Releases: open-quantum-safe/liboqs
liboqs version 0.9.2 release candidate 1
liboqs version 0.9.2-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 1 of version 0.9.2 of liboqs. It was released on January 11, 2024.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@272125f
What's New
This release continues from the 0.9.1 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation updated
Detailed changelog
- Pull Kyber division fixes from PQ-Crystals into dev-092 by @praveksharma in #1652
Full Changelog: 0.9.1...0.9.2-rc1
Contributors
Assets 2
liboqs version 0.9.1
liboqs version 0.9.1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.9.1 of liboqs. It was released on December 22, 2023.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@dda29cc
What's New
This release continues from the 0.9.0 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation updated
Detailed changelog
- pull kyber from upstream: dda29cc63af721981ee2c831cf00822e69be3220 (#1631) by @dstebila in #1633
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue -> targeting 0.9.1 by @bhess in #1637
Full Changelog: 0.9.0...0.9.1
Contributors
Assets 2
liboqs version 0.9.1 release candidate 1
liboqs version 0.9.1-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 1 for version 0.9.1 of liboqs. It was released on December 19, 2023.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@dda29cc
What's New
This release continues from the 0.9.0 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation
Detailed changelog
- pull kyber from upstream: dda29cc63af721981ee2c831cf00822e69be3220 (#1631) by @dstebila in #1633
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue -> targeting 0.9.1 by @bhess in #1637
Full Changelog: 0.9.0...0.9.1-rc1
Contributors
Assets 2
liboqs version 0.9.0
liboqs version 0.9.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.9.0 of liboqs. It was released on October 12, 2023.
This release features an update to the Classic McEliece KEM, bringing it in line with NIST Round 4. It also adds or updates ARM implementations for Kyber, Dilithium, and Falcon.
What's New
This release continues from the 0.8.0 release of liboqs.
Key encapsulation mechanisms
- Classic McEliece: updated to Round 4 version.
- Kyber: aarch64 implementation updated.
Digital signature schemes
- Dilithium: aarch64 implementation updated.
- Falcon: aarch64 implementation added.
Other changes
- Update algorithm documentation
- Support compilation for Windows on ARM64, Apple mobile, and Android platforms
- Improve resilience of randombytes on Apple systems
Release call
Users of liboqs are invited to join a webinar on Thursday, November 2, 2023, from 12-1pm US Eastern time for information on this release, plans for the next release cycle, and to provide feedback on OQS usage and features.
The Zoom link for the webinar is: https://uwaterloo.zoom.us/j/98288698086
Detailed changelog
- Fix libdir value in liboqs.pc by @vt-alt in #1496
- update version and remove CCI triggers by @baentsch in #1498
- create deb package and retain as artifact by @baentsch in #1501
- README correction to docs path & additional gitignore to macos + vscode by @planetf1 in #1503
- Trigger liboqs-python CI via GitHub API by @SWilson4 in #1507
- Update Classic McEliece by @praveksharma in #1470
- update BIKE documentation by @baentsch in #1509
- kyber/dilithium aarch64 pull from pqclean + patches by @bhess in #1512
- Pull Falcon updates from PQClean by @dstebila in #1523
- Bump XCode by @baentsch in #1526
- Update Classic McEliece supression files by @praveksharma in #1527
- Bump gitpython from 3.1.30 to 3.1.32 in /scripts/copy_from_upstream by @dependabot in #1524
- ci: add CI for android by @res0nance in #1531
- re-enable armhf speed testing by @baentsch in #1535
- Bump gitpython from 3.1.32 to 3.1.34 in /scripts/copy_from_upstream by @dependabot in #1538
- Prefer arc4random on Apple platforms by @res0nance in #1544
- Bump gitpython from 3.1.34 to 3.1.35 in /scripts/copy_from_upstream by @dependabot in #1551
- Update Classic McEliece suppression files by @praveksharma in #1541
- Pull Neon implementation of Falcon from PQClean by @SWilson4 in #1547
- ci: add CI for apple mobile platforms by @res0nance in #1546
- Add Windows ARM64 support by @res0nance in #1545
- Document Falcon constant time errors by @praveksharma in #1552
- ci: github actions CI for Windows x86 and x64 by @res0nance in #1554
- build: Align VS test folder with all other Generators by @res0nance in #1557
- Fix weekly.yml to skip McEliece by @praveksharma in #1562
- Enable extensions in constant-time tests by @SWilson4 in #1567
- Update Classic McEliece supression files by @praveksharma in #1568
- liboqs 0.9.0 release candidate 1 by @SWilson4 in #1570
- add community standard documentation [skip ci] by @baentsch in #1565
- Bump gitpython from 3.1.35 to 3.1.37 in /scripts/copy_from_upstream by @dependabot in #1575
New Contributors
- @planetf1 made their first contribution in #1503
- @SWilson4 made their first contribution in #1507
- @praveksharma made their first contribution in #1470
- @res0nance made their first contribution in #1531
Full Changelog: 0.8.0...0.9.0
Contributors
Assets 2
liboqs version 0.8.0
liboqs version 0.8.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.8.0 of liboqs. It was released on June 7, 2023.
What's New
This release continues from the 0.7.2 release of liboqs.
This release features many algorithm updates, including removal of algorithms and variants no longer proceeding through NIST standardization and updates to newer versions. See the detailed list of algorithm updates below.
Key encapsulation mechanisms
- BIKE: updated to Round 4 version.
- Kyber: 90s variants were removed.
- NTRU Prime: All variants were removed, except for sntrup761.
- Saber: removed.
Digital signature schemes
- Dilithium; AES variants were removed.
- Falcon: updated to the 2023-02-07 version.
- Picnic: removed.
- Rainbow: removed.
- SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed
Other changes
- Add Cryptographic Bill of Materials (CBOM)
- Improve building on ARM platforms
- Improve performance when using OpenSSL 3 for symmetric cryptography
- Increment shared object library version
- New configure-time options for algorithm selections
- pkgconfig file now available
Known issues
- Issue #1488: 32-bit builds fail in Microsoft Visual C for Falcon AVX code
Detailed changelog
- Add missing requirements to the requirements.txt by @thb-sb in #1295
- Solve '-Wstrict-prototypes' for clang >= 15.0 by @thb-sb in #1293
- Ensure build without an executable stack (fixes #1285) by @sebastinas in #1294
- Fix typo in Picnic's NEON detection by @sebastinas in #1298
- ARM32 gcc12 build workaround by @baentsch in #1297
- Fallback code for
aligned_allocand use ofexplicit_bzeroby @sebastinas in #1300 - update version string indicating dev status by @baentsch in #1305
- addressing sig length questions by @baentsch in #1306
- Integer overflow leading to incorrect SHA3 computation by @jschanck in #1312
- Fixing OQS ARM inconsistencies by @Martyrshot in #1307
- automatically activate USE_RASPBERRY_PI define by @baentsch in #1313
- update Kyber and Dilithium from upstream by @bhess in #1316
- Remove rainbow by @xvzcf in #1321
- Removed Picnic signature scheme. by @xvzcf in #1323
- Removed NTRU-Prime. by @xvzcf in #1325
- Removed SABER. by @xvzcf in #1326
- add valgrind option by @malbert1 in #1327
- Removed NTRU. by @xvzcf in #1335
- Add ntruprime by @ryndia in #1328
- fix: initialize context after reset in ossl_sha3x4 by @bhess in #1339
- Enable algorithm filtering by @baentsch in #1333
- Revert "Enable algorithm filtering (#1333)" by @baentsch in #1351
- llvm15 update by @baentsch in #1350
- Adds CBOM for liboqs by @bhess in #1337
- Fix Doxygen Markdown failures by @dstebila in #1349
- Build dump_alg_info in tests by @dstebila in #1353
- Build Doxygen docs in whatever the CMake build directory is by @dstebila in #1357
- NIST std algs list selection enablement by @baentsch in #1355
- Config update by @baentsch in #1361
- add cpack (for .deb packages) by @baentsch in #1362
- Updated PQClean commit in
copy_from_upstream.ymlby @xvzcf in #1359 - Bump gitpython from 3.0.7 to 3.1.30 in /scripts/copy_from_upstream by @dependabot in #1354
- Fixed mismatch between YAML and markdown docs for some algorithms. by @xvzcf in #1365
- adding OpenSSL3 test; activating sanitizer test by @baentsch in #1363
- re-enabling msys2 testing after picnic is gone by @baentsch in #1373
- Use OQS_STATUS types in FrodoKEM by @dstebila in #1377
- compiler future-proofing Release builds by @baentsch in #1378
- BIKE Round-4 update by @dkostic in #1369
- Fix rendering error in Markdown by @dstebila in #1384
- Update Falcon to 20230207 by @dstebila in #1386
- Revert "Update Falcon to 20230207 (PQClean commit 96dfee95cc56207d1ec… by @baentsch in #1392
- Add full-cycle speed test by @baentsch in #1391
- update BIKE documentation by @baentsch in #1387
- correct free in test_kem/sig by @baentsch in #1399
- Copy from upstream (Kyber), add pqcrystals-* licenses to README by @bhess in #1403
- Update Falcon implementation by @thomwiggers in #1395
- adding issue template [skip ci] by @baentsch in #1410
- Copy_from_upstream: no subprocess call & update_cbom fix for CI. by @bhess in #1412
- CI test copy_from_upstream by @baentsch in #1405
- Fix constant time failure for Falcon AVX2 by @dstebila in #1415
- clarify OpenSSL config [skip ci] by @baentsch in #1429
- Make BIKE decode function void to avoid ct issues by @dkostic in #1400
- rm duped "the" in pull_request_template.md by @Rudxain in #1439
- fix "ths" typo by @Rudxain in #1438
- Generate and install pkgconfig file by @tranzystorek-io in #1435
- Initial fetching of MD and Cipher objects from OpenSSL(3) by @beldmit in #1431
- Use CMake flag for -Werror by @thomwiggers in #1444
- ...
Contributors
Assets 2
liboqs version 0.7.2
liboqs version 0.7.2
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, and post-quantum and hybrid X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.7.2 of liboqs. It was released on August 21, 2022.
Security considerations
This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately.
What's New
This release continues from the 0.7.1 release of liboqs.
The goal of this release is to provide a final release for algorithms that were included in Round 3 of the NIST Post-Quantum Standardization project. As the security status of some algorithms changed during Round 3, it drops algorithms known to be broken as of release (Rainbow level 1, SIKE). Some algorithms also updated their specification during Round 3; version 0.7.2 does not incorporate any algorithm changes that result in different input/output behaviour compared to version 0.7.1; such changes will included in version 0.8.0.
The next release of liboqs, version 0.8.0, will remove some algorithms that did not advance beyond NIST Round 3, update implementations based on algorithm/specification revisions that happened during Round 3, and begin to incorporate Round 4 changes. Discussion of algorithms to be removed in version 0.8.0 can be found in #1245.
Key encapsulation mechanisms
- Kyber: Update implementation and switch use of symmetric crypto to OQS common code
- HQC: Fix build on gcc-12
- SIKE: Remove SIKE due to break (https://eprint.iacr.org/2022/975)
Digital signature schemes
- Dilithium: Add ARMv8 optimized implementation and switch use of symmetric crypto to OQS common code
- Picnic: Update implementation
- Rainbow: Remove Rainbow level 1 due to break (https://eprint.iacr.org/2022/214)
Other changes
- Add support for building on powerpc64
- Update XKCP implementation
- Improve SHA2 implementation on ARMv8
- Improve AES implementation on ARMv8
- Add aarch64 CPU feature detection on FreeBSD
- Improve cross-compiling on Windows
- Enable integration of liboqs into other CMake-based projects
- Increment shared object library version
Detailed changelog
- Update Picnic to 3.0.8 by @sebastinas in #1158
- XCode update by @baentsch in #1162
- Add support for powerpc64 by @pkubaj in #1160
- remove picnic from cygwin build by @baentsch in #1171
- adding constant time test as weekly github action by @baentsch in #1170
- extend weekly run timeout [skip ci] by @baentsch in #1172
- Update XKCP and avoid assembler .ifdef directives by @jschanck in #1173
- Updated constant_time suppression files after picnic update by @christianpaquin in #1174
- Update to Picnic 3.0.9 by @sebastinas in #1167
- Mark stack non-executable when compiling with clang or gcc by @dstebila in #1161
- extend timeout to 10h by @baentsch in #1175
- skip sphincs,rainbow in shortened weekly testing by @baentsch in #1176
- Fixed build issue on arm based macs when using gcc11 by @Martyrshot in #1177
- disable BIKE on all 32bitters except x86 by @baentsch in #1180
- Update to picnic 3.0.11 (fixes #1178) by @sebastinas in #1181
- Weekly run update by @baentsch in #1182
- weekly job moved to Sunday [skip ci] by @baentsch in #1183
- Resolves an issue when building sha2 using arm crypto extensions with gcc11 by @Martyrshot in #1184
- Suppress constant time check for public matrix generation on Kyber AVX2 by @dstebila in #1189
- create and install cmake import files by @baentsch in #1191
- adding warning re Rainbow to documentation [skip ci] by @baentsch in #1193
- ARMv8 optimized Dilithium by @Martyrshot in #1194
- skip yamllint test for good by @baentsch in #1196
- Edits to key scheduling for AES on ARM to be constant time by @tedeaton in #1200
- Correct OQS_DIST_BUILD for ARM by @baentsch in #1202
- Deal with some issues identified by clang scan-build by @dstebila in #1211
- Issues and passes for aarch64 const time checks by @tedeaton in #1214
- Use
SecRandomCopyBytesfor system randomness on iOS (to allow building on iOS) by @zanebeckwith in #1219 - workaround for picnic under msys2 by @baentsch in #1220
- Adding aarch64 CPU feature detection for FreeBSD by @Martyrshot in #1210
- Added typecasts to tests/ds_benchmark.h to silence clang warnings by @Martyrshot in #1225
- doxygen update by @baentsch in #1228
- Link documentation and code by @baentsch in #1229
- Integrates pqcrystals with common-aes / extends common code AES CTR-API by @bhess in #1221
- Adds AES context release in Dilithium-AES / fix memory leak by @bhess in #1238
- Update Picnic to 3.0.14 (fixes #1212) by @sebastinas in #1237
- improve Windows crosscompile handling by @baentsch in #1236
- Bump Picnic to 3.0.15 by @sebastinas in #1241
- Updated Dilithium sign.c patch with AES context release (2) by @bhess in #1242
- adding scan-build test by @baentsch in #1240
- adding memory leak testing by @baentsch in #1234
- disable msys2 testing by @baentsch in #1243
- docs: Add valgrind as test dependencies in README.md by @yin19941005 in #1251
- Sync Kyber with upstream, enable Scan-Build with Kyber by @bhess in #1252
- Deal with the issue identified by valgrind by @splasky in #1250
- pqclean_hqc: Fix build on GCC-12 by @vt-alt in #1254
- Remove Rainbow level 1 by @dstebila in https://gith...
Contributors
Assets 2
liboqs version 0.7.1
liboqs version 0.7.1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype of liboqs-based key exchange for TLS 1.3 using the OpenSSL 3 (alpha) provider integration mechanism.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.7.1 of liboqs. It was released on December 16, 2021.
What's New
This release continues from the 0.7.0 release of liboqs.
Key encapsulation mechanisms
- Add NTRU level 5 parameter sets (ntruhps40961229, ntruhrss1373)
- Add NTRU Prime level 5 parameter sets (ntrulpr1277, sntrup1277)
- Add ARMv8 aarch64 optimized implementations of Kyber and SABER
- Minor updates to Kyber, NTRU, NTRU Prime, and SIKE implementations
Digital signature schemes
- Minor updates to Dilithium implementation
Other changes
- Optimized AES implementation on ARMv8 with crypto extensions.
- Preliminary support for building on S390x platform
- Improved build configurations on ARM platforms
- Improvements to benchmarking harness, with improved precision on ARM platforms
Detailed changelog
- Use Github Actions for some CI by @dstebila in #1069
- fixing #1076 by @baentsch in #1078
- Add instructions on how to build shared/dynamic library to the README by @Wandering-Consciousness in #1077
- Updated SIKE to latest upstream commit by @christianpaquin in #1079
- enabling flexible build dir name in testing by @baentsch in #1080
- run optimized constant time tests only on haswell by @baentsch in #1082
- increase constant time test timeout allowing slow runners to complete [skip ci] by @baentsch in #1085
- skip algorithms for constant_time tests by @baentsch in #1089
- Kyber/Dilithium copy_from_upstream by @bhess in #1088
- do full upstream doc generation [skip ci] by @baentsch in #1066
- Adding armv8 crypto extensions to AES by @tedeaton in #1086
- Enabling out-of-source build-and-test by @baentsch in #1091
- adding pyyaml prerequisite to README [skip ci] by @baentsch in #1094
- correct out-of-source build-and-test by @baentsch in #1093
- Update to PQClean commit 5b8ef3baea3ffdfbf688a3a1bb8f02de44a67ec0 by @dstebila in #1097
- skip more SPHINCS algs from weekly testing by @baentsch in #1102
- S390x support by @bhess in #1103
- Update BIKE documentation to reflect only little endian support [skip ci] by @dstebila in #1105
- Add powerpc64le name as alternative to ppc64le by @dstebila in #1112
- Disable BIKE build on s390x (big endian) by @bhess in #1115
- adds S/NTRUP1277 by @baentsch in #1111
- Updated Picnic to v3.0.5 by @christianpaquin in #1116
- Skip non-enabled algs in constant time tests by @christianpaquin in #1120
- Updated valgrind constant time exception for picnic by @christianpaquin in #1121
- Adding support for multiple upstream to copy_from_upstream, as well as pqclean's aarch64 kyber implementation by @Martyrshot in #1117
- Added Keccak constant time exclusion for Picnic AVX2 by @christianpaquin in #1124
- Adding multiple upstream support to doc generation by @Martyrshot in #1123
- adding ntruhps40961229 by @baentsch in #1126
- Fix gcc 11 error for Kyber on arm64 by @dstebila in #1127
- LF everywhere by @baentsch in #1133
- skip more ClassicMcEliece weekly CI constant time tests [skip ci] by @baentsch in #1134
- more code style checks by @baentsch in #1135
- Added supported-platforms compile guards in the SIKE CMakeLists by @christianpaquin in #1136
- Adding arm64_v8 optimized versions of saber. by @Martyrshot in #1131
- add downlevel compiler warning by @baentsch in #1137
- enable ARM64 optimizations when using OQS_MINIMAL_BUILD option by @baentsch in #1139
- Adding a speed_common script to benchmark OQS AES and hash algorithms by @tedeaton in #1144
- NIST copyright clarification by @baentsch in #1142
- Option to use PMU for benchmarking on ARM by @dstebila in #1147
- aarch64 dist build by @baentsch in #1148
- Tweaks to benchmarking code by @dstebila in #1150
- release performance regression test by @baentsch in #1152
- Added spdx headers to noregress.[py|sh] by @Martyrshot in #1154
- Output documented build options by @baentsch in #1155
- docs: set license MIT to Falcon Signature by @ax1 in #1156
- add trigger for oqs-provider CI by @baentsch in #1157
Full Changelog: 0.7.0...0.7.1
Contributors
Assets 2
liboqs version 0.7.0
liboqs version 0.7.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype of liboqs-based key exchange for TLS 1.3 using the OpenSSL 3 (alpha) provider integration mechanism.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, and nginx. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.7.0 of liboqs. It was released on August 11, 2021.
What's New
This release continues from the 0.6.0 release of liboqs.
Key encapsulation mechanisms
- Update BIKE to Round 3 (version 3.2) -- add BIKE1, BIKE3, remove BIKE1-L1-CPA, BIKE1-L1-FO, BIKE1-L3-CPA, BIKE1-L3-FO
- Update NTRU Prime implementation
- Update SIKE implementation
- Remove OQS_KEM_DEFAULT alias
Digital signature schemes
- Remove OQS_SIG_DEFAULT alias
Other changes
- Allow liboqs to build on other architectures, with preliminary builds on ppc64le and x86.
- Support for building liboqs on Apple Silicon
- New algorithm datasheets with more details on implementations.
- Optimized SHA-256 implementation on ARMv8 with crypto extensions.
liboqs version 0.6.0
liboqs version 0.6.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype of liboqs-based key exchange for TLS 1.3 using the OpenSSL 3 (alpha) provider integration mechanism.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, and nginx. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.6.0 of liboqs. It was released on June 8, 2021.
What's New
This release continues from the 0.5.0 release of liboqs.
Key encapsulation mechanisms
- Update Classic McEliece implementation
- Bug fixes in SIKE
- Bug fixes in HQC
- Change unsigned char to uint8_t in KEM API
- Fix wrong NIST level for Kyber768-90s
Digital signature schemes
- Update SPHINCS+ to Round 3 version
Other changes
- Improve random number generator when not relying on OpenSSL
- Improve run-time and compile-time guarding of optimized code
- Remove (unused) AES decryption code from common symmetric encryption code
- Replace AES plain C implementation with a constant-time version
- Update Windows cross-compiling toolchain
- Build options changed:
- By default, liboqs is now no longer built by default with CPU runtime feature detection and thus resulting executables may crash if not compiled suitably for the CPU on which the code shall be executed. For Docker files, we recommend setting OQS_DIST_BUILD to obtain code able to handle different CPU feature sets. Also, OQS_OPT_TARGET can be used to target a specific CPU at compile time. These flags are documented on the build options wiki page.
liboqs version 0.5.0
liboqs version 0.5.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype of liboqs-based key exchange for TLS 1.3 using the OpenSSL 3 (alpha) provider integration mechanism.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into SSH in our fork of OpenSSH 7.9; see the OQS-master branch of our OpenSSH fork's repository.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, and nginx. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.5.0 of liboqs. It was released on March 10, 2021.
What's New
This release continues from the 0.4.0 release of liboqs. Its main goal is to incorporate updates submitted to Round 3 of the NIST Post-Quantum Cryptography Standardization Project.
Deprecations
As a result of NIST's announcement of Round 3 of the Post-Quantum Cryptography Standardization Project, the 0.4.x series was the last release of liboqs to contain algorithms from Round 2 that are not Round 3 finalists or alternate candidates. Those algorithms have been removed in the 0.5.0 series. The algorithms in question are: NewHope, ThreeBears, MQDSS, and qTesla.
Key encapsulation mechanisms
- BIKE: No changes.
- Classic McEliece: Added AVX2 implementation.
- FrodoKEM: Incorporate upstream bug fixes and add runtime CPU feature detection for AVX2/AES-NI implementation.
- HQC: Update to Round 3 version.
- Kyber: Update to Round 3 version.
- NTRU: Incorporate upstream bug fixes.
- NTRUPrime: Add NTRUPrime.
- Saber: Update to Round 3 version.
- SIKE: Update to version 3.4.
Digital signature schemes
- Dilithium: Update to version 3.1.
- Falcon: Update to Round 3 version.
- Picnic: Update to Picnic v3.0.4.
- Rainbow: Update to Round 3 version.
- SPHINCS+: Incorporate upstream bug fixes.
Other changes
- Support for building liboqs with CPU extensions has been enhanced, and most implementations now have runtime CPU feature detection.
- A tool for benchmarking memory usage has been added (
test_kem_memandtest_sig_mem). - Valgrind is used to check for secret-dependent branch throughout the library. Note that not all implementations currently avoid secret-dependent branching; see
tests/constant_timefor details.