Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add MAYO signature scheme from NIST onramp #1707

Merged
merged 24 commits into from
Jul 13, 2024
Merged
Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
e173fa2
- Initial import of onramp candidate MAYO
bhess Jan 16, 2024
0c064ab
fix aes ossl
bhess May 8, 2024
47a2242
disable mayo per default in zephyr
bhess May 8, 2024
e79eefd
zephyr config update
bhess May 8, 2024
6507528
add ct-tests [skip ci]
bhess May 9, 2024
fac73d8
Add NIST_SIG_ONRAMP option and add AES128_CTR tests
bhess May 9, 2024
e46ff56
Sync copy_from_upstream, remove unsed functions, fix typos
bhess May 9, 2024
8caa74e
Remove unused function
bhess May 9, 2024
d445103
update after upstream merge
bhess May 12, 2024
ea5a711
dummy change [trigger downstream]
bhess May 14, 2024
6514a48
release-test with sign-off message [trigger downstream]
bhess May 14, 2024
8616be5
Better exiting if nullptr & replace some asserts in aes_ossl.c
bhess May 24, 2024
3f84dd8
fix KAT order
bhess May 28, 2024
03b6cb4
disable mayo_5 in zephyr
bhess May 28, 2024
33164c4
remove comments & zephyr build fix
bhess May 30, 2024
fcd81af
zephyr build fix
bhess May 30, 2024
9d2bc83
Add MAYO_5 to NIST_SIG_ONRAMP algorithms
bhess Jul 8, 2024
63b0fc8
Add --formula tag to fix brew errors
bhess Jul 8, 2024
ca5d956
remove PQC_AES128_STATESIZE macro [trigger downstream]
bhess Jul 10, 2024
b2260b6
MAYO naming convention update: - instead of _ [trigger downstream]
bhess Jul 11, 2024
2223225
Merge branch 'main' into bhe-nibbling-mayo
bhess Jul 11, 2024
c12c293
update after merge [trigger downstream]
bhess Jul 11, 2024
2dff07f
presistent spec version (trigger again) [trigger downstream]
bhess Jul 12, 2024
ef7fde5
Add missing runner to ubuntu.yml
bhess Jul 13, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .CMake/alg_support.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,12 @@ cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_192f_simple "" ON "OQS_ENABL
cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_192s_simple "" ON "OQS_ENABLE_SIG_SPHINCS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_256f_simple "" ON "OQS_ENABLE_SIG_SPHINCS" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_sphincs_shake_256s_simple "" ON "OQS_ENABLE_SIG_SPHINCS" OFF)

option(OQS_ENABLE_SIG_MAYO "Enable mayo algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_1 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_2 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_3 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_mayo_5 "" ON "OQS_ENABLE_SIG_MAYO" OFF)
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_END

if((OQS_MINIMAL_BUILD STREQUAL "ON"))
Expand All @@ -184,6 +190,8 @@ elseif (${OQS_ALGS_ENABLED} STREQUAL "STD")
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_LIST_STANDARDIZED_ALGS_END
elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_R4")
filter_algs("KEM_classic_mceliece_348864;KEM_classic_mceliece_348864f;KEM_classic_mceliece_460896;KEM_classic_mceliece_460896f;KEM_classic_mceliece_6688128;KEM_classic_mceliece_6688128f;KEM_classic_mceliece_6960119;KEM_classic_mceliece_6960119f;KEM_classic_mceliece_8192128;KEM_classic_mceliece_8192128f;KEM_hqc_128;KEM_hqc_192;KEM_hqc_256;KEM_bike_l1;KEM_bike_l3;KEM_bike_l5")
elseif(${OQS_ALGS_ENABLED} STREQUAL "NIST_SIG_ONRAMP")
filter_algs("SIG_mayo_1;SIG_mayo_2;SIG_mayo_3;SIG_mayo_5")
else()
message(STATUS "Alg enablement unchanged")
endif()
Expand Down Expand Up @@ -495,6 +503,31 @@ if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
endif()
endif()


if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_1_avx2 "" ON "OQS_ENABLE_SIG_mayo_1" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_2_avx2 "" ON "OQS_ENABLE_SIG_mayo_2" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_3_avx2 "" ON "OQS_ENABLE_SIG_mayo_3" OFF)
endif()
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
cmake_dependent_option(OQS_ENABLE_SIG_mayo_5_avx2 "" ON "OQS_ENABLE_SIG_mayo_5" OFF)
endif()
endif()

##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_END

option(OQS_ENABLE_SIG_STFL_XMSS "Enable XMSS algorithm family" OFF)
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ on:

jobs:
oqs-provider-release-test:
if: github.event_name == 'release' || endsWith( github.event.head_commit.message, '[trigger downstream]' )
if: github.event_name == 'release' || contains( github.event.head_commit.message, '[trigger downstream]' )
runs-on: ubuntu-latest
steps:
- name: Checkout release tests script
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/unix.yml
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,10 @@ jobs:
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: focal-nistonramp-openssl
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- name: jammy-std-openssl3
runner: ubuntu-latest
container: openquantumsafe/ci-ubuntu-jammy:latest
Expand Down Expand Up @@ -256,7 +260,7 @@ jobs:
- name: Install dependencies
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --require-hashes --break-system-packages -r .github/workflows/requirements.txt
- name: Patch GCC
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew uninstall --ignore-dependencies gcc@13 && wget https://raw.githubusercontent.com/Homebrew/homebrew-core/eb6dd225d093b66054e18e07d56509cf670793b1/Formula/g/gcc%4013.rb && env HOMEBREW_NO_AUTO_UPDATE=1 brew install --ignore-dependencies gcc@13.rb
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew uninstall --ignore-dependencies gcc@13 && wget https://raw.githubusercontent.com/Homebrew/homebrew-core/eb6dd225d093b66054e18e07d56509cf670793b1/Formula/g/gcc%4013.rb && env HOMEBREW_NO_AUTO_UPDATE=1 brew install --ignore-dependencies --formula gcc@13.rb
- name: Get system information
run: sysctl -a | grep machdep.cpu
- name: Configure
Expand Down
3 changes: 3 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,9 @@ endif()
if(OQS_ENABLE_SIG_SPHINCS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sphincs/sig_sphincs.h)
endif()
if(OQS_ENABLE_SIG_MAYO)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/mayo/sig_mayo.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
if(OQS_ENABLE_SIG_STFL_XMSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)
Expand Down
4 changes: 2 additions & 2 deletions CONFIGURE.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,9 @@ For a full list of such options and their default values, consult [.CMake/alg_su

## OQS_ALGS_ENABLED

A selected algorithm set is enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`; e.g., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl).
A selected algorithm set is enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "NIST_SIG_ONRAMP" selecting algorithms evaluated in the NIST PQC "onramp" standardization for additional signature schemes; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`; e.g., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl).

**Attention**: If you use any predefined value (`STD` or `NIST_R4` as of now) for this variable, the values added via [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG) variables will be ignored.
**Attention**: If you use any predefined value (`STD` or `NIST_R4` or `NIST_SIG_ONRAMP` as of now) for this variable, the values added via [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG) variables will be ignored.

**Default**: `All`.

Expand Down
1 change: 0 additions & 1 deletion PLATFORMS.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,3 @@ In this policy, the words "must" and "must not" specify absolute requirements th
- x86 for Windows (Visual Studio Toolchain)
- ppc64le for Ubuntu (Focal)
- s390x for Ubuntu (Focal)

2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START -->
- **CRYSTALS-Dilithium**: Dilithium2, Dilithium3, Dilithium5
- **Falcon**: Falcon-512, Falcon-1024, Falcon-padded-512, Falcon-padded-1024
- **MAYO**: MAYO-1, MAYO-2, MAYO-3, MAYO-5†
- **ML-DSA**: ML-DSA-44-ipd (alias: ML-DSA-44), ML-DSA-65-ipd (alias: ML-DSA-65), ML-DSA-87-ipd (alias: ML-DSA-87)
- **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple
- **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
Expand Down Expand Up @@ -197,6 +198,7 @@ liboqs includes some third party libraries or modules that are licensed differen
- `src/sig/dilithium/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/dilithium/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
- src/sig/falcon/pqclean_\*\_aarch64 : Apache License v2.0
- `src/sig/mayo/*`: Apache License v2.0
- `src/sig/ml_dsa/pqcrystals-*`: public domain (CC0) or Apache License v2.0
- `src/sig/sphincs/pqclean_*`: CC0 (public domain)

Expand Down
62 changes: 62 additions & 0 deletions docs/algorithms/sig/mayo.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# MAYO

- **Algorithm type**: Digital signature scheme.
- **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
- **Principal submitters**: Ward Beullens, Fabio Campos, Sofía Celi, Basil Hess, Matthias J. Kannwischer.
- **Authors' website**: https://pqmayo.org
- **Specification version**: https://eprint.iacr.org/2023/1683.
baentsch marked this conversation as resolved.
Show resolved Hide resolved
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQCMayo/MAYO-C/commit/cde2675ff404b0ae070e7dbc3d962ea0b026a81e with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: Apache-2.0


## Parameter set summary

| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
| MAYO-1 | NA | EUF-CMA | 1 | 1168 | 24 | 321 |
| MAYO-2 | NA | EUF-CMA | 1 | 5488 | 24 | 180 |
| MAYO-3 | NA | EUF-CMA | 3 | 2656 | 32 | 577 |
| MAYO-5 | NA | EUF-CMA | 5 | 5008 | 40 | 838 |

## MAYO-1 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.

## MAYO-2 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

## MAYO-3 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

## MAYO-5 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | opt | All | All | None | True | True | False |
| [Primary Source](#primary-source) | avx2 | x86\_64 | Darwin,Linux | AVX2 | True | True | True |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

## Explanation of Terms

- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
143 changes: 143 additions & 0 deletions docs/algorithms/sig/mayo.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
name: MAYO
type: signature
principal-submitters:
- Ward Beullens
- Fabio Campos
- Sofía Celi
- Basil Hess
- Matthias J. Kannwischer
crypto-assumption: multivariable quadratic equations, oil and vinegar
website: https://pqmayo.org
nist-round: 1
spec-version: https://eprint.iacr.org/2023/1683
primary-upstream:
source: https://github.com/PQCMayo/MAYO-C/commit/cde2675ff404b0ae070e7dbc3d962ea0b026a81e
with copy_from_upstream patches
spdx-license-identifier: Apache-2.0
parameter-sets:
- name: MAYO-1
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 1168
length-secret-key: 24
length-signature: 321
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: MAYO-2
claimed-nist-level: 1
claimed-security: EUF-CMA
length-public-key: 5488
length-secret-key: 24
length-signature: 180
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: MAYO-3
claimed-nist-level: 3
claimed-security: EUF-CMA
length-public-key: 2656
length-secret-key: 32
length-signature: 577
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- name: MAYO-5
claimed-nist-level: 5
claimed-security: EUF-CMA
length-public-key: 5008
length-secret-key: 40
length-signature: 838
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream: primary-upstream
upstream-id: opt
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: false
- upstream: primary-upstream
upstream-id: avx2
supported-platforms:
- architecture: x86_64
operating_systems:
- Darwin
- Linux
required_flags:
- avx2
common-crypto:
- SHA3: liboqs
- AES: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
large-stack-usage: true
Loading
Loading