https://github.com/mupq/pqm4

sort by:
Revision Author Date Message Commit Date
7f05252 Run only on push to master, and when PR review requested 16 January 2024, 22:34:10 UTC
9587934 Properly wrap missing libc functions and shut up linker warning 16 January 2024, 21:43:35 UTC
b7b2b6d Update workflow dependencies 16 January 2024, 21:30:15 UTC
eccb2d1 Checkout submodules recursively 16 January 2024, 21:30:15 UTC
588374b Add a github workflow 16 January 2024, 21:30:15 UTC
b381da5 Exclude all non-building schemes for cw308t-stm32f415 16 January 2024, 21:20:31 UTC
5398081 Merge branch 'master' of https://github.com/37eex9/pqm4 into cw308t-stm32f415 16 January 2024, 20:58:48 UTC
ff6b7ab Merge remote-tracking branch 'origin/mirith' 16 January 2024, 20:57:20 UTC
cf017cd Merge remote-tracking branch 'origin/biscuit' 16 January 2024, 20:56:42 UTC
1c27aa0 Add MEDS 16 January 2024, 20:54:18 UTC
d93ba34 Merge remote-tracking branch 'origin/aimer' into master 16 January 2024, 19:41:35 UTC
de6b4d9 Merge remote-tracking branch 'origin/sphinca' into sphincsa Add SPHINCS-alpha #312 16 January 2024, 18:06:55 UTC
57bb7dc update mupq 15 January 2024, 13:19:53 UTC
a34a481 add AIMer 12 January 2024, 16:23:54 UTC
8e64b0e Merge remote-tracking branch 'origin/snova' 11 January 2024, 19:48:54 UTC
fbebf44 Remove old perk entries from skiplist Fixes #321 11 January 2024, 18:30:42 UTC
c3dbd50 add skiplist entries for mqom 11 January 2024, 18:22:33 UTC
759389b Add HAETAE to skiplist and update mupq 07 January 2024, 23:21:31 UTC
4ad3ef6 Merge branch 'haetae' of https://github.com/mmoeller23/pqm4 into mmoeller23-haetae 07 January 2024, 23:08:59 UTC
1fa2eac Add perk to skiplist and update mupq 07 January 2024, 23:04:19 UTC
f376768 Merge branch 'add-PERK-m4' of https://github.com/marco-palumbi/pqm4 into marco-palumbi-add-PERK-m4 07 January 2024, 22:28:47 UTC
a7fe0c1 use symbolic links whenever possible 05 January 2024, 18:19:56 UTC
d98a162 Update Kyber poly_tomsg to fix timing leak (w/ -Os) This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable. 19 December 2023, 13:44:24 UTC
4956a30 fix ldscripts for the stm32f4discovery board 07 December 2023, 13:17:04 UTC
d581941 use fullram linker script with some version 07 December 2023, 13:10:59 UTC
8dc5cf5 add PERK for all NIST levels Implementation compliant with version v1.1 of 2023/10/16 https://pqc-perk.org/ 07 December 2023, 13:06:08 UTC
8719b8e Move reference implementations to MUPQ/MUPQ The pure C reference implementations were removed from this pull request. A corresponding pull request in MUPQ/MUPQ has been initiated: https://github.com/mupq/mupq/pull/131 01 December 2023, 10:39:30 UTC
f7aedf0 Add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, haetae3 and haetae5, labeled as `ref`, with lower stack memory footprint than the original reference implementation. This enables running testvectors.py for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. 01 December 2023, 08:38:02 UTC
e122421 add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, Add slightly modified reference implementations to haetae2, haetae3 and haetae5 with lower stack memory footprint than the original reference implementation. This enables the test vector comparison for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. 01 December 2023, 08:18:31 UTC
258a11f add ref implementation for haetae2 stack usage (keypair/sign/verify): * haetae2: 26152 / 83128 / 29856 01 December 2023, 08:14:29 UTC
76f069c stm32f415: enable hw rng and extend clock setup update interface.py platform_memory to handle stm32f415 26 November 2023, 12:06:42 UTC
bd9b47d recompute static tables 25 November 2023, 07:24:26 UTC
c8b3456 do expensive pre-computation only once 24 November 2023, 09:11:57 UTC
dc26f54 Update mupq 24 November 2023, 08:56:49 UTC
991a5b6 Update skiplist for bike 24 November 2023, 08:54:00 UTC
c37de3c Merge branch 'bike-round4' of https://github.com/37eex9/pqm4 into 37eex9-bike-round4 24 November 2023, 08:36:28 UTC
8821d31 Add MiRitH 24 November 2023, 08:05:20 UTC
71f0daa Add biscuit 24 November 2023, 08:02:41 UTC
d436546 Merge remote-tracking branch 'origin/cross' 24 November 2023, 07:54:08 UTC
694a4a8 eliminate static memory 24 November 2023, 07:52:07 UTC
968fbef Merge remote-tracking branch 'origin/asconsign' 24 November 2023, 07:51:35 UTC
f955de1 Merge remote-tracking branch 'origin/perk' 24 November 2023, 07:49:22 UTC
111ea35 Merge remote-tracking branch 'origin/hawk' 24 November 2023, 07:48:02 UTC
a35e15b Merge remote-tracking branch 'origin/mayo' 24 November 2023, 07:45:36 UTC
c2438e0 turn into symlinks 24 November 2023, 07:41:59 UTC
3bac106 Adds HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be selected in config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" after the change). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). 23 November 2023, 09:44:59 UTC
8e19ad7 add SPHINCS-alpha 23 November 2023, 09:07:07 UTC
b48968e Update HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be chosen config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" when changing it). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). The scheme HAETAE2 contains a reference implementation, which has been renamed from "clean" in previous commits to "ref". The reference implementation would run out of memory for schemes HAETAE3 and HAETAE5 and is therefore not included for these schemes. 22 November 2023, 16:28:54 UTC
fe44f74 Merge branch 'haetae_dev' into haetae 22 November 2023, 16:13:43 UTC
0bdc33e add clean implementation for HAETAE2 The clean implementation is only minimally changed from the reference implementation to conform with the PQM4 API. The clean implementation would run out of memory for HAETAE3 and HAETAE5 and is therefore not added for those modes. 22 November 2023, 16:10:51 UTC
a031ee4 add STACK_STRATEGY switch to config.h This implementation offers different stack strategies: * 0: Optimized for speed. * 1: Does not buffer the polynomials of the verification key in crypto_sign_keypair() and crypto_sign_signature(), thus reducing stack usage at the cost of some speed. * 2: In addition to 1, the hyperballs are sampled in multiple passes in crypto_sign_signature(), which reduces the stack usage for temporary variables. This roughly doubles the execution time of crypto_sign_signature(). 22 November 2023, 14:56:44 UTC
7eee34e compute challenge polynomial directly and sample hyperball coin deterministically * Move challenge seed generation from crypto_sign() to poly_challenge(). * Sample the random byte b deterministically inside of polyfixveclk_sample_hyperball(). It is used to: * determine the sign in hyperball sampling (bit mask 0x01) * reject with 50% odds in the overlap region (bit mask 0x02) * M4F version corresponds to reference version of 2023-11-20. 22 November 2023, 07:33:13 UTC
564ac86 initial commit of HAETAE M4F version corresponds to reference version of 2023-10-21. 20 November 2023, 23:01:11 UTC
92f0187 Add SNOVA 16 November 2023, 06:32:42 UTC
ec5c844 Add progress bar support (#307) * Add progress bar support * Raise exit-code if tests fail * Update mupq * Add forgotten import * Update mupq 15 November 2023, 15:56:12 UTC
f8fdca2 use pqm4/mupq sha2 14 November 2023, 07:54:37 UTC
179b50b Add cross-{sha2,sha3}-r-sdp{,g}-{1,3,5}-{small,fast} 14 November 2023, 07:11:47 UTC
f638ce6 Add ascon-sign{128,192}{s,f}-{simple,robust} 13 November 2023, 09:06:08 UTC
c96e268 Add perk perk-128-fast-{3,5} should be able to run on the 640 KB RAM board. The perk-{192,256}-short-* are out of reach even with 4 MB RAM in qemu, so I did not include those. The remaining ones run in 4 MB RAM, but won't run on the board. 07 November 2023, 09:09:48 UTC
135cca9 Update mupq 07 November 2023, 07:26:49 UTC
2b7d336 Add hawk{256,512,1024} 07 November 2023, 06:08:55 UTC
420726a update skiplist 07 November 2023, 02:17:41 UTC
6eb3b6c revert unnecessary change in aes-publicinputs.h 07 November 2023, 02:13:33 UTC
19418dd remove benchmarks 07 November 2023, 02:13:26 UTC
aed4973 switch to low-RAM test for ov-Ip 07 November 2023, 02:13:22 UTC
22ea5d8 add OV benchmarks 07 November 2023, 02:13:12 UTC
f20d2b4 add skiplist entries for OV 07 November 2023, 02:13:03 UTC
6b7b698 add LICENSEs to OV 07 November 2023, 02:13:02 UTC
c4aaa78 add ov-Ip{,-pkc,-pkc-skc} m4f implementations 07 November 2023, 02:12:29 UTC
9c69acb update skiplist 07 November 2023, 02:07:21 UTC
d969ad4 add reference implementation of MAYO 07 November 2023, 02:04:04 UTC
8582f47 Implement new stack measurement HAL API (#304) * Implement new stack measurement HAL API * update mupq to current master --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 07 November 2023, 02:01:45 UTC
d2aa0e8 BIKE: use mupq/mupq with latest BIKE implementation 06 November 2023, 07:22:16 UTC
d95087b Merge branch 'mupq:master' into bike-round4 02 November 2023, 16:56:36 UTC
52ff781 BIKE: remove compile flag _USE_CCM_IF_STM32F4_ and related unused code. Intention was to make use of CCM (core coupled memory) to allow (specific) platforms to run schemes with more memory consumption. 02 November 2023, 15:46:02 UTC
6ea87b6 BIKE remove outdated files (aes) and use symlinks for duplicate files between bike level 1 and bike level 3 27 October 2023, 08:37:55 UTC
e21677c output something if testvectors pass 27 October 2023, 07:21:41 UTC
5642fd9 BIKE: minor changes to reduce compiler warnings 26 October 2023, 14:20:34 UTC
d5938b7 BIKE update schemes opt and m4f to spec v5.1 verified with KATs and testvectors 26 October 2023, 13:49:10 UTC
46511c7 Small overhaul of OpenCM3 code, rework Nucleo-L4R5ZI target a bit, and add CW308T-STM32F415 target (#259) * Only compile the specific libopencm3 library needed * Add experimental support for CW308T-STM32F415 * Shut up the linker errors * Shut up unused parameter warning * Fix Keccaktest bin generation * Update libopencm3 * Adapt to renamed constants * Compile the board test with fast and slow clock * Use wrapped symbols instead of overriding * Overhaul clocking for L4R5ZI board 24 October 2023, 03:47:25 UTC
d4b1f5f Update mupq 22 October 2023, 14:48:30 UTC
662a62b Merge pull request #257 from mupq/dsprenkels-patch-citing Add a notice about citing original papers 14 September 2023, 07:30:46 UTC
39df6c8 Update README.md 13 September 2023, 09:09:21 UTC
37cd04c Add a simple Keccak test 08 September 2023, 20:50:12 UTC
b816ece Merge pull request #254 from aadomn/update_keccak Update Keccak-f[1600] implementation for better performance 08 September 2023, 20:46:27 UTC
5c3cb35 Merge pull request #256 from JunhaoHuang/master Solve a bug in Kyber768 m4fspeed implementation 08 September 2023, 20:22:05 UTC
18fbd5e Fix problem with secondary expansion for target specifc variable 08 September 2023, 20:04:54 UTC
bd950cf basemul_asm_acc_opt_32_32 add push r11 26 July 2023, 06:43:51 UTC
91f3d88 Update Keccak-f[1600] implementation for better performance 26 May 2023, 19:05:28 UTC
a525417 add aes-publicinputs for code on the host 25 May 2023, 07:38:14 UTC
1eeb74e skip aarch64 implementations when building all schemes via make 08 November 2022, 05:17:17 UTC
918f379 Remove schemes that are no longer under consideration by NIST (#238) * remove schemes that are no longer under consideration by NIST * bump pqclean to r4 * update mupq * update mupq * Remove SIKE SIKE got broken by https://eprint.iacr.org/2022/975 The SIKE team acknowledged it in https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/round-4/submissions/sike-team-note-insecure.pdf * Make falcon work with namespaced randombytes * bump pqclean once more * update benchmarks with Arm GNU Toolchain 11.3.Rel1 * add correct version of the compiler * clean up excluded schemes * Update README.md 07 November 2022, 09:35:49 UTC
3743a66 Improved Plantard Arithmetic for Lattice-based Cryptography (#244) * integrate improved Plantard arithmetic into Kyber * support m4fspeed and rename m4plantard to m4fstack * remove obj file * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 25 October 2022, 03:18:58 UTC
f216cc2 Add reductions to iNTT in stack optimized code for Kyber (#242) * Add reductions to iNTT in stack optimized code * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 17 October 2022, 05:46:04 UTC
b78dc00 more extensive aes tests and benchmarks 27 September 2022, 06:43:59 UTC
37e0fef more extensive aes tests and benchmarks 27 September 2022, 06:41:53 UTC
685fbbb Fix function call from assembly (#240) * change floating-point registers s(0-15) in s(16-31) in kyber matacc_asm.S matacc.i s(n) -> s(n+16) * change floating-point register s31 in s16 in kyberXXX-90s m4fspeed matacc_asm.S * consider floating-point registers clobbered calling kyber matacc_asm.S functions * save r12 register before calling C function in kyber matacc_asm.S and kyber matacc.i * amend the previous commit: fix the register Co-authored-by: Marco Palumbi <Marco.Palumbi@tii.ae> 26 September 2022, 03:42:03 UTC
059e024 Add Richard Petri to citation 21 September 2022, 07:24:02 UTC
26f810d Fix alignment issues in Kyber (#236) * Add .vscode to gitignore * Add alignment to arrays used in Kyber to address #235 07 June 2022, 08:39:12 UTC
0b50e72 Use different FP registers, fix iNTT range (#234) * different fp registers, fix iNTT range * Remove redundant packing of signature component 'z' * benchmarks Co-authored-by: Alexandre Adomnicai <alex.adomnicai@gmail.com> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 10 May 2022, 07:45:12 UTC
back to top