Skip to content

Commit a3a66b1

Browse files
odeode
committed
Update docs and KATs
- Updated docs/algorithms/kem/frodokem.yml - Autogenerated doc changes with scripts/update_docs_from_yaml.py - Updated github workflow for kem benchmarks - Formatted src/kem/kem.c to be in line with astyle - Added KATs for FrodoKEM, Renamed older KATs to eFrodoKEM - Updated CBOM Signed-off-by: Harshith Vasireddy <vasire@aol.com>
1 parent a3f7ff9 commit a3a66b1

File tree

7 files changed

+687
-39
lines changed

7 files changed

+687
-39
lines changed

.github/workflows/kem-bench.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,13 @@ jobs:
7777
"FrodoKEM-976-AES",
7878
"FrodoKEM-976-SHAKE",
7979
"FrodoKEM-1344-AES",
80-
"FrodoKEM-1344-SHAKE"
80+
"FrodoKEM-1344-SHAKE",
81+
"eFrodoKEM-640-AES",
82+
"eFrodoKEM-640-SHAKE",
83+
"eFrodoKEM-976-AES",
84+
"eFrodoKEM-976-SHAKE",
85+
"eFrodoKEM-1344-AES",
86+
"eFrodoKEM-1344-SHAKE"
8187
]
8288
max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
8389

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
6060
|:-------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------|
6161
| BIKE | Not selected by [NIST](https://bikesuite.org/files/v5.1/BIKE_Spec.2022.10.10.1.pdf) | [`awslabs/bike-kem`](https://github.com/awslabs/bike-kem) |
6262
| Classic McEliece | Under [ISO](https://classic.mceliece.org/iso.html) consideration | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
63-
| FrodoKEM | Under [ISO](https://frodokem.org/) consideration | [`microsoft/PQCrypto-LWEKE@b6609d3`](https://github.com/microsoft/PQCrypto-LWEKE/commit/b6609d30a9982318d7f2937aa3c7b92147b917a2) |
63+
| FrodoKEM | Under [ISO](https://frodokem.org/) consideration | [`microsoft/PQCrypto-LWEKE@a2f9dec`](https://github.com/microsoft/PQCrypto-LWEKE/commit/a2f9dec8917ccc3464b3378d46b140fa7353320d) |
6464
| HQC | Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf) for upcoming standardization | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
6565
| Kyber | Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Kyber-Round3.zip) as basis for ML-KEM (FIPS 203) | [`pq-crystals/kyber@441c051`](https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc) |
6666
| ML-KEM | Standardized by [NIST](https://csrc.nist.gov/pubs/fips/203/final) | [`pq-code-package/mlkem-native@048fc2a`](https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa) |

docs/algorithms/kem/frodokem.md

Lines changed: 70 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,22 +4,28 @@
44
- **Main cryptographic assumption**: learning with errors (LWE).
55
- **Principal submitters**: Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, Douglas Stebila.
66
- **Authors' website**: https://frodokem.org/
7-
- **Specification version**: NIST Round 3 submission.
7+
- **Specification version**: ISO Preliminary Standardization Proposal - 2023/03/14
88
- **Primary Source**<a name="primary-source"></a>:
9-
- **Source**: https://github.com/microsoft/PQCrypto-LWEKE/commit/b6609d30a9982318d7f2937aa3c7b92147b917a2
9+
- **Source**: https://github.com/microsoft/PQCrypto-LWEKE/commit/a2f9dec8917ccc3464b3378d46b140fa7353320d
1010
- **Implementation license (SPDX-Identifier)**: MIT
1111

1212

1313
## Parameter set summary
1414

15-
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
16-
|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
17-
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | NA |
18-
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | NA |
19-
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | NA |
20-
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | NA |
21-
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | NA |
22-
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | NA |
15+
| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
16+
|:--------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
17+
| FrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9752 | 16 | NA | NA |
18+
| FrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9752 | 16 | NA | NA |
19+
| FrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15792 | 24 | NA | NA |
20+
| FrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15792 | 24 | NA | NA |
21+
| FrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21696 | 32 | NA | NA |
22+
| FrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21696 | 32 | NA | NA |
23+
| eFrodoKEM-640-AES | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | NA |
24+
| eFrodoKEM-640-SHAKE | NA | IND-CCA2 | 1 | 9616 | 19888 | 9720 | 16 | NA | NA |
25+
| eFrodoKEM-976-AES | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | NA |
26+
| eFrodoKEM-976-SHAKE | NA | IND-CCA2 | 3 | 15632 | 31296 | 15744 | 24 | NA | NA |
27+
| eFrodoKEM-1344-AES | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | NA |
28+
| eFrodoKEM-1344-SHAKE | NA | IND-CCA2 | 5 | 21520 | 43088 | 21632 | 32 | NA | NA |
2329

2430
## FrodoKEM-640-AES implementation characteristics
2531

@@ -77,6 +83,60 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
7783

7884
Are implementations chosen based on runtime CPU feature detection? **Yes**.
7985

86+
## eFrodoKEM-640-AES implementation characteristics
87+
88+
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
89+
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
90+
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
91+
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
92+
93+
Are implementations chosen based on runtime CPU feature detection? **Yes**.
94+
95+
## eFrodoKEM-640-SHAKE implementation characteristics
96+
97+
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
98+
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
99+
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
100+
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
101+
102+
Are implementations chosen based on runtime CPU feature detection? **Yes**.
103+
104+
## eFrodoKEM-976-AES implementation characteristics
105+
106+
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
107+
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
108+
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
109+
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
110+
111+
Are implementations chosen based on runtime CPU feature detection? **Yes**.
112+
113+
## eFrodoKEM-976-SHAKE implementation characteristics
114+
115+
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
116+
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
117+
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
118+
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
119+
120+
Are implementations chosen based on runtime CPU feature detection? **Yes**.
121+
122+
## eFrodoKEM-1344-AES implementation characteristics
123+
124+
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
125+
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
126+
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
127+
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
128+
129+
Are implementations chosen based on runtime CPU feature detection? **Yes**.
130+
131+
## eFrodoKEM-1344-SHAKE implementation characteristics
132+
133+
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
134+
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
135+
| [Primary Source](#primary-source) | master | All | All | None | True | True | False |
136+
| [Primary Source](#primary-source) | master | x86\_64 | Linux,Darwin,Windows | AVX2 | True | True | False |
137+
138+
Are implementations chosen based on runtime CPU feature detection? **Yes**.
139+
80140
## Explanation of Terms
81141

82142
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

0 commit comments

Comments
 (0)