2024-07-01 Markku-Juhani O. Saarinen mj...@iki.fi
Functional validation of crypto algorithms in the FIPS 140-3 scheme is based on NIST's Automated Cryptographic Validation Test System (ACVTS). This system contains crypto algorithm implementations that effectively serve as the "golden reference" for algorithm validation: They are used to generate randomized test cases in ACVTS.
The crypto implementations used by NIST's ACVP-Server are written in C# and run on Microsoft's .NET framework (version 6). Recently implementations of the new NIST PQC standards Kyber (Kyber.cs for FIPS 203 ML-KEM), Dilithium (Dilithium.cs for FIPS 204 ML-DSA), and SPHINCS+ (Slhdsa.cs for FIPS 205 SLH-DSA) have been added to the repo. These may not be the best or the most elegant implementations, many will want to ensure functional equivalence to this code for interoperability and certification purposes.
This repo provides a hacky Python interface to run the NIST Reference Kyber and Dilithium implementations on a Linux system ( I have not tested it, but Pythonnet is available onMac and Windows, too. ) There is also code to run tests against the static JSON-format test vectors in the ACVP-Server repo.
Note that the NIST reference implementations absolutely should not be used "in production" since no attention has been paid to crucial factors such as resistance against (remote) timing attacks. This is simply not needed in test vector generation. Furthermore, the code is still "alive" and has not been officially released (AFAIK). However, they can be quite useful for functional testing, printing out intermediate values, etc.
ABSOLUTELY NO WARRANTY. SUPPORT NOT AVAILABLE. You can report issues but don't expect this repo to be actively maintained.
These are provided by nist_mlkem.py. You may have to adjust this module to find the relevant DLLs for Kyber.
Key Generation:
Encapsulate:
Decapsulate:
Test module test_mlkem.py parses the JSON-format Kyber test vectors in the ACVP-Server repo and executes the related tests using the wrapper functions.
These are provided by nist_mldsa.py. You may have to adjust this module to find the relevant DLLs for Dilithium.
Key Generation:
Sign a message:
Verify a signature:
Test module test_mldsa.py parses the Dilithium test vectors in the ACVP-Server repo and executes the related tests using the wrapper functions.
( If you're curious why 30 test vectors are "skipped," The non-deterministic signature code is indeed non-deterministic and makes an internal call to an RBG. Hence, we're not trying to match those answers. )
This is very hacky: The followign steps were executed on a fresh install of Ubuntu 24.04 LTS on July 3, 2024 and it worked then. If it doesn't work for you, too bad -- NIST ACVTS code is in flux and .NET6 is at its End of Service in 2024, etc.
Install git, if needed, and clone this repo:
Following Microsoft's instructions for .NET on Ubuntu:
Note that you need the SDK as you're compiling C# code. If you're using a more stripped-down distro than Ubuntu, you will encounter many more dependencies.
Fetch the ACVP server sources (it's big!). We will put it right here under the py-acvp-pqc directory, but you can also have a ACVP-Server symlink.
Some preparatory steps for local installation:
We can now build the relevant implementation libraries (which are .dll files). One way to do this is by running some tests that have them as dependencies:
There is quite a lot of output, but we're done here.
We're using Pythonnet and you will probably have to install it. Let's install venv (if you don't have it already), and use a local environment:
Note that you will have to "enter" the enviroment with source .venv/bin/activate to use pythonnet installed locally this way.
Anyway, we should now be able to execute our Kyber and Dilithium test programs: