5fa22a8 | Richard Petri | 21 January 2024, 18:14:32 UTC | Enable out-of-tree builds All build outputs are now placed in build-PLATFORMNAME. | 21 January 2024, 18:14:32 UTC |
82f4e23 | Richard Petri | 20 January 2024, 22:39:05 UTC | Merge branch 'update-PERK-m4' improve compression for PERK short levels I and II #328 | 20 January 2024, 22:39:05 UTC |
4702ce9 | Marco Palumbi | 20 January 2024, 09:21:05 UTC | improve compression for short levels I and II | 20 January 2024, 09:21:05 UTC |
ca8b4f3 | rpls | 19 January 2024, 14:03:07 UTC | Merge pull request #327 from mupq/tuov Add Tuov | 19 January 2024, 14:03:07 UTC |
1ccd61f | Richard Petri | 19 January 2024, 13:42:57 UTC | Exclude tuov from builds | 19 January 2024, 13:57:15 UTC |
f514356 | Richard Petri | 19 January 2024, 13:36:36 UTC | Add Tuov | 19 January 2024, 13:36:36 UTC |
bfd8248 | rpls | 18 January 2024, 12:22:15 UTC | Merge pull request #325 from mupq/mirith-fix Update for MiRitH | 18 January 2024, 12:22:15 UTC |
a0dec92 | Richard Petri | 18 January 2024, 12:20:05 UTC | Use updated version of mirith, add embedded optimized version | 18 January 2024, 12:20:05 UTC |
54d8313 | Richard Petri | 16 January 2024, 22:34:10 UTC | Run only on push to master, and when PR review requested | 16 January 2024, 22:37:11 UTC |
d2a8800 | Richard Petri | 16 January 2024, 21:36:40 UTC | Properly wrap missing libc functions and shut up linker warning | 16 January 2024, 22:37:11 UTC |
dfc968a | rpls | 24 November 2023, 12:21:04 UTC | Update workflow dependencies | 16 January 2024, 22:37:11 UTC |
0a47489 | rpls | 03 November 2022, 22:00:33 UTC | Checkout submodules recursively | 16 January 2024, 22:37:11 UTC |
ee2a6ea | rpls | 03 November 2022, 21:55:10 UTC | Add a github workflow | 16 January 2024, 22:37:11 UTC |
b381da5 | Richard Petri | 16 January 2024, 21:06:29 UTC | Exclude all non-building schemes for cw308t-stm32f415 | 16 January 2024, 21:20:31 UTC |
5398081 | Richard Petri | 16 January 2024, 20:58:48 UTC | Merge branch 'master' of https://github.com/37eex9/pqm4 into cw308t-stm32f415 | 16 January 2024, 20:58:48 UTC |
ff6b7ab | Richard Petri | 16 January 2024, 20:57:20 UTC | Merge remote-tracking branch 'origin/mirith' | 16 January 2024, 20:57:20 UTC |
cf017cd | Richard Petri | 16 January 2024, 20:56:42 UTC | Merge remote-tracking branch 'origin/biscuit' | 16 January 2024, 20:56:42 UTC |
1c27aa0 | Richard Petri | 16 January 2024, 20:54:18 UTC | Add MEDS | 16 January 2024, 20:54:18 UTC |
d93ba34 | Richard Petri | 16 January 2024, 19:41:35 UTC | Merge remote-tracking branch 'origin/aimer' into master | 16 January 2024, 19:41:35 UTC |
de6b4d9 | Richard Petri | 16 January 2024, 18:06:55 UTC | Merge remote-tracking branch 'origin/sphinca' into sphincsa Add SPHINCS-alpha #312 | 16 January 2024, 18:06:55 UTC |
57bb7dc | Matthias J. Kannwischer | 15 January 2024, 13:19:53 UTC | update mupq | 15 January 2024, 13:19:53 UTC |
a34a481 | Matthias J. Kannwischer | 12 January 2024, 14:46:55 UTC | add AIMer | 12 January 2024, 16:23:54 UTC |
8e64b0e | Richard Petri | 11 January 2024, 19:48:54 UTC | Merge remote-tracking branch 'origin/snova' | 11 January 2024, 19:48:54 UTC |
fbebf44 | Richard Petri | 11 January 2024, 18:30:42 UTC | Remove old perk entries from skiplist Fixes #321 | 11 January 2024, 18:30:42 UTC |
c3dbd50 | Matthias J. Kannwischer | 11 January 2024, 10:14:04 UTC | add skiplist entries for mqom | 11 January 2024, 18:22:33 UTC |
759389b | Richard Petri | 07 January 2024, 23:21:31 UTC | Add HAETAE to skiplist and update mupq | 07 January 2024, 23:21:31 UTC |
4ad3ef6 | Richard Petri | 07 January 2024, 23:08:59 UTC | Merge branch 'haetae' of https://github.com/mmoeller23/pqm4 into mmoeller23-haetae | 07 January 2024, 23:08:59 UTC |
1fa2eac | Richard Petri | 07 January 2024, 23:04:19 UTC | Add perk to skiplist and update mupq | 07 January 2024, 23:04:19 UTC |
f376768 | Richard Petri | 07 January 2024, 22:28:47 UTC | Merge branch 'add-PERK-m4' of https://github.com/marco-palumbi/pqm4 into marco-palumbi-add-PERK-m4 | 07 January 2024, 22:28:47 UTC |
a7fe0c1 | Marco Palumbi | 05 January 2024, 18:19:56 UTC | use symbolic links whenever possible | 05 January 2024, 18:19:56 UTC |
d98a162 | Matthias J. Kannwischer | 18 December 2023, 02:07:27 UTC | Update Kyber poly_tomsg to fix timing leak (w/ -Os) This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable. | 19 December 2023, 13:44:24 UTC |
4956a30 | Marco Palumbi | 07 December 2023, 13:17:04 UTC | fix ldscripts for the stm32f4discovery board | 07 December 2023, 13:17:04 UTC |
d581941 | Marco Palumbi | 07 December 2023, 13:10:59 UTC | use fullram linker script with some version | 07 December 2023, 13:10:59 UTC |
8dc5cf5 | Marco Palumbi | 07 December 2023, 12:59:00 UTC | add PERK for all NIST levels Implementation compliant with version v1.1 of 2023/10/16 https://pqc-perk.org/ | 07 December 2023, 13:06:08 UTC |
8719b8e | Marc | 01 December 2023, 10:39:22 UTC | Move reference implementations to MUPQ/MUPQ The pure C reference implementations were removed from this pull request. A corresponding pull request in MUPQ/MUPQ has been initiated: https://github.com/mupq/mupq/pull/131 | 01 December 2023, 10:39:30 UTC |
f7aedf0 | Marc | 01 December 2023, 08:30:58 UTC | Add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, haetae3 and haetae5, labeled as `ref`, with lower stack memory footprint than the original reference implementation. This enables running testvectors.py for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. | 01 December 2023, 08:38:02 UTC |
e122421 | Marc | 01 December 2023, 08:17:04 UTC | add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, Add slightly modified reference implementations to haetae2, haetae3 and haetae5 with lower stack memory footprint than the original reference implementation. This enables the test vector comparison for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. | 01 December 2023, 08:18:31 UTC |
258a11f | Marc | 27 November 2023, 10:36:32 UTC | add ref implementation for haetae2 stack usage (keypair/sign/verify): * haetae2: 26152 / 83128 / 29856 | 01 December 2023, 08:14:29 UTC |
76f069c | Till Eifert | 27 October 2023, 05:48:26 UTC | stm32f415: enable hw rng and extend clock setup update interface.py platform_memory to handle stm32f415 | 26 November 2023, 12:06:42 UTC |
bd9b47d | Matthias J. Kannwischer | 25 November 2023, 07:24:26 UTC | recompute static tables | 25 November 2023, 07:24:26 UTC |
c8b3456 | Matthias J. Kannwischer | 24 November 2023, 09:11:57 UTC | do expensive pre-computation only once | 24 November 2023, 09:11:57 UTC |
dc26f54 | Richard Petri | 24 November 2023, 08:56:49 UTC | Update mupq | 24 November 2023, 08:56:49 UTC |
991a5b6 | Richard Petri | 24 November 2023, 08:53:06 UTC | Update skiplist for bike | 24 November 2023, 08:54:00 UTC |
c37de3c | Richard Petri | 24 November 2023, 08:36:28 UTC | Merge branch 'bike-round4' of https://github.com/37eex9/pqm4 into 37eex9-bike-round4 | 24 November 2023, 08:36:28 UTC |
8821d31 | Richard Petri | 24 November 2023, 08:05:20 UTC | Add MiRitH | 24 November 2023, 08:05:20 UTC |
71f0daa | Richard Petri | 24 November 2023, 07:58:50 UTC | Add biscuit | 24 November 2023, 08:02:41 UTC |
d436546 | Richard Petri | 24 November 2023, 07:54:08 UTC | Merge remote-tracking branch 'origin/cross' | 24 November 2023, 07:54:08 UTC |
694a4a8 | Matthias J. Kannwischer | 24 November 2023, 07:52:07 UTC | eliminate static memory | 24 November 2023, 07:52:07 UTC |
968fbef | Richard Petri | 24 November 2023, 07:51:35 UTC | Merge remote-tracking branch 'origin/asconsign' | 24 November 2023, 07:51:35 UTC |
f955de1 | Richard Petri | 24 November 2023, 07:49:22 UTC | Merge remote-tracking branch 'origin/perk' | 24 November 2023, 07:49:22 UTC |
111ea35 | Richard Petri | 24 November 2023, 07:48:02 UTC | Merge remote-tracking branch 'origin/hawk' | 24 November 2023, 07:48:02 UTC |
a35e15b | Richard Petri | 24 November 2023, 07:45:36 UTC | Merge remote-tracking branch 'origin/mayo' | 24 November 2023, 07:45:36 UTC |
c2438e0 | Matthias J. Kannwischer | 24 November 2023, 07:41:59 UTC | turn into symlinks | 24 November 2023, 07:41:59 UTC |
3bac106 | Marc | 23 November 2023, 09:44:48 UTC | Adds HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be selected in config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" after the change). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). | 23 November 2023, 09:44:59 UTC |
8e19ad7 | Matthias J. Kannwischer | 23 November 2023, 09:07:07 UTC | add SPHINCS-alpha | 23 November 2023, 09:07:07 UTC |
b48968e | Marc | 22 November 2023, 16:28:46 UTC | Update HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be chosen config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" when changing it). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). The scheme HAETAE2 contains a reference implementation, which has been renamed from "clean" in previous commits to "ref". The reference implementation would run out of memory for schemes HAETAE3 and HAETAE5 and is therefore not included for these schemes. | 22 November 2023, 16:28:54 UTC |
fe44f74 | Marc | 22 November 2023, 16:13:43 UTC | Merge branch 'haetae_dev' into haetae | 22 November 2023, 16:13:43 UTC |
0bdc33e | Marc | 22 November 2023, 16:10:51 UTC | add clean implementation for HAETAE2 The clean implementation is only minimally changed from the reference implementation to conform with the PQM4 API. The clean implementation would run out of memory for HAETAE3 and HAETAE5 and is therefore not added for those modes. | 22 November 2023, 16:10:51 UTC |
a031ee4 | Marc | 22 November 2023, 14:56:35 UTC | add STACK_STRATEGY switch to config.h This implementation offers different stack strategies: * 0: Optimized for speed. * 1: Does not buffer the polynomials of the verification key in crypto_sign_keypair() and crypto_sign_signature(), thus reducing stack usage at the cost of some speed. * 2: In addition to 1, the hyperballs are sampled in multiple passes in crypto_sign_signature(), which reduces the stack usage for temporary variables. This roughly doubles the execution time of crypto_sign_signature(). | 22 November 2023, 14:56:44 UTC |
7eee34e | Marc | 21 November 2023, 22:58:03 UTC | compute challenge polynomial directly and sample hyperball coin deterministically * Move challenge seed generation from crypto_sign() to poly_challenge(). * Sample the random byte b deterministically inside of polyfixveclk_sample_hyperball(). It is used to: * determine the sign in hyperball sampling (bit mask 0x01) * reject with 50% odds in the overlap region (bit mask 0x02) * M4F version corresponds to reference version of 2023-11-20. | 22 November 2023, 07:33:13 UTC |
564ac86 | Marc | 20 November 2023, 23:01:11 UTC | initial commit of HAETAE M4F version corresponds to reference version of 2023-10-21. | 20 November 2023, 23:01:11 UTC |
92f0187 | Matthias J. Kannwischer | 16 November 2023, 06:32:42 UTC | Add SNOVA | 16 November 2023, 06:32:42 UTC |
ec5c844 | rpls | 15 November 2023, 15:56:12 UTC | Add progress bar support (#307) * Add progress bar support * Raise exit-code if tests fail * Update mupq * Add forgotten import * Update mupq | 15 November 2023, 15:56:12 UTC |
f8fdca2 | Matthias J. Kannwischer | 14 November 2023, 07:54:37 UTC | use pqm4/mupq sha2 | 14 November 2023, 07:54:37 UTC |
179b50b | Matthias J. Kannwischer | 14 November 2023, 07:11:47 UTC | Add cross-{sha2,sha3}-r-sdp{,g}-{1,3,5}-{small,fast} | 14 November 2023, 07:11:47 UTC |
f638ce6 | Matthias J. Kannwischer | 13 November 2023, 09:06:08 UTC | Add ascon-sign{128,192}{s,f}-{simple,robust} | 13 November 2023, 09:06:08 UTC |
c96e268 | Matthias J. Kannwischer | 07 November 2023, 07:22:21 UTC | Add perk perk-128-fast-{3,5} should be able to run on the 640 KB RAM board. The perk-{192,256}-short-* are out of reach even with 4 MB RAM in qemu, so I did not include those. The remaining ones run in 4 MB RAM, but won't run on the board. | 07 November 2023, 09:09:48 UTC |
135cca9 | Richard Petri | 07 November 2023, 07:26:49 UTC | Update mupq | 07 November 2023, 07:26:49 UTC |
2b7d336 | Matthias J. Kannwischer | 07 November 2023, 06:08:55 UTC | Add hawk{256,512,1024} | 07 November 2023, 06:08:55 UTC |
420726a | Matthias J. Kannwischer | 07 November 2023, 02:17:41 UTC | update skiplist | 07 November 2023, 02:17:41 UTC |
6eb3b6c | Matthias J. Kannwischer | 06 November 2023, 06:36:04 UTC | revert unnecessary change in aes-publicinputs.h | 07 November 2023, 02:13:33 UTC |
19418dd | Matthias J. Kannwischer | 02 November 2023, 08:30:57 UTC | remove benchmarks | 07 November 2023, 02:13:26 UTC |
aed4973 | Matthias J. Kannwischer | 30 October 2023, 03:11:38 UTC | switch to low-RAM test for ov-Ip | 07 November 2023, 02:13:22 UTC |
22ea5d8 | Matthias J. Kannwischer | 27 October 2023, 09:47:59 UTC | add OV benchmarks | 07 November 2023, 02:13:12 UTC |
f20d2b4 | Matthias J. Kannwischer | 24 October 2023, 15:06:48 UTC | add skiplist entries for OV | 07 November 2023, 02:13:03 UTC |
6b7b698 | Matthias J. Kannwischer | 24 October 2023, 14:58:11 UTC | add LICENSEs to OV | 07 November 2023, 02:13:02 UTC |
c4aaa78 | Matthias J. Kannwischer | 24 October 2023, 14:42:48 UTC | add ov-Ip{,-pkc,-pkc-skc} m4f implementations | 07 November 2023, 02:12:29 UTC |
9c69acb | Matthias J. Kannwischer | 07 November 2023, 02:07:21 UTC | update skiplist | 07 November 2023, 02:07:21 UTC |
d969ad4 | Matthias J. Kannwischer | 25 October 2023, 12:35:41 UTC | add reference implementation of MAYO | 07 November 2023, 02:04:04 UTC |
8582f47 | rpls | 07 November 2023, 02:01:45 UTC | Implement new stack measurement HAL API (#304) * Implement new stack measurement HAL API * update mupq to current master --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 07 November 2023, 02:01:45 UTC |
d2aa0e8 | Till Eifert | 06 November 2023, 07:22:16 UTC | BIKE: use mupq/mupq with latest BIKE implementation | 06 November 2023, 07:22:16 UTC |
d95087b | Till Eifert | 02 November 2023, 16:56:36 UTC | Merge branch 'mupq:master' into bike-round4 | 02 November 2023, 16:56:36 UTC |
52ff781 | Till Eifert | 02 November 2023, 15:46:02 UTC | BIKE: remove compile flag _USE_CCM_IF_STM32F4_ and related unused code. Intention was to make use of CCM (core coupled memory) to allow (specific) platforms to run schemes with more memory consumption. | 02 November 2023, 15:46:02 UTC |
6ea87b6 | Till Eifert | 26 October 2023, 15:22:43 UTC | BIKE remove outdated files (aes) and use symlinks for duplicate files between bike level 1 and bike level 3 | 27 October 2023, 08:37:55 UTC |
e21677c | Matthias J. Kannwischer | 27 October 2023, 07:21:41 UTC | output something if testvectors pass | 27 October 2023, 07:21:41 UTC |
5642fd9 | Till Eifert | 26 October 2023, 14:20:34 UTC | BIKE: minor changes to reduce compiler warnings | 26 October 2023, 14:20:34 UTC |
d5938b7 | Till Eifert | 26 October 2023, 13:49:10 UTC | BIKE update schemes opt and m4f to spec v5.1 verified with KATs and testvectors | 26 October 2023, 13:49:10 UTC |
46511c7 | rpls | 24 October 2023, 03:47:25 UTC | Small overhaul of OpenCM3 code, rework Nucleo-L4R5ZI target a bit, and add CW308T-STM32F415 target (#259) * Only compile the specific libopencm3 library needed * Add experimental support for CW308T-STM32F415 * Shut up the linker errors * Shut up unused parameter warning * Fix Keccaktest bin generation * Update libopencm3 * Adapt to renamed constants * Compile the board test with fast and slow clock * Use wrapped symbols instead of overriding * Overhaul clocking for L4R5ZI board | 24 October 2023, 03:47:25 UTC |
d4b1f5f | Richard Petri | 22 October 2023, 14:47:38 UTC | Update mupq | 22 October 2023, 14:48:30 UTC |
662a62b | Matthias J. Kannwischer | 14 September 2023, 07:30:46 UTC | Merge pull request #257 from mupq/dsprenkels-patch-citing Add a notice about citing original papers | 14 September 2023, 07:30:46 UTC |
39df6c8 | Amber Sprenkels | 13 September 2023, 09:09:21 UTC | Update README.md | 13 September 2023, 09:09:21 UTC |
37cd04c | Richard Petri | 08 September 2023, 20:50:12 UTC | Add a simple Keccak test | 08 September 2023, 20:50:12 UTC |
b816ece | Richard Petri | 08 September 2023, 20:29:13 UTC | Merge pull request #254 from aadomn/update_keccak Update Keccak-f[1600] implementation for better performance | 08 September 2023, 20:46:27 UTC |
5c3cb35 | rpls | 08 September 2023, 20:22:05 UTC | Merge pull request #256 from JunhaoHuang/master Solve a bug in Kyber768 m4fspeed implementation | 08 September 2023, 20:22:05 UTC |
18fbd5e | Richard Petri | 08 September 2023, 20:04:54 UTC | Fix problem with secondary expansion for target specifc variable | 08 September 2023, 20:04:54 UTC |
bd950cf | Huang Junhao | 26 July 2023, 06:43:51 UTC | basemul_asm_acc_opt_32_32 add push r11 | 26 July 2023, 06:43:51 UTC |
91f3d88 | Alexandre Adomnicai | 26 May 2023, 19:05:28 UTC | Update Keccak-f[1600] implementation for better performance | 26 May 2023, 19:05:28 UTC |
a525417 | Matthias J. Kannwischer | 25 May 2023, 07:38:14 UTC | add aes-publicinputs for code on the host | 25 May 2023, 07:38:14 UTC |
1eeb74e | Matthias J. Kannwischer | 08 November 2022, 05:17:17 UTC | skip aarch64 implementations when building all schemes via make | 08 November 2022, 05:17:17 UTC |
918f379 | Matthias J. Kannwischer | 07 November 2022, 09:35:49 UTC | Remove schemes that are no longer under consideration by NIST (#238) * remove schemes that are no longer under consideration by NIST * bump pqclean to r4 * update mupq * update mupq * Remove SIKE SIKE got broken by https://eprint.iacr.org/2022/975 The SIKE team acknowledged it in https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/round-4/submissions/sike-team-note-insecure.pdf * Make falcon work with namespaced randombytes * bump pqclean once more * update benchmarks with Arm GNU Toolchain 11.3.Rel1 * add correct version of the compiler * clean up excluded schemes * Update README.md | 07 November 2022, 09:35:49 UTC |