Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sidh: deprecates sidh and sike packages. #359

Merged
merged 3 commits into from
Aug 8, 2022
Merged

sidh: deprecates sidh and sike packages. #359

merged 3 commits into from
Aug 8, 2022

Conversation

armfazh
Copy link
Contributor

@armfazh armfazh commented Aug 3, 2022

DEPRECATION NOTICE

SIDH and SIKE are deprecated as were shown vulnerable to a key recovery attack by Castryck-Decru's paper (https://eprint.iacr.org/2022/975). New systems should not rely on this package. This package is frozen.

Changes:

  • package /circl/dh/sidh is deprecated and frozen.
  • package /circl/kem/sike is deprecated and frozen.
  • package /circl/kem/schemes removes sike from the registry.

@armfazh armfazh added deprecated changesAPI PR changes the API of a package labels Aug 3, 2022
@armfazh armfazh self-assigned this Aug 3, 2022
Copy link
Contributor

@cjpatton cjpatton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:(

dh/sidh/doc.go Show resolved Hide resolved
kem/sike/doc.go Show resolved Hide resolved
//
// SIDH and SIKE are deprecated as were shown vulnerable to a key recovery
// attack by Castryck-Decru's paper (https://eprint.iacr.org/2022/975). New
// systems should not rely on this package. This package is frozen.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By "frozen" I suppose you mean that maintenance has stopped and bug fixes won't be considered? Consider saying this explicitly.

Copy link
Member

@bwesterb bwesterb Aug 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, there is a small possibility that there will be a fix to SIKE. Although they might call it something else as the changes will be big.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's frozen in the sense that it's preserved for historical reasons and to indicate people should not use it to secure any system.
Bugs can still appear at anytime in software for many different reasons.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also there is still code implementing field arithmetic which can be (re)used for other purposes.

kem/sike/sikep434/sike.go Show resolved Hide resolved
kem/sike/templates/pkg.templ.go Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
armfazh added 3 commits August 4, 2022 13:23
A key recovery attack was shown by Castryck-Decru's paper
(https://eprint.iacr.org/2022/975) breaking the security of
current SIDH and SIKE algorithms.
@armfazh armfazh merged commit 8577631 into main Aug 8, 2022
@armfazh armfazh deleted the warnSIDH branch August 8, 2022 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
changesAPI PR changes the API of a package deprecated
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants