | 1952 | 4000 | 3293 |
| Dilithium5 | NA | SUF-CMA | 5 | 2592 | 4864 | 4595 |
Dilithium2 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| oldpqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.
Dilithium3 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| oldpqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Dilithium5 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Darwin,Linux | AVX2,POPCNT | True | True | False |
| oldpqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Explanation of Terms
- Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.