sort by:
Revision Author Date Message Commit Date
9896316 remove opt-mem implementation (move to pqm3/pqm4) 01 October 2021, 16:14:07 UTC
d83e637 clean up 01 October 2021, 16:14:07 UTC
9a7e415 Add Picnic From Only includes the compatible implementations, not the low memory modifications which change testvectors. 01 October 2021, 16:14:07 UTC
eb60c48 Add missing preprocessor flag for scheme archive lib. (#77) Fixes #76 03 September 2021, 06:43:11 UTC
9a55f5f Add script for generating the skiplists (#69) * Add script for generating the skiplists * Add usage info to skiplist generator. 03 September 2021, 06:41:57 UTC
71a6100 properly check for None 30 August 2021, 20:57:22 UTC
d8eeeaa Fix testvectors when bin_type is not .bin Right now the testvectors script does not work when bin_type is not .bin, e.g., it is .hex for the nucleo-l4r5zi. It fails when trying to build the host binary. The script tries to build bin-host/scheme_impl_testvectors.hex rather than bin-host/scheme_impl_testvectors. This is caused by a replace('.bin', ''). 30 August 2021, 20:57:22 UTC
55b2d6c fix testvectors when cc=clang clang complains about x####y -- it should be x##y. 18 August 2021, 21:48:44 UTC
64787de Set the canary size properly to staturate the stack to its maximum (#67) 06 August 2021, 02:28:11 UTC
38a6e2c update PQClean to include round 3 ntruprime (#71) 02 August 2021, 07:28:38 UTC
be6799e Bump pqclean from `6f22c50` to `819f906` (#68) Bumps [pqclean]( from `6f22c50` to `819f906`. - [Release notes]( - [Commits]( 28 July 2021, 04:34:19 UTC
0611b33 Create dependabot.yml 28 July 2021, 02:47:40 UTC
ab6f2bb set default extraargs for stlink platform 08 June 2021, 16:02:54 UTC
da3450c Adaptations for multiplatform build system (#57) * Make entire platform running code abstract * Make size benchmark use the new build system * Support for building Intel HEX files (or other formats) * Remove infinite loops at the end of tests Leave this to the specific platforms. Most startup files for embedded systems have an infinite loop after the main call anyway. But if we allow for a propper exit, we can, e.g., indicate an exit via semihosting. * Add new interface to query maximum stack size. * Add reusable buildsystem scripts * Add reusable platform implementations * Define proper targets for testvector generation * Add a documentation for the build system * Make all-in-one compilation the default * Remove references to pqm3 * Fix for older make versions * adjust mupq to run multiple iterations in a single binary * Depend on config file to trigger rebuild instead of an error * Objcopy call doesn't need to depend on config * Fix waiting for start * Reorganize symmetric crypto sources * Set C standard explicitly * Allow for second expansion * Reset input buffer before flashing * Let the platform decide whether to use function/data sections * Flip the order of source files to match the old PQM4 build behaviour * Output the plus seperators as a pseudo-progress bar * Add an environment variable to add optional extra args for st-flash Co-authored-by: Matthias J. Kannwischer <> 06 June 2021, 20:06:52 UTC
f1943b6 rename folder ref/ -> opt/ because the code is from the 'portable' implementation 24 May 2021, 04:16:45 UTC
3de5539 correct license and apply spec v4.1 24 May 2021, 04:16:45 UTC
6673aa2 Potential fix to the kyber512 issue. Considering that the loop consumes full blocks, line 50 should just update the remaining bytes. 24 May 2021, 03:43:28 UTC
3b24e25 optimize fips202.c for stack consumption Our current fips202.c implementation is fairly wasteful in terms of stack usage by always allocating an extra 200-byte state. That is rather stupid. I've refactored it to not use that additional buffer. I do not see any significant impact on the cycle counts by this change. This wants a bit more testing before it can be merged. 24 May 2021, 03:43:28 UTC
dd67c8d Add licensing information 02 April 2021, 01:21:24 UTC
8517285 update pqclean to include new SPHINCS+ parameter sets (#63) 29 March 2021, 08:39:36 UTC
d452928 Pull Dilithium 3.1 from PQClean (#61) 18 February 2021, 06:47:24 UTC
decc52b Add BIKE reference implementations (#60) 18 February 2021, 02:55:08 UTC
37c754c update dilithium to round 3 (#59) 01 February 2021, 06:04:28 UTC
88a9695 Update PQClean (#55) * NTRUPrime from PQClean * * * * * * * * 09 December 2020, 17:00:11 UTC
55230ef Save memory space on stack measurement for signatures (#54) 08 December 2020, 16:13:11 UTC
0372d68 remove non-round 3 schemes (#53) NIST announced the Round 3 finalists and alternate candidates: PQClean already removed threebears, ledakem, newhope, mqdss, qtesla in 9fbfb230a91f3fed1e0a2868671f7c26415f2168 This commit also removed the C implementations of schemes that did not make it to round 3 from mupq. That covers LUOV, RQC, ROLLO, Round5, ThreeBears, and LAC 24 July 2020, 01:21:36 UTC
d582f85 Update pqclean (changes NewHope clean) 30 May 2020, 09:30:40 UTC
4de38cd Update Round5 opt to new version (#52) Version 20200410 of the spec, commit r5embed/r5embed@6e4ebd1. 29 May 2020, 12:09:55 UTC
468d9eb more robust result parsing (#51) When doing the new benchmarks, I sometimes ran into the problem that the speed benchmarks contained something like keypair cycles: 6639120105 keypair cycles: 6639120105 sign cycles: 103762136231 verify cycles: 154024957 So for what ever reason, the board was reset after the first key gen was done. Our parsing script didn't really handle this well as it was based on line numbers. I made that more robust in this patch. I also made it a bit more consistent across benchmarks. 29 May 2020, 06:11:03 UTC
1f1ad36 Add new ROLLO ref implementation (#50) * Remove Rollo-III * Update ROLLO-I-128 * Update ROLLO-I-{192,256} * Update ROLLO-II-128 * Update ROLLO-II-{192,256} 28 April 2020, 20:08:39 UTC
8fd1941 fix lac to adhere to the new aes keyexp api 27 April 2020, 23:15:33 UTC
031d557 Update RQC implementation (#49) * Update RQC-128 to new version * Update RQC-192 * Update RQC-256 22 April 2020, 12:19:52 UTC
3e10f22 remove printbytes from randombytes (#48) 22 April 2020, 06:54:34 UTC
e2ae402 switch back to most recent pqclean version somehow I screwed up and switched to an older version in 21 April 2020, 06:28:53 UTC
d8cec88 add new LAC v3a/v3a ref/opt implementations (#46) 21 April 2020, 06:21:30 UTC
bef05e9 Update PQClean (#47) * add mceliece * Migrate * Port I'm not a big fan of this change, but we have to do it to be compatible with PQClean. * Port HQC * update mqdss * make rqc and rollo use the common nistseedexpander 20 April 2020, 05:18:33 UTC
870607a outsource crypto_hashblocks_sha512 (#45) crypto_hashblocks_sha512 now needs to be implemented by the platform-specific common sources. This is to integrate the new faster sha512 for the m4 from supercop20200409 14 April 2020, 05:19:48 UTC
3a3850b Update Round5 to third round (#44) * Remove SNEIK variants * Rename CCA variants * Update r5nd-1cca-5d opt implementation * Update symlinks other opt implementations * Add CPA variants 25 March 2020, 08:23:53 UTC
4468e2e python: Flush the serial buf chip sync There is an unreported bug present where _wait_for_start will read garbage from the chip *before* the first '=' char is received. It occurs when the chip is not synced with the benchmarking script, and is running an implementation without the benchmarking script listening. In this case, there is still data in the serial buffer from a lost (unsynced) benchmark run. This commit flushes (i.e. erases) the contents of the serial buffer before trying to sync to the '=' chars coming from the chip. 05 March 2020, 09:32:40 UTC
12f6d39 Add empty sha2_destroy functions (#42) added sha2_destory functions to the SPHINCS+ implementations. As we have a stack-based implementations, these are no-ops. 04 February 2020, 11:29:42 UTC
d9657a8 Skip AESNI and SSE implementations (#41) adds AESNI implementations of SPHINCS+. adds SSE implementations of McEliece. Those obviously won't work on mupq target, so I added those to the current blacklist. In case more implementation types are added to pqclean in the future we might want to a more clean filtering approach. 04 February 2020, 10:37:34 UTC
422bd74 re-add opt CCA implementations of three bears; remove ref implementations of CPA three bears (#40) 04 February 2020, 10:32:15 UTC
0c7162f Make the size executable configurable (#39) 02 February 2020, 19:01:03 UTC
84b3035 Fix Round5 CCA KEM (#37) * Update PQClean * Fix Round5 CCA KEM 02 December 2019, 08:35:47 UTC
6fb7df2 update pqclean to include the CCA threebears 18 November 2019, 09:29:26 UTC
a07b8d9 Flip len and flag for round5 (#35) See 15 November 2019, 11:10:34 UTC
2348846 Update pqclean to include qTesla PQClean added clean implementations of qTesla: 29 October 2019, 13:35:03 UTC
9015583 Refactor number printing functions and avoid Xprintf functions (#34) The refactoring removes a lot of identical duplicated code. Avoiding the printf functions reduces code size *considerably*. This is may not be necessary for platforms with larger flash sizes as in PQM4, however the printf functions for RISC-V pull in a lot of code. There are the "nano" variants of the libc, which are small enough. However, these don't support printing long longs which we need for the cycle counts. The code for unsigned long long printing uses a division by 10 trick from hackers delight, since the compiler will otherwise use a generic 64-bit division code, which is quite a bit larger. 28 October 2019, 11:48:34 UTC
e41de1a Add RQC{128,192,256} (#32) * Add RQC128 * Fix memory leak in rqc decapsulation * Add RQC192 and RQC256 08 October 2019, 11:01:55 UTC
a18199f Add ROLLO-{I,II,III}-{128,192,256} ref (#31) 08 October 2019, 08:19:49 UTC
6947d5c Update pqclean to use AES API in Kyber (#30) 07 October 2019, 13:02:19 UTC
941cae1 Port 'Add abstract state duplication for SHA256 incremental hashing API' from PQClean (#29) 01 October 2019, 11:02:16 UTC
3676e7d Update PQClean (#28) * update pqclean; handle avx2 implementations * change naming of falcon parameter sets to pqclean naming * remove saber parameter sets since they were moved to PQClean 01 October 2019, 09:48:02 UTC
7f6ec39 Update falcon to new fixed upstream version. (#27) On the 2019-09-18 the Falcon team announced that their implementation had two severe bugs that caused signatures to leak information about the secret key. These bugs also affected the implementations that were in pqm4. This commit updates our falcon implementation to the new upstream version from which fixes these bugs. 25 September 2019, 07:54:09 UTC
3a442bf Update LUOV to v2.1 24 September 2019, 07:10:12 UTC
b470fe3 Fix Python 3.6 compatibility and dubious use of printf (#25) * Fix compatibility with Python 3.6 text was only added in Python 3.7 as a more readable alias * Fix printf calls without a format string * Make stack's print function more similar to others 19 September 2019, 07:35:34 UTC
881a6f0 fix incremental sha512 (#23) 10 September 2019, 09:41:04 UTC
152e4c8 remove withdrawn qTesla parameter sets 20 August 2019, 15:55:45 UTC
3219bff Add Falcon (#22) * add falcon * enable testvector comparison for opt implementations * add constant time implementations of falcon * move opt to opt-leaktime 18 July 2019, 05:54:26 UTC
7437835 Update qTesla code (#21) 06 July 2019, 14:59:20 UTC
a86fea4 Fix bug in sha3_512_inc See The non-incremental version was correct. Currently no implementation actually uses the incremental SHA3-512. 05 July 2019, 13:49:14 UTC
104fff0 add relaese function for AES key schedule (#20) 01 July 2019, 06:46:36 UTC
bf20ddc Fix canary checks for platforms which can't do unaligned access (#19) 01 July 2019, 05:45:49 UTC
4f9b1dd Make stack canary size increasing for KEMs Commit f36a88b54d3ff7cf5cec89048297a21ca191b05e contained a change to the way that we measure stack size. However, this was only changed for signatures. This makes measuring KEMs behave the same again. 26 June 2019, 13:14:07 UTC
10eabd2 Add Round5 opt (#18) * Add R5ND_1KEMCCA_5d * Add other Round5 parameter sets * Enable using SNEIK from round5_variant_setting.h * Add R5SNEIK variants * Remove traces of ARMV7_ASM 26 June 2019, 13:12:09 UTC
cdb7422 Add ledakemlt12, ledakemlt32, and ledakemlt52 (#17) * update pqclean to include leda * port sha3_384 from PQClean (see 32b3a978091f2c6b318d7cebaa192b08321ead7f) 18 June 2019, 13:32:16 UTC
e63a919 Remove opt implementation of frodokem640shake (#16) 13 June 2019, 09:12:32 UTC
f36a88b port #15 to sp800-185.c 13 June 2019, 07:44:10 UTC
77eed87 fix stupid mistake in our fips202.c (#15) 13 June 2019, 06:54:06 UTC
417b7f9 Add ThreeBears ref and opt (#9) * Add ThreeBears TODO: replace cSHAKE * Add ThreeBears opt implementations * Add ThreeBears ephemeral variants * Use symlinks for ThreeBears ref implementations * Use symlinks for ThreeBears opt implementations * Use sp800-185.h for ThreeBears ref * Use sp800-185.h for ThreeBears opt * Fix warning 12 June 2019, 08:43:03 UTC
e2f82c7 update pqclean, slightly modify stack benchmark (#14) This reduced the stack measurements by 8 bytes for all schemes. I cannot really explain this, but it should matter too much. However, when rebenchmarking this in the future we should be aware of this. 12 June 2019, 08:22:15 UTC
45e6b1e Add LUOV ref (#11) * Add LUOV-48-43-222-chacha * Fix bug by fixing warnings - test passes now * Fix LUOV parameter sets that use SHAKE * Add other LUOV parameter sets 12 June 2019, 07:52:30 UTC
4488e8a update pqclean; remove ref implementation of dilithium2 11 June 2019, 09:43:22 UTC
0c2f58a Remove workaround in NTRU Prime code Now that issue mupq/pqm4#90 is resolved, this ugly hack can be removed. This only affects the ntrulpr parameter sets. Technically this commit makes their performance slighly worse. I checked for ntrulpr761 and the impact was on the order of 0.01%, so negligible. 10 June 2019, 15:19:30 UTC
132c4c6 Fix cSHAKE on 32-bit microcontrollers The finalize functions assumed the 64-bit non-bit-interleaved representation of the Keccak state. That caused test vectors not to match. This is solved by using the functions from keccakf1600.h. 09 June 2019, 18:05:37 UTC
f3db38d Add cSHAKE to common 09 June 2019, 11:31:05 UTC
701698b Update pqclean 09 June 2019, 11:31:05 UTC
feea4c7 rename dilithium 31 May 2019, 06:43:02 UTC
147bc18 Add NTRU Prime ref Round 2 (#12) * Remove sntrup4591761 Round 1 * Add sntrup761 Round 2 * Add other parameter sets of NTRU Prime * Workaround to guarantee aligned pointer The M4-optimized assembly implementation of AES key expansion can only handle word-aligned pointers. See issue mupq/pqm4#90. 29 May 2019, 12:26:15 UTC
e327bfa Update pqclean and port the opaque structs for the hashing API (#10) * Update pqclean PQClean now uses opaque structs for the hashing API, which means that everything needs to be changed. * Update SHA-2 with opaque state * Update fips202 with opaque state * Update Dilithium with opaque state * Fix SHAKE The shake{128,256}ctx wasn't zero-initialized. This was different from pqclean because we avoid re-using the same functions. That would mess up the hashing measurements. 22 May 2019, 13:13:19 UTC
f43760d update invalid ciphertext test to work with IND-CPA secure schemes 20 May 2019, 09:28:35 UTC
5b04060 update pqclean - now includes newhope; remove old newhope code 20 May 2019, 09:27:56 UTC
23976e9 Refactor calls to make and allow customizing make flags (#7) 20 May 2019, 09:14:51 UTC
c90e8c3 fix tab vs. spaces 18 May 2019, 12:06:29 UTC
55b99e6 Explicitly track the master branch of pqclean 17 May 2019, 15:31:00 UTC
f50e4fe Bring pqclean up to date 17 May 2019, 15:29:56 UTC
7ff367e properly check for errors for signatures 16 May 2019, 08:20:25 UTC
0181f7c Add SIKEp{434,503,610,751} for Round 2 15 May 2019, 08:06:29 UTC
4f0c32f Add LAC{128,192,256} (#4) * Add SHA-{224,256} and incremental SHA-2 variants * Add LAC{128,192,256} * Make LAC use our randombytes 15 May 2019, 06:41:11 UTC
9f5292a Update SABER to round 2, add LightSABER and FireSABER (#5) * Update SABER to round 2, add LightSABER and FireSABER * SABER should not be FireSABER * Hide multiplication internals for SABER * Fix broken compilation SABER 14 May 2019, 07:46:21 UTC
a5b4217 Add SHA-{224,256} and incremental SHA-2 variants (#3) 13 May 2019, 13:13:23 UTC
be126e6 Updated PQClean New Schemes: - kyber512 - kyber768 - kyber1024 - ntruhps2048677 - ntruhps4096821 - ntruhrss701 08 May 2019, 11:54:24 UTC
de339e2 Merge pull request #2 from mupq/codesize Measure code size 17 April 2019, 15:23:31 UTC
beb60f5 Measure code size 17 April 2019, 15:12:52 UTC
9f652b0 make frodo scheme naming consistent with PQClean (breaks testvectors) 17 April 2019, 13:58:45 UTC
e1f824f Merge pull request #1 from mupq/pqclean-integration Pqclean integration 17 April 2019, 13:23:19 UTC
5d9601f fix incremental keccak implementation 17 April 2019, 12:00:44 UTC
fbf7f28 Fix CTR mode for AES and remove duplicate/unused code 17 April 2019, 08:44:06 UTC
568bd4c Make schemes use optimized AES-192/256 implementations TODO: This breaks CTR mode which still needs to be fixed. Currently no scheme uses it, but Round-2-Kyber will. Also, pqriscv is now more or less forced to have optimized AES implementations as well. 16 April 2019, 14:56:13 UTC
b44b47f Fix bug in testvectors AES-128 16 April 2019, 09:31:10 UTC
back to top