|
|
CAUTION: This e-mail originated from outside the Minnesota State System. Only click links or open attachments from trusted sources. Please report suspicious messages using the "Report Message Button". |
|
Garvit Shah <garvit...@gmail.com>: Sep 13 09:29AM +0530
Hello people! Today I was try to access the links to drafts of NIST SP 1800-38 A/B/C from the links provided on - https://csrc.nist.gov/pubs/sp/1800/38/iprd-(1) <https://csrc.nist.gov/pubs/sp/1800/38/iprd-(1)> but I was unable to open them. Yesterday they were working fine. I don’t think it's the internet issue. Anyone any idea if it has been withdrawn temporarily or what is the current state ? Thanks! — Regards Garvit Shah |
|
Roy <r...@bouncycastle.org>: Sep 12 03:52PM -0400
|
|
Roy <r...@bouncycastle.org>: Sep 12 04:12PM -0400
Hello Kris, I tested the provided KATS with the BouncyCastle implementation, I think you might not be using the listed bytes "xi" and "rnd". The following tests fail: "kat_MLDSA_44_det_hashed.rsp", // KeyGen FAILS "kat_MLDSA_65_det_hashed.rsp", // KeyGen FAILS "kat_MLDSA_87_det_hashed.rsp", // KeyGen FAILS "kat_MLDSA_44_det_normal.rsp", // KeyGen FAILS "kat_MLDSA_65_det_normal.rsp", // KeyGen FAILS "kat_MLDSA_87_det_normal.rsp", // KeyGen FAILS "kat_MLDSA_44_det_raw.rsp", // KeyGen FAILS "kat_MLDSA_65_det_raw.rsp", // KeyGen FAILS "kat_MLDSA_87_det_raw.rsp", // KeyGen FAILS "kat_MLDSA_44_hedged_hashed.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_65_hedged_hashed.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_87_hedged_hashed.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_44_hedged_normal.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_65_hedged_normal.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_87_hedged_normal.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_44_hedged_raw.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_65_hedged_raw.rsp", // KeyGen FAILS, Sign FAILS "kat_MLDSA_87_hedged_raw.rsp" // KeyGen FAILS, Sign FAILS ~ Roy Basmacier |
|
Kris Kwiatkowski <kr...@amongbytes.com>: Sep 12 09:14PM +0100
Thank you Roy, Indeed seems I maybe have a problem with xi and rnd. Let me double check. Can you confirm that verification works OK? Kind regards, Kris On 12/09/2024 21:12, Roy wrote: |
|
Roy <r...@bouncycastle.org>: Sep 12 04:27PM -0400
Hey Kris, For the deterministic KATS signature generation and verification works. For the hedged KATS only the verification works. ~ Roy Basmacier |
|
Stephan Mueller <smue...@chronox.de>: Sep 12 09:05PM -0500
Am Donnerstag, 12. September 2024, 15:27:28 GMT-5 schrieb Roy: Hi Roy, > For the deterministic KATS signature generation and verification works. > For the hedged KATS only the verification works. > ~ Roy Basmacier ML-DSA 87 and 65 prehash: I cannot verify those with my unmodified implementation as the used SHA-256 hash is not allowed to be used with 87 and 65 (the digest size is not 2 * lambda). When lifting the restriction, I can validate the data. For the hedged and det, I can successfully perform sigver for all types (when disabling the aforementioned limitation). Siggen fails, because I cannot generate the keys from xi. When I use the provided SK, siggen will still fail with the hedged, but pass with the deterministic. Ciao Stephan |
|
Stephan Mueller <smue...@chronox.de>: Sep 12 09:12PM -0500
Am Donnerstag, 12. September 2024, 21:05:58 GMT-5 schrieb Stephan Mueller: Hi Kris, > implementation as the used SHA-256 hash is not allowed to be used with 87 > and 65 (the digest size is not 2 * lambda). When lifting the restriction, I > can validate the data. To clarify the check the code applies, see: https://github.com/smuellerDD/leancrypto/blob/master/ml-dsa/src/ dilithium_domain_separation.c#L77 Ciao Stephan |
|
Maxime Bros <maxim...@nist.gov>: Sep 12 11:35AM -0700
Dear Community, I hope you're all doing well and that you’ve had an amazing summer ☀️ 😎 🏖️ . I'm delighted to announce that the NIST PQC Seminars will have a second Series of three talks 😀, this time about the 4th Round of the NIST PQC Standardization Project. Namely, there will be one talk per code-based candidate (see the dates below), more information will be published on the website of the NIST PQC Seminars soon: https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars Please note that all talks below will happen at *10am US EDT (Eastern Daylight Time, Washington D.C.), UTC-4.* *#18 - [Classic McEliece] Tuesday, September, 17, 2024* *#19 - [HQC] Friday, September, 20, 2024* *#21 - [BIKE] Friday, September, 27, 2024* Last but not least, I would like to take advantage of this post to announce the 20th NIST PQC Seminar which will be about multivariate candidates for the Additional Call for Signatures (also called "onramp"): *#20 - [MAYO - UOV] Tuesday, September, 24, 2024* As usual, instructions to connect to the seminars can be found on the website, as well as information to subscribe to the mailing list of the NIST PQC Seminars. Thanks, Dr. Maxime Bros NIST PQC On Friday, August 2, 2024 at 5:31:55 PM UTC-4 Maxime Bros wrote: |
|
You received this digest because you're subscribed to updates for this group. You can change your settings on the
group membership page. To unsubscribe from this group and stop receiving emails from it send an email to pqc-forum+...@list.nist.gov. |