-
Notifications
You must be signed in to change notification settings - Fork 484
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Latest updates to ML-DSA are not implemented yet #1850
Comments
The NIST draft standard versions are included in the latest release of liboqs. They are referred to as ML-KEM and ML-DSA (the NIST names), rather than Kyber and Dilithium. OQS additionally continues to support the Round 3 versions of Kyber and Dilithium under their old names. |
Please note that one more change is decided upon that is not yet in liboqs: See the patch in [1]. When I revert this patch in leancrypto, both implementations calculate the same signature. However, please note that the NIST reference implementation already contains the change stipulated in [1] as I tested leancrypto against the NIST reference implementation via the ACVP interface [2] using the ACVP parser [3]. [1] smuellerDD/leancrypto@3a51337 |
Which OQS sig alg did you use in your test? ML-SIG or the old (IMO deprecated) Dilithium? |
I used ML-DSA-87 with the tool kat_sig.CiaoStephan—Cui bono?Am 21.07.2024 um 15:32 schrieb Michael Baentsch ***@***.***>:
Which OQS sig alg did you use in your test? ML-SIG or the old (IMO deprecated) Dilithium?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
Thanks for letting us know about this, @smuellerDD. I don't think any of the liboqs team were aware that NIST had updated the implementation on the ACVP server. (Here is the source code change as an FYI for other readers.) As far as I can tell, the FIPS draft has not yet been updated. To this point, we've followed the lead of the PQ-Crystals team and pulled in changes when they land in the upstream repo. @bhess do you know what their plans are with regards to this update? Also tagging @dstebila so he's aware of this issue. |
Am Montag, 22. Juli 2024, 14:23:41 MESZ schrieb Spencer Wilson:
Hi Spencer,
Thanks for letting us know about this, @smuellerDD. I don't think any of the
liboqs team were aware that NIST had updated the implementation on the ACVP
server. (Here is [the source code
change](https://github.com/usnistgov/ACVP-Server/blob/8b2204159c1b31a3202ff
415cc7a9e1058c35fc5/gen-val/src/crypto/src/NIST.CVP.ACVTS.Libraries.Crypto/D
ilithium/Dilithium.cs#L218) as an FYI for other readers.) As far as I can
tell, the FIPS draft has not yet been updated.
To this point, we've followed the lead of the PQ-Crystals team and pulled in
changes when they land in the upstream repo. @bhess do you know what their
plans are with regards to this update?
Also tagging @dstebila so he's aware of this issue.
Just for the records: I am working closely with the NIST team and thus got the
information directly from them. Their update is documented in [1]. This issue
also contains the confirmation that my code matches their implementation.
[1] usnistgov/ACVP-Server#332
Ciao
Stephan
|
Thanks for the pointer @smuellerDD. It looks like the change in SampleInBall is related to the changes announced in the post on the pqc-forum: In my view we would update the implementation once the final FIPS versions are published. I'd assume the upstream pq-crystals implementation will be updated at this point. |
Am Montag, 22. Juli 2024, 14:38:32 MESZ schrieb Basil Hess:
While we are the discussion of consistency with the specification, the
mandatory input validation as define in ML-KEM ipd section 6.2 also seems to
be missing. At least the modulus check should be added assuming the other
check as well as the check required in 6.3 are implicit due to the used
variable types.
One suggested implementation can be found in [1].
Do you want me to open a new issue for that?
[1] https://github.com/smuellerDD/leancrypto/blob/master/kem/src/
kyber_kem_input_validation.h#L61
Ciao
Stephan
|
As I understand to conform to latest ML-DSA KAT:
->
|
The first standards were recently finalized |
Tracked in #1891. |
Describe the bug
Looks like NIST has updated the parameters for Dilithium and Kyber which is still not implemented in the OQS.
Please refer below link from atsec
https://atsec-information-security.blogspot.com/2023/11/pqc-kyber-and-dilithium-state-of-draft.html
If that is true and If NIST has already made the changes for Its ACVP demo server , is there any plan to incorporate these changes in OQS anytime soon ?
The text was updated successfully, but these errors were encountered: