mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-12-11 00:04:48 -05:00
fd1b89724a
* Switch to new PQClean commit for SPHINCS+ and remove old patch file * Improve "compilability" on Apple M1 (ARM) (#1421) * correct ARM SHA3 extension addition * correct compile option for ARM SHA * correct SHA3 enablement * Remove SPHINCS+ robust and Haraka variants * Fix SHA2 block sizes in OpenSSL wrapper * enable Keccak for Sphincs even if OpenSSL shall provide SHA3 * properly handle xkcp enablement if only specific algorithms are selected * correct conditional setting * re-enable XKCP for other platforms * Windows support * alternate pqcrystals-AES removal --------- Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
6.5 KiB
6.5 KiB
Kyber
- Algorithm type: Key encapsulation mechanism.
- Main cryptographic assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1).
- Principal submitters: Peter Schwabe.
- Auxiliary submitters: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- Authors' website: https://pq-crystals.org/
- Specification version: NIST Round 3 submission.
- Primary Source:
- Source:
518de2414awith copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0 or Apache-2.0
- Source:
- Optimized Implementation sources:
518de2414awith copy_from_upstream patches- pqclean-aarch64:
- Source:
c1b19a865dwith copy_from_upstream patches - Implementation license (SPDX-Identifier): CC0-1.0
- Source:
- pqclean-aarch64:
Parameter set summary
| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) |
|---|---|---|---|---|---|---|
| Kyber512 | IND-CCA2 | 1 | 800 | 1632 | 768 | 32 |
| Kyber768 | IND-CCA2 | 3 | 1184 | 2400 | 1088 | 32 |
| Kyber1024 | IND-CCA2 | 5 | 1568 | 3168 | 1568 | 32 |
Kyber512 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.
Kyber768 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Kyber1024 implementation characteristics
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|---|---|---|---|---|---|---|---|
| Primary Source | ref | All | All | None | True | True | False |
| Primary Source | avx2 | x86_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| pqclean-aarch64 | aarch64 | ARM64_V8 | Linux,Darwin | None | True | False | False |
Are implementations chosen based on runtime CPU feature detection? Yes.
Explanation of Terms
- Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.