C11 FIPS 203 IPD Implementation
201 views
Skip to first unread message
Paul Duncan
Apr 30, 2024, 8:48:25 AMApr 30
to pqc-...@list.nist.gov
Hi Everyone,
My embeddable, dependency-free C11 implementation of the FIPS 203
initial public draft is available at the following URL:
https://github.com/pablotron/fips203ipd/
Features:
- Clean-room implementation not based on any other implementation.
- Multiple backends: The default scalar backend and a compile-time
AVX-512 backend, implemented with intrinsics.
- Single source file and header (fips203ipd.[ch]), which includes the
necessary bits of FIPS 202, both backends, and the test suite.
- No external dependencies. Uses the standard integer types, memcpy(),
and memset() from the C standard library and (if the AVX-512 backend
is enabled) the AVX-512 intrinsics provided by GCC and Clang.
- The AVX-512 backend permutes and squeezes from up to 8 SHAKE128 and
SHAKE256 contexts in parallel.
- Uses constant-time Barrett reduction.
- Compiles with all warnings enabled.
- Test suite builds and passes with common Clang and GCC sanitizers
enabled (asan, ubsan, etc).
- Test suite includes test vectors from the NIST PQC Intermediate Values
for Draft ML-KEM [1].
Notes:
- Reduces decoded coefficients mod Q as suggested by Peter Schwabe on
the pqc-forum mailing list (option #2) [2].
- keygen and encaps are deterministic and accept randomness as a
function parameter, similar to the "low-level" API discussed in the
recent FIPS 203 Update presentation [3].
- Written in a constant-time style, although this has not been formally
verified.
- Does not clear intermediate values.
- Tested with several versions of Clang and GCC on a variety of x86-64
and ARM systems. Untested (and probably won't work) on big-endian
systems.
The main reason I created this was for fun and to provide feedback
during the standardization process.
Thanks,
[1]: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/example-files
[2]: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ivu1i2uIbwY/m/oqGKNqI-AQAJ
[3]: https://csrc.nist.gov/csrc/media/Presentations/2024/fips-203/images-media/dang-fips-203-pqc2024.pdf
--
Paul Duncan <pa...@pablotron.org>
https://pablotron.org/
My embeddable, dependency-free C11 implementation of the FIPS 203
initial public draft is available at the following URL:
https://github.com/pablotron/fips203ipd/
Features:
- Clean-room implementation not based on any other implementation.
- Multiple backends: The default scalar backend and a compile-time
AVX-512 backend, implemented with intrinsics.
- Single source file and header (fips203ipd.[ch]), which includes the
necessary bits of FIPS 202, both backends, and the test suite.
- No external dependencies. Uses the standard integer types, memcpy(),
and memset() from the C standard library and (if the AVX-512 backend
is enabled) the AVX-512 intrinsics provided by GCC and Clang.
- The AVX-512 backend permutes and squeezes from up to 8 SHAKE128 and
SHAKE256 contexts in parallel.
- Uses constant-time Barrett reduction.
- Compiles with all warnings enabled.
- Test suite builds and passes with common Clang and GCC sanitizers
enabled (asan, ubsan, etc).
- Test suite includes test vectors from the NIST PQC Intermediate Values
for Draft ML-KEM [1].
Notes:
- Reduces decoded coefficients mod Q as suggested by Peter Schwabe on
the pqc-forum mailing list (option #2) [2].
- keygen and encaps are deterministic and accept randomness as a
function parameter, similar to the "low-level" API discussed in the
recent FIPS 203 Update presentation [3].
- Written in a constant-time style, although this has not been formally
verified.
- Does not clear intermediate values.
- Tested with several versions of Clang and GCC on a variety of x86-64
and ARM systems. Untested (and probably won't work) on big-endian
systems.
The main reason I created this was for fun and to provide feedback
during the standardization process.
Thanks,
[1]: https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/example-files
[2]: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ivu1i2uIbwY/m/oqGKNqI-AQAJ
[3]: https://csrc.nist.gov/csrc/media/Presentations/2024/fips-203/images-media/dang-fips-203-pqc2024.pdf
--
Paul Duncan <pa...@pablotron.org>
https://pablotron.org/
Reply all
Reply to author
Forward
0 new messages