liboqs version 0.4.0

liboqs version 0.4.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

• OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
• OQS-OpenSSH 7.9 portable 1: A prototype integration of liboqs-based authentication and key exchange into SSH in our fork of OpenSSH 7.9; see the OQS-master branch of our OpenSSH fork's repository.
• OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.

liboqs can also be used in the following programming languages via language-specific wrappers:

• C++, via https://github.com/open-quantum-safe/liboqs-cpp
• Go, via https://github.com/open-quantum-safe/liboqs-go
• Java, via https://github.com/open-quantum-safe/liboqs-java
• .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
• Python 3, via https://github.com/open-quantum-safe/liboqs-python

Release notes

This is version 0.4.0 of liboqs. It was released on August 11, 2020.

What's New

This release continues from the 0.3.0 release of liboqs.

Key encapsulation mechanisms

• HQC: Added version 2019/08/24
• NewHope: Update to version 1.1
• SIKE: Update to version 3.3

Digital signature schemes

• Dilithium: Use version directly from PQCrystals GitHub
• Picnic: Update to v3.0

Other changes

• AES-NI support when liboqs does not use OpenSSL for AES

Deprecations

As a result of NIST's announcement of Round 3 of the Post-Quantum Cryptography Standardization Project, the 0.4.x series will be the last release(s) of liboqs that contain algorithms from Round 2 that are not Round 3 finalists or alternate candidates. Those algorithms will be removed in the 0.5.0 release. The algorithms in question are: NewHope, ThreeBears, MQDSS, and qTesla. These algorithms are considered deprecated within liboqs and will receive no updates after this release.

liboqs version 0.3.0

liboqs version 0.3.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

• OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
• OQS-OpenSSH 7.9 portable 1: A prototype integration of liboqs-based authentication and key exchange into SSH in our fork of OpenSSH 7.9; see the OQS-master branch of our OpenSSH fork's repository.
• OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.

liboqs can also be used in the following programming languages via language-specific wrappers:

• C++, via https://github.com/open-quantum-safe/liboqs-cpp
• Go, via https://github.com/thales-e-security/goliboqs
• .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
• Python 3, via https://github.com/open-quantum-safe/liboqs-python

Release notes

This is version 0.3.0 of liboqs, which was released on June 10, 2020. Its release page on GitHub is https://github.com/open-quantum-safe/liboqs/releases/tag/0.3.0.

What's New

This release continues from the 0.2.0 release of liboqs.

Key encapsulation mechanisms

• BIKE: Update to Round 2 submission; removes BIKE2-*, BIKE3-*, BIKE1-L5, renames BIKE1-L1 and BIKE1-L3 to BIKE1-L1-CPA and BIKE1-L3-CPA, and adds BIKE1-L1-FO and BIKE-L3-FO
• Classic McEliece: Newly added
• Kyber: Add "90s variants": Kyber512-90s, Kyber768-90s, Kyber1024-90s
• LEDAcrypt: Newly added
• ThreeBears: Newly added

Digital signature schemes

• Falcon: Newly added
• MQDSS: Update to v2.1
• Picnic: Update to v2.2
• qTesla: Update to v1.0
• Rainbow: Newly added
• SPHINCS+: Add AVX2 and AESNI implementations

Other changes

• Switch build system to CMake
• Add support for building via Mingw on Windows
• Support cross compilation via CMake to Raspberry Pi, Android, Windows, and more
• Most optimizations dependent on specific CPU features are automatically detected at runtime, rather than being selected at compile-time

liboqs version 0.2.0

liboqs version 0.2.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

• OpenSSL 1.0.2: A prototype integration of liboqs-based authentication and key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.
• OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
• OpenSSH 7.9 portable 1: A prototype integration of liboqs-based authentication and key exchange into SSH in our fork of OpenSSH 7.9; see the OQS-master branch of our OpenSSH fork's repository.

liboqs can also be used in the following programming languages via language-specific wrappers:

• C++, via https://github.com/open-quantum-safe/liboqs-cpp
• Go, via https://github.com/thales-e-security/goliboqs
• .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
• Python 3, via https://github.com/open-quantum-safe/liboqs-python

Release notes

This release of liboqs was released on October 9, 2019. Its release page on GitHub is https://github.com/open-quantum-safe/liboqs/releases/tag/0.2.0.

What's New

This release continues from the 0.1.0 release of liboqs "master branch".

Key encapsulation mechanisms

• Update FrodoKEM, NewHope, and SIDH/SIKE to NIST Round 2 submissions
• Add Kyber, NTRU, and Saber NIST Round 2 submissions

Digital signature schemes

• Update Picnic to NIST Round 2 submissions
• Add Dilithium, MQDSS, Rainbow, and SPHINCS+ NIST Round 2 submissions

Other changes

• Add support for cross-compilation on ARM
• Add more extensive continuous integration testing
• Use OpenSSL for AES, SHA-2, and SHA-3 where available
• Add functions for runtime detection of whether KEM and signature scheme algorithms are enabled

Previous releases of liboqs differentiated between "master branch" and "nist-branch", with nist-branch supporting more algorithms. As of this release, nist-branch will no longer be developed or released, and all future releases are planned to be based on master branch.

Future work

Releases of liboqs master branch will be made every 2 to 3 months. Details about the algorithm lifecycle of master branch can be found at https://github.com/open-quantum-safe/liboqs/wiki/Contributing-Guide. Plans for the next release can be found online at https://github.com/open-quantum-safe/liboqs/projects/11

liboqs nist-branch snapshot-2018-11

liboqs nist-branch snapshot 2018-11

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

This branch of liboqs can be used with the following Open Quantum Safe application integrations:

• OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.
• OpenSSL 1.1.1: A prototype integration of liboqs-based key exchange and authentication into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
• OpenSSH 7.7 portable 1: A prototype integration of liboqs-based key exchange into SSH in our fork of OpenSSH 7.7; see the OQS-master branch of our OpenSSH fork's repository.

Release notes

This snapshot of nist-branch was released on November 13, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-11.

What's New

This is the fourth snapshot release of liboqs nist-branch.

New key encapsulation mechanisms

The following KEMs have been added in the 2018-11 snapshot release:

• Titanium: 4 parameterizations: Titanium-CCA-std, Titanium-CCA-med, Titanium-CCA-hi, Titanium-CCA-super (contributed by Ben Davies (University of Waterloo))

The BIKE implementation was updated.

New signature schemes

The following signature schemes have been added in the 2018-11 snapshot release:

• CRYSTALS-Dilithium: 3 parameterizations: Dilithium_II_medium, Dilithium_III_recommended, Dilithium_IV_very_high (contributed by Tancrède Lepoint)

The qTESLA implementation was updated with a new upstream version (2018-07-28).

API changes

• The public and private API have been more clearly delineated. The public API is now deemed to consist of oqs/common.h, oqs/oqsconfig.h, oqs/kem.h, oqs/rand.h, and oqs/sig.h and is marked with OQS_API.
• An alg_version field is present on the OQS_KEM and OQS_SIG objects to indicate the version of the algorithm present.

Fixes

• URL for downloading Keccak Code Package updated.
• See https://github.com/open-quantum-safe/liboqs/issues?q=is%3Aissue+label%3Anist-branch+is%3Aclosed+project%3Aopen-quantum-safe%2Fliboqs%2F9 for a detailed list of changes.

Future work

Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/10.

liboqs master branch version 0.1.0

liboqs master branch version 0.1.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (master branch) aims to selectively incorporate allegedly quantum-resistant key encapsulation mechanisms and signature schemes, for the purposes of integration into a common API for liboqs-reliant applications. Details about liboqs master branch can be found in README.md. See in particular limitations on intended use and acceptance criteria.

This branch of liboqs can be used with the following Open Quantum Safe application integrations:

• OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.
• OpenSSL 1.1.1: A prototype integration of liboqs-based key exchange and authentication into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
• OpenSSH 7.7 portable 1: A prototype integration of liboqs-based key exchange into SSH in our fork of OpenSSH 7.7; see the OQS-master branch of our OpenSSH fork's repository.

Release notes

This release of liboqs master branch was released on November 13, 2018. Its release page on GitHub is https://github.com/open-quantum-safe/liboqs/releases/tag/master-0.1.0.

What's New

This is the first release of liboqs master branch.

This branch of liboqs aims to selectively incorporate allegedly quantum-resistant key encapsulation mechanisms and signature schemes, for the purposes of integration into a common API for liboqs-reliant applications. Implementations on this branch must meet certain acceptance criteria as indicated in README.md.

Key encapsulation mechanisms

The following KEMs are present in this liboqs master release:

• BIKE, based on quasi-cyclic syndrome decoding; 9 parameterizations: BIKE1-L1, BIKE1-L3, BIKE1-L5, BIKE2-L1, BIKE2-L3, BIKE2-L5, BIKE3-L1, BIKE3-L3, BIKE3-L5
• FrodoKEM, based on learning with errors; 4 parameterizations: FrodoKEM-640-AES, FrodoKEM-640-cSHAKE, FrodoKEM-976-AES, FrodoKEM-976-cSHAKE
• NewHopeNIST, based on ring learning with errors; 2 parameterizations: NewHope-512-CCA-KEM, NewHope-1024-CCA-KEM
• SIKE and SIDH, based on the supersingular isogeny walk problem; 4 parameterizations: Sike-p503, Sike-p751, Sidh-p503, Sidh-p751

Digital signature schemes

The following signature schemes are present in this liboqs master release:

• Picnic: based on hash function and key recovery security of lowMC block cipher; 6 parameterizations: picnic_L1_FS, picnic_L1_UR, picnic_L3_FS, picnic_L3_UR, picnic_L5_FS, picnic_L5_UR
• qTESLA, based on ring learning with errors; 3 parameterizations: qTESLA_I, qTESLA_III_size, qTESLA_III_speed

Future work

Releases of liboqs master branch will be made every 2 to 3 months. Details about the algorithm lifecycle of master branch can be found in README.md. Plans for the next release can be found online at https://github.com/open-quantum-safe/liboqs/projects/12.

liboqs nist-branch snapshot 2018-07

liboqs nist-branch snapshot 2018-07

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

This branch of liboqs can be used with the following Open Quantum Safe application integrations:

• OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.

Release notes

This snapshot of nist-branch was released on July 27, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-07.

What's New

This is the third snapshot release of liboqs nist-branch.

New key encapsulation mechanisms

The following KEMs have been added in the 2018-07 snapshot release:

• LEDAkem: 9 parameterizations: LEDAKEM_C1_N02, LEDAKEM_C1_N03, LEDAKEM_C1_N04, LEDAKEM_C3_N02, LEDAKEM_C3_N03, LEDAKEM_C3_N04, LEDAKEM_C5_N02, LEDAKEM_C5_N03, LEDAKEM_C5_N04 (contributed by Shravan Mashra (University of Waterloo))

New signature API and schemes

liboqs nist-branch now includes support for signature schemes via the API described in src/sig/sig.h; the API is based on the NIST and SUPERCOP APIs. Signature schemes can be tested using ./test_sig, benchmarked using ./speed_sig; example_sig contains a minimal example of using the signature API.

The following signature schemes have been added in the 2018-07 snapshot release:

• Picnic: 6 parameterizations: picnic_L1_FS, picnic_L1_UR, picnic_L3_FS, picnic_L3_UR, picnic_L5_FS, picnic_L5_UR (contributed by Christian Paquin (Microsoft Research))
• qTESLA: 5 parameterizations: qTESLA_I, qTESLA_III_size, qTESLA_III_speed, qTESLA_p_I, qTESLA_p_I (contributed by Christian Paquin (Microsoft Research))

Fixes

• Automatic detection of binutils version for BIKE build (contributed by Maxime Anvari)

Future work

Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/9.

liboqs nist-branch snapshot 2018-05

liboqs nist-branch snapshot 2018-05

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

This branch of liboqs can be used with the following Open Quantum Safe application integrations:

• OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.

Release notes

This snapshot of nist-branch was released on May 30, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-05.

What's New

This is the second snapshot release of liboqs nist-branch.

New key encapsulation mechanisms

The following KEMs have been added in the 2018-05 snapshot release:

• BIG QUAKE: 3 parameterization: BIG_QUAKE_1, BIG_QUAKE_3, BIG_QUAKE_5 (contributed by Shravan Mashra (University of Waterloo))
• BIKE: 9 parameterizations: BIKE1-L1, BIKE1-L3, BIKE1-L5, BIKE2-L1, BIKE2-L3, BIKE2-L5, BIKE3-L1, BIKE3-L3, BIKE3-L5; optimized builds on Linux platforms with AVX/AVX2/AVX512 support (contributed by Nir Drucker and Shay Gueron (Amazon Web Services))
• LIMA: 6 parameterizations: Lima-2p-1024-CCA-KEM, Lima-2p-2048-CCA-KEM, Lima-sp-1018-CCA-KEM, Lima-sp-1306-CCA-KEM, Lima-sp-1822-CCA-KEM, Lima-sp-2062-CCA-KEM (contributed by Douglas Stebila (McMaster University))
• Saber: 3 parameterizations: LightSaber-KEM, Saber-KEM, FireSaber-KEM (contributed by Douglas Stebila (McMaster University))
• SIKE: 2 parameterizations: Sike-p503, Sike-p751 (contributed by Christian Paquin (Microsoft Research))

General improvements

• Can now be built with multi-threaded make (e.g., make -j8)
• The default pseudorandom number generator is now OpenSSL's RAND_bytes function for better performance; applications can choose a different PRNG at runtime
• example_kem matches documented example in https://github.com/open-quantum-safe/liboqs/wiki/Minimal-example-of-a-post-quantum-key-encapsulation-mechanism-(using-the-new-NIST-like)-API (contributed by Vlad Gheorghiu)

Fixes

• Fixed improperly built shared library
• Cleansed secret variables in example programs

Comparison to liboqs master

This snapshot release of nist-branch contains the following differences compared to the current version of liboqs master:

• Algorithms are formulated as key encapsulation mechanisms, rather than key exchange mechanisms.
• Integrations are "light touch" -- see README.md for more about integration philosophy.
• A different build process is used.
• A global randombytes function is available for random number generation, rather than the OQS_RAND object in master.
• Signature schemes are not yet supported.

Future work

Snapshot releases of nist-branch will be made monthly. Plans for the next snapshot release of nist-branch can be found online at https://github.com/open-quantum-safe/liboqs/projects/8.

By the end of June 2018, we aim to release a new version of our master branch that uses the same API as nist-branch.

liboqs nist-branch snapshot 2018-04

liboqs nist-branch snapshot 2018-04

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms.

This branch of liboqs (nist-branch) focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. Details about nist-branch can be found in README.md. See in particular limitations on intended use.

Release notes

This snapshot of nist-branch was released on April 10, 2018. Its release page on Github is https://github.com/open-quantum-safe/liboqs/releases/tag/nist-branch-snapshot-2018-04.

What's New

This is the first snapshot release of liboqs nist-branch.

This branch of liboqs aims to non-selectively incorporate submissions to the NIST Post-Quantum Cryptography project for the purposes of benchmarking and integration into a common API for liboqs-reliant applications.

This branch takes a "light touch" approach to incorporation:

• Source code from a NIST submission will be included ideally with no changes, in an "upstream" subdirectory.
• A thin wrapper will be written to provide the implementation using the liboqs API.
• The implementation will be added to the build process.
• To avoid namespace collisions between different algorithms, symbol renaming will be used on the compiled files.

New key encapsulation mechanisms

• FrodoKEM: 4 parameterizations: FrodoKEM-640-AES, FrodoKEM-640-cSHAKE, FrodoKEM-976-AES, FrodoKEM-976-cSHAKE.
• CRYSTALS-KYBER: 3 parameterizations: Kyber-512, Kyber-768, Kyber-1024.
• NewHopeNIST: 2 parameterizations: NewHope512-CCA-KEM, NewHope1024-CCA-KEM.

Generated executables and libraries

• test_kem: Simple test harness for all enabled key encapsulation mechanisms.
• kat_kem: Known answer test generator for all enabled key encapsulation mechanisms, to compare against KAT values in NIST submissions.
• speed_kem: Benchmarking program for key encapsulation mechanisms; see ./speed_kem --help for usage instructions.
• example_kem: Minimal runnable example showing the usage of the KEM API.
• liboqs.a: Static library.
• liboqs.so: Shared library.

Documentation

• Full Doxygen documentation of the public API (oqs/common.h, oqs/config.h, oqs/kem.h, and oqs/rand.h).
• Algorithm datasheets for all supported algorithms in docs/algorithms.
• Instructions for contributing new algorithms in CONTRIBUTING.md.

Application integrations

• OpenSSL 1.0.2: A prototype integration of liboqs-based key exchange into TLS 1.2 in our fork of OpenSSL 1.0.2; see the OQS-OpenSSL-1_0_2-stable branch of our OpenSSL fork's repository.

Comparison to liboqs master

This snapshot release of nist-branch contains the following differences compared to the current version of liboqs master:

• Algorithms are formulated as key encapsulation mechanisms, rather than key exchange mechanisms.
• Integrations are "light touch" -- see README.md for more about integration philosophy.
• A different build process is used.
• A global randombytes function is available for random number generation, rather than the OQS_RAND object in master.

Future work

Snapshot releases of nist-branch will be made monthly.

By mid-May 2018, we intend to have nist-branch and master branch with the same API, and for our OpenSSL and OpenSSH integrations building against both nist-branch and master branch.