sharpetronics/liboqs

mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-12-15 00:03:27 -05:00

Douglas Stebila fd1b89724a

Update SPHINCS+ (#1420 )

* Switch to new PQClean commit for SPHINCS+ and remove old patch file

* Improve "compilability" on Apple M1 (ARM) (#1421)

* correct ARM SHA3 extension addition

* correct compile option for ARM SHA

* correct SHA3 enablement

* Remove SPHINCS+ robust and Haraka variants

* Fix SHA2 block sizes in OpenSSL wrapper

* enable Keccak for Sphincs even if OpenSSL shall provide SHA3

* properly handle xkcp enablement if only specific algorithms are selected

* correct conditional setting

* re-enable XKCP for other platforms

* Windows support

* alternate pqcrystals-AES removal

---------

Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com>

2023-05-16 10:54:28 -04:00

17 KiB

Raw Blame History

SPHINCS+

Algorithm type: Digital signature scheme.
Main cryptographic assumption: hash-based signatures.
Principal submitters: Andreas Hülsing.
Auxiliary submitters: Jean-Philippe Aumasson, Daniel J. Bernstein,, Ward Beullens, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, Bas Westerbaan.
Authors' website: https://sphincs.org/
Specification version: NIST Round 3 submission.
Primary Source:
- Source: c1b19a865d with copy_from_upstream patches
- Implementation license (SPDX-Identifier): CC0-1.0

Advisories

This algorithm is not tested under Windows.

Parameter set summary

Parameter set	Security model	Claimed NIST Level	Public key size (bytes)	Secret key size (bytes)	Signature size (bytes)
SPHINCS+-SHA256-128f-simple	EUF-CMA	1	32	64	17088
SPHINCS+-SHA256-128s-simple	EUF-CMA	1	32	64	7856
SPHINCS+-SHA256-192f-simple	EUF-CMA	3	48	96	35664
SPHINCS+-SHA256-192s-simple	EUF-CMA	3	48	96	16224
SPHINCS+-SHA256-256f-simple	EUF-CMA	5	64	128	49856
SPHINCS+-SHA256-256s-simple	EUF-CMA	5	64	128	29792
SPHINCS+-SHAKE256-128f-simple	EUF-CMA	1	32	64	17088
SPHINCS+-SHAKE256-128s-simple	EUF-CMA	1	32	64	7856
SPHINCS+-SHAKE256-192f-simple	EUF-CMA	3	48	96	35664
SPHINCS+-SHAKE256-192s-simple	EUF-CMA	3	48	96	16224
SPHINCS+-SHAKE256-256f-simple	EUF-CMA	5	64	128	49856
SPHINCS+-SHAKE256-256s-simple	EUF-CMA	5	64	128	29792

SPHINCS+-SHA256-128f-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?‡
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.

SPHINCS+-SHA256-128s-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHA256-192f-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHA256-192s-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHA256-256f-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHA256-256s-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHAKE256-128f-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHAKE256-128s-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHAKE256-192f-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHAKE256-192s-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHAKE256-256f-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

SPHINCS+-SHAKE256-256s-simple implementation characteristics

Implementation source	Identifier in upstream	Supported architecture(s)	Supported operating system(s)	CPU extension(s) used	No branching-on-secrets claimed?	No branching-on-secrets checked by valgrind?	Large stack usage?
Primary Source	clean	All	All	None	True	True	False
Primary Source	avx2	x86_64	All	AVX2	True	True	False

Are implementations chosen based on runtime CPU feature detection? Yes.

Explanation of Terms

Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.