Skip to content

Commit

Permalink
Import ML-KEM from mlkem-native/PQ code package (#2041)
Browse files Browse the repository at this point in the history 
* Integrate ML-KEM from mlkem-native [full tests] [extended tests]

---------

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
  • Loading branch information
@bhess
bhess authored Feb 4, 2025
1 parent 47612ee commit a554b36
Show file tree
Hide file tree
Showing 530 changed files with 80,606 additions and 16,794 deletions.
31 changes: 28 additions & 3 deletions .CMake/alg_support.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ function(filter_algs alglist)
string(REPLACE "_aesni" "" _var_base ${_var})
string(REPLACE "_avx2" "" _var_base ${_var_base})
string(REPLACE "_avx" "" _var_base ${_var_base})
string(REPLACE "_x86_64" "" _var_base ${_var_base})
string(REPLACE "_aarch64" "" _var_base ${_var_base})
foreach (_alg ${ARGV0})
if(${_var}_AVAILABLE)
Expand Down Expand Up @@ -334,7 +335,15 @@ endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_x86_64 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS)))

cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_aarch64 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)

endif()
endif()

Expand All @@ -346,7 +355,15 @@ endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_x86_64 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS)))

cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_aarch64 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)

endif()
endif()

Expand All @@ -358,7 +375,15 @@ endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_x86_64 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEON_INSTRUCTIONS)))

cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_aarch64 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)

endif()
endif()

Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ liboqs includes some third party libraries or modules that are licensed differen
- `src/kem/kyber/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/kem/kyber/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- `src/kem/kyber/libjade_*` public domain (CC0) or Apache License v2.
- `src/kem/ml_kem/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/kem/ml_kem/mlkem-native_*`: Apache License v2.0
- `src/sig/dilithium/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/dilithium/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- src/sig/falcon/pqclean_\*\_aarch64 : Apache License v2.0
Expand Down
13 changes: 8 additions & 5 deletions docs/algorithms/kem/ml_kem.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@
- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
- **Specification version**: ML-KEM.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd with copy_from_upstream patches
- **Source**: https://github.com/pq-code-package/mlkem-native/commit/3f1b9fc214a3c3f18e88b144f68814ea7ae88625 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd with copy_from_upstream patches
- **Optimized Implementation sources**: https://github.com/pq-code-package/mlkem-native/commit/3f1b9fc214a3c3f18e88b144f68814ea7ae88625 with copy_from_upstream patches
- **cupqc-cuda**:<a name="cupqc-cuda"></a>
- **Source**: https://github.com/praveksharma/cupqc-mlkem/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
- **Implementation license (SPDX-Identifier)**: Apache-2.0
Expand All @@ -28,7 +28,8 @@
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.
Expand All @@ -40,7 +41,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.
Expand All @@ -50,7 +52,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | ref | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | x86\_64 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| [Primary Source](#primary-source) | aarch64 | ARM64\_V8 | Linux,Darwin | None | True | False | False |
| [cupqc-cuda](#cupqc-cuda) | cuda | CUDA | Linux,Darwin | None | False | False | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.
Expand Down
44 changes: 40 additions & 4 deletions docs/algorithms/kem/ml_kem.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
nist-round: FIPS203
spec-version: ML-KEM
primary-upstream:
source: https://github.com/pq-crystals/kyber/commit/10b478fc3cc4ff6215eb0b6a11bd758bf0929cbd
source: https://github.com/pq-code-package/mlkem-native/commit/3f1b9fc214a3c3f18e88b144f68814ea7ae88625
with copy_from_upstream patches
spdx-license-identifier: CC0-1.0 or Apache-2.0
optimized-upstreams:
Expand All @@ -43,7 +43,7 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
Expand All @@ -58,6 +58,18 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
Expand Down Expand Up @@ -86,7 +98,7 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
Expand All @@ -101,6 +113,18 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
Expand Down Expand Up @@ -129,7 +153,7 @@ parameter-sets:
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
upstream-id: x86_64
supported-platforms:
- architecture: x86_64
operating_systems:
Expand All @@ -144,6 +168,18 @@ parameter-sets:
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: aarch64
supported-platforms:
- architecture: ARM64_V8
operating_systems:
- Linux
- Darwin
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
- upstream: cupqc-cuda
upstream-id: cuda
supported-platforms:
Expand Down
95 changes: 88 additions & 7 deletions docs/cbom.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,23 @@
"$schema": "https://raw.githubusercontent.com/CycloneDX/specification/1.6/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:de1355bb-9681-4a7e-8aa9-0ccc414ebe3b",
"serialNumber": "urn:uuid:11c99519-c4e5-4517-8016-4932140dd322",
"version": 1,
"metadata": {
"timestamp": "2024-11-05T12:25:53.012740+00:00",
"timestamp": "2025-01-22T14:42:21.903424+00:00",
"component": {
"type": "library",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@69a80f8a66988521d51e94d716cff8c936c07b8d",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@af4928dddde853579f8a16a488cf3e142f177979",
"name": "liboqs",
"version": "69a80f8a66988521d51e94d716cff8c936c07b8d"
"version": "af4928dddde853579f8a16a488cf3e142f177979"
}
},
"components": [
{
"type": "library",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@69a80f8a66988521d51e94d716cff8c936c07b8d",
"bom-ref": "pkg:github/open-quantum-safe/liboqs@af4928dddde853579f8a16a488cf3e142f177979",
"name": "liboqs",
"version": "69a80f8a66988521d51e94d716cff8c936c07b8d"
"version": "af4928dddde853579f8a16a488cf3e142f177979"
},
{
"type": "cryptographic-asset",
Expand Down Expand Up @@ -1080,6 +1080,26 @@
}
}
},
{
"type": "cryptographic-asset",
"bom-ref": "alg:ML-KEM-512:armv8-a",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"parameterSetIdentifier": "ML-KEM-512",
"primitive": "kem",
"executionEnvironment": "software-plain-ram",
"cryptoFunctions": [
"keygen",
"encapsulate",
"decapsulate"
],
"nistQuantumSecurityLevel": 1,
"implementationPlatform": "armv8-a"
}
}
},
{
"type": "cryptographic-asset",
"bom-ref": "alg:ML-KEM-768:generic",
Expand Down Expand Up @@ -1120,6 +1140,26 @@
}
}
},
{
"type": "cryptographic-asset",
"bom-ref": "alg:ML-KEM-768:armv8-a",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"parameterSetIdentifier": "ML-KEM-768",
"primitive": "kem",
"executionEnvironment": "software-plain-ram",
"cryptoFunctions": [
"keygen",
"encapsulate",
"decapsulate"
],
"nistQuantumSecurityLevel": 3,
"implementationPlatform": "armv8-a"
}
}
},
{
"type": "cryptographic-asset",
"bom-ref": "alg:ML-KEM-1024:generic",
Expand Down Expand Up @@ -1160,6 +1200,26 @@
}
}
},
{
"type": "cryptographic-asset",
"bom-ref": "alg:ML-KEM-1024:armv8-a",
"name": "ML-KEM",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"parameterSetIdentifier": "ML-KEM-1024",
"primitive": "kem",
"executionEnvironment": "software-plain-ram",
"cryptoFunctions": [
"keygen",
"encapsulate",
"decapsulate"
],
"nistQuantumSecurityLevel": 5,
"implementationPlatform": "armv8-a"
}
}
},
{
"type": "cryptographic-asset",
"bom-ref": "alg:sntrup761:generic",
Expand Down Expand Up @@ -3127,7 +3187,7 @@
],
"dependencies": [
{
"ref": "pkg:github/open-quantum-safe/liboqs@69a80f8a66988521d51e94d716cff8c936c07b8d",
"ref": "pkg:github/open-quantum-safe/liboqs@af4928dddde853579f8a16a488cf3e142f177979",
"provides": [
"alg:BIKE-L1:x86_64",
"alg:BIKE-L3:x86_64",
Expand Down Expand Up @@ -3182,10 +3242,13 @@
"alg:Kyber1024:armv8-a",
"alg:ML-KEM-512:generic",
"alg:ML-KEM-512:x86_64",
"alg:ML-KEM-512:armv8-a",
"alg:ML-KEM-768:generic",
"alg:ML-KEM-768:x86_64",
"alg:ML-KEM-768:armv8-a",
"alg:ML-KEM-1024:generic",
"alg:ML-KEM-1024:x86_64",
"alg:ML-KEM-1024:armv8-a",
"alg:sntrup761:generic",
"alg:sntrup761:x86_64",
"alg:cross-rsdp-128-balanced:generic",
Expand Down Expand Up @@ -3611,6 +3674,12 @@
"alg:sha3"
]
},
{
"ref": "alg:ML-KEM-512:armv8-a",
"dependsOn": [
"alg:sha3"
]
},
{
"ref": "alg:ML-KEM-768:generic",
"dependsOn": [
Expand All @@ -3623,6 +3692,12 @@
"alg:sha3"
]
},
{
"ref": "alg:ML-KEM-768:armv8-a",
"dependsOn": [
"alg:sha3"
]
},
{
"ref": "alg:ML-KEM-1024:generic",
"dependsOn": [
Expand All @@ -3635,6 +3710,12 @@
"alg:sha3"
]
},
{
"ref": "alg:ML-KEM-1024:armv8-a",
"dependsOn": [
"alg:sha3"
]
},
{
"ref": "alg:sntrup761:generic",
"dependsOn": [
Expand Down
Loading

0 comments on commit a554b36

Please sign in to comment.