kriskwiatkowski / pqc Goto Github PK

View Code? Open in Web Editor NEW

25.0 0.0 4.0 5.3 MB

Reference implementations of post-quantum cryptographic primitives

License: BSD 3-Clause "New" or "Revised" License

Makefile 0.02% CMake 0.22% C 52.20% C++ 0.10% Assembly 47.03% POV-Ray SDL 0.01% Rust 0.20% PHP 0.21%

post-quantum c cryptography rust

pqc's Introduction

PQ Crypto Catalog

Implementation of quantum-safe signature and KEM schemes submitted to NIST PQC Standardization Process.

The goal is to provide an easy-to-use API in C and Rust to enable experimentation and education. The code is derived from the submission to the NIST Post-Quantum Standardization, either directly or by leveraging PQClean project.

Users shouldn't expect any level of security provided by this code. Most of the code is unmaintained. The library is not meant to be used on production systems (or any other systems).

Supported schemes

All schemes selected by NIST duing PQC standardization:

Name	x86 optimized
Kyber	x
Dilithium	x
Falcon
SPHINCS+ SHA256/SHAKE256	x

KEM candidates for an additional round 4.

Name	x86 optimized
HQC-RMRS	x
McEliece

Building

CMake is used to build the library:

mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make

Build outputs two libraries, a static libpqc_s.a and dynamic libpqc.so, which can be linked with a project.

API

Library provides simple API, wrapping PQClean. For example to use KEM, one should call the library in following way:

    #include <pqc/pqc.h>

    const params_t *p = pqc_kem_alg_by_id(KYBER512);
    std::vector<uint8_t> ct(ciphertext_bsz(p));
    std::vector<uint8_t> ss1(shared_secret_bsz(p));
    std::vector<uint8_t> ss2(shared_secret_bsz(p));
    std::vector<uint8_t> sk(private_key_bsz(p));
    std::vector<uint8_t> pk(public_key_bsz(p));

    pqc_keygen(p, pk.data(), sk.data());
    pqc_kem_encapsulate(p, ct.data(), ss1.data(), pk.data());
    pqc_kem_decapsulate(p, ss2.data(), ct.data(), sk.data());

    p = pqc_sig_alg_by_id(DILITHIUM2);
    size_t sigsz = sig.capacity();
    pqc_keygen(p, pk.data(), sk.data());
    pqc_sig_create(p, sig.data(), &sigsz, msg.data(), msg.size(), sk.data());
    pqc_sig_verify(p, sig.data(), sig.size(), msg.data(), msg.size(), pk.data());

See test implemetnation in test/ut.cpp for more details.

Rust binding

Rust bindgings are provided in the src/rustapi/pqc-sys and can be regenerated automatically by running cargo build in that directory.

Testing against Known Answer Tests

Algorithms are tested against KATs, by the Rust-based runner implemented in the test/katrunner (only verification/decpaulation). The runner uses katwalk crate for parsing NIST format. To run it:

    cd test/katrunner
    curl http://amongbytes.com/~flowher/permalinks/kat.zip --output kat.zip
    unzip kat.zip
    cargo run -- --katdir KAT

pqc's People

Contributors

Stargazers

Forkers

modernmccoy kursatcakal thecoder0xff gu-cryptography

pqc's Issues

Investigate: -Wno-array-parameter

After removing -Wno-array-parameter I'm getting some errors in kyber. probably no problem

Investigate "-Wno-stringop-overread"

After removing -Wno-stringop-verread -Wno-stringop-overflow I'm getting:

cd /home/kris/repos/pqc/build/src/kem/sike && /usr/bin/cc -DPQCLEAN_NAMESPACE=PQC_SIKEP434_CLEAN -DPQC_ASM=1 -I/home/kris/repos/pqc/public -I/home/kris/repos/pqc/src/common -I/home/kris/repos/pqc/src -I/home/kris/repos/pqc/3rd/cpu_features/include -I/home/kris/repos/pqc/src/kem/sike/src/common -I/home/kris/repos/pqc/src/kem/sike -Wno-ignored-qualifiers   -Wall   -Werror   -Wextra   -Wpedantic   -Wshadow   -Wno-variadic-macros   -Wundef   -Wunused-result   -Wno-unused-command-line-argument  -Wno-array-parameter -O3 -DARCH_x86_64 -march=haswell -O3 -DNDEBUG -fPIC -std=gnu99 -MD -MT src/kem/sike/CMakeFiles/pqclean_sike_p434_clean.dir/p434/isogeny.c.o -MF CMakeFiles/pqclean_sike_p434_clean.dir/p434/isogeny.c.o.d -o CMakeFiles/pqclean_sike_p434_clean.dir/p434/isogeny.c.o -c /home/kris/repos/pqc/src/kem/sike/p434/isogeny.c
In function ‘xDBL’,
    inlined from ‘xDBLe’ at /home/kris/repos/pqc/src/kem/sike/p434/isogeny.c:37:9:
/home/kris/repos/pqc/src/kem/sike/p434/isogeny.c:22:5: error: ‘sike_fp2mul_mont’ accessing 112 bytes in a region of size 56 [-Werror=stringop-overflow=]
   22 |     sike_fp2mul_mont(C24, t0, Q->Z);                     // Z2 = C24*(X1-Z1)^2
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/kris/repos/pqc/src/kem/sike/p434/isogeny.c: In function ‘xDBLe’:
/home/kris/repos/pqc/src/kem/sike/p434/isogeny.c:22:5: note: referencing argument 3 of type ‘fp2 *’
In file included from /home/kris/repos/pqc/src/kem/sike/p434/isogeny.c:10:
/home/kris/repos/pqc/src/kem/sike/p434/fpx.h:40:6: note: in a call to function ‘sike_fp2mul_mont’
   40 | void sike_fp2mul_mont(const f2elm_t a, const f2elm_t b, f2elm_t c);
      |      ^~~~~~~~~~~~~~~~
In function ‘xDBL’,
    inlined from ‘xDBLe’ at /home/kris/repos/pqc/src/kem/sike/p434/isogeny.c:37:9:
/home/kris/repos/pqc/src/kem/sike/p434/isogeny.c:23:5: error: ‘sike_fp2mul_mont’ reading 112 bytes from a region of size 56 [-Werror=stringop-overread]
   23 |     sike_fp2mul_mont(t1, Q->Z, Q->X);                    // X2 = C24*(X1-Z1)^2*(X1+Z1)^2
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

add sike_cswap_asm

Some compliation flags are duplicated when compiling gtest

integrate Zalcon

See PQC workshop 3 and "Zalcon: an alternative FPA-free NTRU sampler for Falcon" there

memsan gtest compilation fails

Only on memsan branch and clang 11.0

[ 12%] Building CXX object googletest/CMakeFiles/gtest.dir/src/gtest-all.cc.o
In file included from /home/kris/repos/pqc/3rd/gtest/googletest/src/gtest-all.cc:38:
In file included from /home/kris/repos/pqc/3rd/gtest/googletest/include/gtest/gtest.h:57:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/memory:670:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/typeinfo:61:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/exception:81:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/__memory/base.h:14:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/__debug:14:
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/iosfwd:219:14: error: use of undeclared identifier 'mbstate_t'
typedef fpos<mbstate_t>    streampos;
             ^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/iosfwd:220:14: error: use of undeclared identifier 'mbstate_t'
typedef fpos<mbstate_t>    wstreampos;
             ^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/iosfwd:225:14: error: use of undeclared identifier 'mbstate_t'
typedef fpos<mbstate_t>    u16streampos;
             ^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/iosfwd:226:14: error: use of undeclared identifier 'mbstate_t'
typedef fpos<mbstate_t>    u32streampos;
             ^
In file included from /home/kris/repos/pqc/3rd/gtest/googletest/src/gtest-all.cc:38:
In file included from /home/kris/repos/pqc/3rd/gtest/googletest/include/gtest/gtest.h:57:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/memory:670:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/typeinfo:61:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/exception:83:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:85:
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/stdlib.h:142:34: error: unknown type name 'ldiv_t'
inline _LIBCPP_INLINE_VISIBILITY ldiv_t div(long __x, long __y) _NOEXCEPT {
                                 ^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/stdlib.h:143:12: error: no member named 'ldiv' in the global namespace
  return ::ldiv(__x, __y);
         ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/stdlib.h:146:34: error: unknown type name 'lldiv_t'
inline _LIBCPP_INLINE_VISIBILITY lldiv_t div(long long __x,
                                 ^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/stdlib.h:148:12: error: no member named 'lldiv' in the global namespace
  return ::lldiv(__x, __y);
         ~~^
In file included from /home/kris/repos/pqc/3rd/gtest/googletest/src/gtest-all.cc:38:
In file included from /home/kris/repos/pqc/3rd/gtest/googletest/include/gtest/gtest.h:57:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/memory:670:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/typeinfo:61:
In file included from /home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/exception:83:
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:100:9: error: no member named 'div_t' in the global namespace
using ::div_t;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:101:9: error: no member named 'ldiv_t' in the global namespace
using ::ldiv_t;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:103:9: error: no member named 'lldiv_t' in the global namespace
using ::lldiv_t;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:105:9: error: no member named 'atof' in the global namespace
using ::atof;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:106:9: error: no member named 'atoi' in the global namespace
using ::atoi;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:107:9: error: no member named 'atol' in the global namespace
using ::atol;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:109:9: error: no member named 'atoll' in the global namespace
using ::atoll;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:111:9: error: no member named 'strtod' in the global namespace
using ::strtod;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:112:9: error: no member named 'strtof' in the global namespace
using ::strtof;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:113:9: error: no member named 'strtold' in the global namespace
using ::strtold;
      ~~^
/home/kris/repos/pqc/build.msan/3rd/llvm-project/usr/local/include/c++/v1/cstdlib:114:9: error: no member named 'strtol' in the global namespace
using ::strtol;
      ~~^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make[5]: *** [googletest/CMakeFiles/gtest.dir/build.make:82: googletest/CMakeFiles/gtest.dir/src/gtest-all.cc.o] Error 1
make[5]: Leaving directory '/home/kris/repos/pqc/build.msan/3rd/gtest/src/gtest_project-build'
make[4]: *** [CMakeFiles/Makefile2:219: googletest/CMakeFiles/gtest.dir/all] Error 2
make[4]: Leaving directory '/home/kris/repos/pqc/build.msan/3rd/gtest/src/gtest_project-build'
make[3]: *** [Makefile:160: all] Error 2
make[3]: Leaving directory '/home/kris/repos/pqc/build.msan/3rd/gtest/src/gtest_project-build'
make[2]: *** [CMakeFiles/gtest_project.dir/build.make:133: 3rd/gtest/src/gtest_project-stamp/gtest_project-build] Error 2
make[2]: Leaving directory '/home/kris/repos/pqc/build.msan'
make[1]: *** [CMakeFiles/Makefile2:2806: CMakeFiles/gtest_project.dir/all] Error 2
make[1]: Leaving directory '/home/kris/repos/pqc/build.msan'
make: *** [Makefile:152: all] Error 2

SPHINCS: remove SHA-256 option

That's because of "The two attacks related to SHA-256-based parameters claiming category 5 security will need to be carefully considered when selecting which parameters of SPHINCS+ to
standardize. In both cases, the underlying issue is that, due to its 256-bit internal state,
SHA-256 is not well designed to provide more than category 2 security in a wide variety of
circumstances. While some applications of SHA-256 do appear to provide more security
strength than this, gaining confidence in a SHA-256-based construction claiming more than
category 2 security will require a security proof that explicitly considers that SHA-256 is
a Merkle-Damg ̊ard hash with a Davies-Meyer compression function. The existing security
proof for SPHINCS+ does not analyze the internal structure of the hash functions it uses.
Ignoring the internal structure of the hash function is better motivated for the SHAKE256
parameter sets, due to results such as [254]."

See also
"Bertoni G, Daemen J, Peeters M, Van Assche G (2008) On the indifferentiability of
the sponge construction. Advances in Cryptology – EUROCRYPT 2008, ed Smart N
(Springer Berlin Heidelberg, Berlin, Heidelberg), pp 181–197."

It doesn't compile for arm

See arm branch to get an idea of what to do to make it compile