Skip to content

Releases: open-quantum-safe/liboqs

liboqs version 0.12.0

10 Dec 01:29
f4b9622
Compare
Choose a tag to compare

liboqs version 0.12.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.12.0 of liboqs. It was released on December 9, 2024.

This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release.

Deprecation notice

This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).

The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at #2001.

Security issues

  • CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.

What's New

This release continues from the 0.11.0 release of liboqs.

Key encapsulation mechanisms

  • HQC: Fixed bug in decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
  • Kyber: This is the last release of liboqs to include Kyber.
  • ML-KEM: Improved testing of ML-KEM.

Digital signature schemes

  • LMS: Fixed crashing bug.
  • ML-DSA: Removed FIPS 204-ipd (initial public draft) and replaced it with FIPS 204 final version.
  • Added new API for digital signatures with context strings; see #2001 for plan to remove old API without context string.
  • Added fuzzing tests for signature schemes.
  • Added benchmarking for stateful hash-based signature schemes.

Other changes

  • Updated CBOM format to version 1.6.
  • Added a function OQS_thread_stop to be called by multi-threaded applications to properly deallocate resources in a threaded execution.
  • Added preprocessor macros conveying liboqs version information.

Detailed changelog

What's Changed

New Contributors

Full Changelog: 0.11.0...0.12.0

liboqs version 0.12.0 release candidate 1

29 Nov 16:51
d0d0413
Compare
Choose a tag to compare

liboqs version 0.12.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is release candidate 1 for version 0.12.0 of liboqs. It was released on November 29, 2024.

This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release.

Deprecation notice

This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).

The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at #2001.

What's New

This release continues from the 0.11.0 release of liboqs.

Key encapsulation mechanisms

  • HQC: Fixed correctness bug in decapsulation. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue.
  • Kyber: This is the last release of liboqs to include Kyber.
  • ML-KEM: Improved testing of ML-KEM.

Digital signature schemes

  • LMS: Fixed crashing bug.
  • ML-DSA: Removed FIPS 204-ipd (initial public draft) and replaced it with FIPS 204 final version.
  • Added new API for digital signatures with context strings; see #2001 for plan to remove old API without context string.
  • Added fuzzing tests for signature schemes.
  • Added benchmarking for stateful hash-based signature schemes.

Other changes

  • Updated CBOM format to version 1.6.
  • Added a function OQS_thread_stop to be called by multi-threaded applications to properly deallocate resources in a threaded execution.
  • Added preprocessor macros conveying liboqs version information.

Detailed changelog

What's Changed

New Contributors

Full Changelog: 0.11.0...0.12.0-rc1

liboqs version 0.11.0

27 Sep 16:08
6f30d7e
Compare
Choose a tag to compare

liboqs version 0.11.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.11.0 of liboqs. It was released on September 26, 2024.

This release updates ML-KEM implementations to their final FIPS 203 versions. This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. Additionally, this release adds support for MAYO and CROSS digital signature schemes from NIST Additional Signatures Round 1 along with stateful hash-based signature schemes XMSS and LMS. Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade.

LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md.

What's New

This release continues from the 0.10.1 release of liboqs.

Key encapsulation mechanisms

  • Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade.
  • ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
  • Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.

Digital signature schemes

  • LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS.
  • MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
  • CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.

Other changes

  • Added callback API to use custom implementations of AES, SHA2, and SHA3.
  • Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.

Detailed changelog

Read more

liboqs version 0.11.0 release candidate 1

13 Sep 23:09
Compare
Choose a tag to compare

liboqs version 0.11.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024.

This release updates ML-KEM implementations to their final FIPS 203 versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from NIST Additional Signatures Round 1 along with stateful hash-based signature schemes XMSS and LMS. Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade.

LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md.

What's New

This release continues from the 0.10.1 release of liboqs.

Key encapsulation mechanisms

  • Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade.
  • ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
  • Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.

Digital signature schemes

  • LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS.
  • MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
  • CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.

Other changes

  • Added callback API to use custom implementations of AES, SHA2, and SHA3.
  • Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.

Detailed changelog

Read more

0.10.1

07 Jun 15:30
Compare
Choose a tag to compare

liboqs version 0.10.1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.10.1 of liboqs. It was released on June 7, 2024.

This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber based on pq-crystals/kyber@0264efa and pq-crystals/kyber@9b8d306. It also includes a fix for incorrectly named macros in the ML-DSA implementation.

What's New

This release continues from the 0.10.0 release of liboqs.

Key encapsulation mechanisms

  • Kyber: portable C implementation updated
  • ML-KEM: portable C implementation updated

Digital signature schemes

  • ML-DSA: incorrectly named macros renamed

Detailed changelog

Full Changelog: 0.10.0...0.10.1

0.10.1 release candidate 1

05 Jun 17:32
Compare
Choose a tag to compare
Pre-release

liboqs version 0.10.1-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is release candidate 1 of version 0.10.1 of liboqs. It was released on June 5, 2024.

This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber based on pq-crystals/kyber@0264efa and pq-crystals/kyber@9b8d306. It also includes a fix for incorrectly named macros in the ML-DSA implementation.

What's New

This release continues from the 0.10.0 release of liboqs.

Key encapsulation mechanisms

  • Kyber: portable C and AVX2 implementations updated
  • ML-KEM: portable C and AVX2 implementations updated

Digital signature schemes

  • ML-DSA: incorrectly named macros renamed

Detailed changelog

Full Changelog: 0.10.0...0.10.1-rc1

0.10.0

23 Mar 13:05
36be574
Compare
Choose a tag to compare

liboqs version 0.10.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.10.0 of liboqs. It was released on March 20, 2024.
This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.

What's New

This release continues from the 0.9.2 release of liboqs.

Key encapsulation mechanisms

  • BIKE: Updated portable C implementation to include constant-time fixes from upstream.
  • HQC: Updated to NIST Round 4 version.
  • ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.

Digital signature schemes

  • Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
  • ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.

Other changes

  • Improved thread safety.
  • Added uninstall support via ninja uninstall
  • Documented platforms by support tier in PLATFORMS.md.
  • Added support for Zephyr RTOS.
  • Improved support for macOS on Apple Silicon.
  • Removed support for the "NIST-KAT" DRBG.
  • Added extended KAT test programs.

Detailed changelog

Read more

liboqs version 0.10.0 release candidate 2

14 Mar 01:32
Compare
Choose a tag to compare

liboqs version 0.10.0-rc2

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is release candidate 2 of version 0.10.0 of liboqs. It was released on March 13, 2024.

This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.

What's New

This release continues from the 0.9.2 release of liboqs.

Key encapsulation mechanisms

  • BIKE: Updated portable C implementation to include constant-time fixes from upstream.
  • HQC: Updated to NIST Round 4 version.
  • ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-786, and ML-KEM-1024.

Digital signature schemes

  • Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
  • ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.

Other changes

  • Improved thread safety.
  • Added uninstall support via ninja uninstall
  • Documented platforms by support tier in PLATFORMS.md.
  • Added support for Zephyr RTOS.
  • Improved support for macOS on Apple Silicon.
  • Removed support for the "NIST-KAT" DRBG.
  • Added extended KAT test programs.

Detailed changelog

Read more

0.10.0 release candidate 1

08 Mar 14:32
Compare
Choose a tag to compare
Pre-release

liboqs version 0.10.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is release candidate 1 of version 0.10.0 of liboqs. It was released on March 8, 2024.

This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.

What's New

This release continues from the 0.9.2 release of liboqs.

Key encapsulation mechanisms

  • BIKE: Updated portable C implementation to include constant-time fixes from upstream.
  • HQC: Updated to NIST Round 4 version.
  • ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-786, and ML-KEM-1024.

Digital signature schemes

  • Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
  • ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.

Other changes

  • Improved thread safety.
  • Added uninstall support via ninja uninstall
  • Documented platforms by support tier in PLATFORMS.md.
  • Added support for Zephyr RTOS.
  • Improved support for macOS on Apple Silicon.
  • Removed support for the "NIST-KAT" DRBG.
  • Added extended KAT test programs.

Detailed changelog

Read more

liboqs version 0.9.2

17 Jan 01:38
Compare
Choose a tag to compare

liboqs version 0.9.2

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.9.2 of liboqs. It was released on January 16, 2024.

This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@272125f

What's New

This release continues from the 0.9.1 release of liboqs.

Key encapsulation mechanisms

  • Kyber: C, AVX2, and aarch64 implementation updated

Detailed changelog

Full Changelog: 0.9.1...0.9.2