Re: [pqc-forum] Abridged summary of pqc-forum@list.nist.gov - 11 updates in 2 topics

[Tushar Patel]

If you add Floating Point, or double precision, please make sure that there is an Ackermans self test defined and also all the hardening like stack overflow, pie, no exec heap, no exec stack, alignment are enforced or we might spend hours figuring out random crashes which in combination with an Enclave would be fun to debug. Now we can push these aside as implementation errors, however, stack protection was available as early as 1995/1996 and cryptographic code was still struggling it’s absence as late as 2017 ( maybe later)

On Fri, Sep 12, 2025 at 8:07 PM <pqc-...@list.nist.gov> wrote:

pqc-...@list.nist.gov

Google Groups

Today's topic summary
View all topics

• [EXT] [pqc-forum] Query on progress of FN-DSA. - 9 Updates
• test vectors prehash ML-DSA - 2 Updates

[EXT] [pqc-forum] Query on progress of FN-DSA.

Mike Hamburg <mi...@shiftleft.org>: Sep 12 12:00PM +0200 Hi all,   It’s worth noting that although FALCON and HAWK are both named after birds, and both use structured lattices, they are very different schemes otherwise and are based on different hard ...more

Al Martin <nit...@gmail.com>: Sep 12 08:12AM -0700 (just joined this group)   Regarding "constant time" hardware implementations of divide:   Both integer and floating-point divide (and the associated remainder and square root operations) can be ...more

Sophie Schmieg <ssch...@google.com>: Sep 12 11:21AM -0700 One thing to note here is that those same operations are, if anything, have even more pronounced performance differences in software: when implemented with two integers, add is a min, shift, and ...more

Samuel Lee <samue...@microsoft.com>: Sep 12 12:52PM -0700 Just to +1 what folks are already saying and add my own two cents. To be clear I have not tried to implement FN-DSA yet.   I think reliance on floating point for implementation of FN-DSA is highly ...more

Al Martin <nit...@gmail.com>: Sep 12 12:52PM -0700 I'm not trying to pass the buck. The point I'm trying to make is that hardware generally executes significantly faster than software. * But there are limitations *which software needs to be aware ...more

Watson Ladd <watso...@gmail.com>: Sep 12 01:19PM -0700 On Fri, Sep 12, 2025 at 12:52 PM 'Samuel Lee' via pqc-forum > Intel: Data Operand Independent Timing ISA Guidance and Data Operand Independent Timing Instructions > Arm: Arm A-profile Architecture ...more

Thomas Pornin <por...@bolet.org>: Sep 12 03:17PM -0700 For Falcon/FN-DSA, the required floating-point operations are add, sub, mul, div, and sqrt. You also need round, floor and trunc (i.e. conversion to 32-bit integers, with rounding to nearest, ...more

Taylor R Campbell <campbell+ni...@mumble.net>: Sep 13 12:48AM > Writing robust floating-point routines is particularly hard, having to deal > with special numbers (signed zero, subnormals, infinity, NaN), rounding > errors, and loss of significance. ...more

Taylor R Campbell <campbell+ni...@mumble.net>: Sep 13 02:18AM > values are constant time today, relying on this in a software > implementation of any cryptographic routine handling secrets is a really > bad idea.   Would CPU designers have bothered with DIT ...more

Back to top

test vectors prehash ML-DSA

Jeevanjeet Dash <dashjee...@gmail.com>: Sep 12 03:59PM +0530 Hi everyone, Can anyone send me the test vectors for prehash ML-DSA with respect to the latest changes made in FIPS 204? Thanks & Regards Jeevanjeet ...more

Stephan Mueller <smue...@chronox.de>: Sep 12 03:02PM +0200 Am Freitag, 12. September 2025, 12:29:30 Mitteleuropäische Sommerzeit schrieb Jeevanjeet Dash:   Hi Jeevanjeet,   > Hi everyone, > Can anyone send me the test vectors for prehash ML-DSA with ...more

Back to top

You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to pqc-forum+...@list.nist.gov.