Skip to content

Commit

Permalink
Kyber/Dilithium copy_from_upstream (#1088)
Browse files Browse the repository at this point in the history 
* Kyber/Dilithium copy_from_upstream

* Updated algorithm docs
  • Loading branch information
@bhess
bhess authored Sep 13, 2021
1 parent 86bfbf4 commit 75b648e
Show file tree
Hide file tree
Showing 52 changed files with 217 additions and 323 deletions.
32 changes: 16 additions & 16 deletions docs/algorithms/kem/kyber.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
- **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
- **Authors' website**: https://pq-crystals.org/
- **Specification version**: NIST Round 3 submission.
- **Implementation source**: https://github.com/pq-crystals/kyber/commit/8e9308bd with copy_from_upstream patches
- **Implementation source**: https://github.com/pq-crystals/kyber/commit/faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2 with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: CC0-1.0.

## Parameter set summary
Expand All @@ -25,18 +25,18 @@
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.

## Kyber512-90s implementation characteristics

| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

Expand All @@ -45,16 +45,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

## Kyber768-90s implementation characteristics

| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

Expand All @@ -63,16 +63,16 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AVX2,BMI2,POPCNT | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AVX2,POPCNT,BMI2 | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

## Kyber1024-90s implementation characteristics

| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | AES,AVX2,BMI2,POPCNT | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:--------------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| ref | All | All | None | True | True | False |
| avx2 | x86\_64 | Linux,Darwin | SSE2,POPCNT,BMI2,SSSE3,AVX2,AES | True | True | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

Expand Down
34 changes: 20 additions & 14 deletions docs/algorithms/kem/kyber.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ website: https://pq-crystals.org/
nist-round: 3
spec-version: NIST Round 3 submission
spdx-license-identifier: CC0-1.0
upstream: https://github.com/pq-crystals/kyber/commit/8e9308bd with copy_from_upstream
patches
upstream: https://github.com/pq-crystals/kyber/commit/faf5c3fe33e0b61c7c8a7888dd862bf5def17ad2
with copy_from_upstream patches
parameter-sets:
- name: Kyber512
claimed-nist-level: 1
Expand All @@ -44,8 +44,8 @@ parameter-sets:
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
Expand Down Expand Up @@ -75,10 +75,12 @@ parameter-sets:
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- sse2
- popcnt
- bmi2
- ssse3
- avx2
- aes
common-crypto:
- AES: pqcrystals-kyber_common_aes
- SHA3: liboqs
Expand Down Expand Up @@ -109,8 +111,8 @@ parameter-sets:
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
Expand Down Expand Up @@ -140,10 +142,12 @@ parameter-sets:
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- sse2
- popcnt
- bmi2
- ssse3
- avx2
- aes
common-crypto:
- AES: pqcrystals-kyber_common_aes
- SHA3: liboqs
Expand Down Expand Up @@ -174,8 +178,8 @@ parameter-sets:
- Darwin
required_flags:
- avx2
- bmi2
- popcnt
- bmi2
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
Expand Down Expand Up @@ -205,10 +209,12 @@ parameter-sets:
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- sse2
- popcnt
- bmi2
- ssse3
- avx2
- aes
common-crypto:
- AES: pqcrystals-kyber_common_aes
- SHA3: liboqs
Expand Down
Loading

0 comments on commit 75b648e

Please sign in to comment.