Fix for alg_support.cmake #1716
Conversation
Isn't that confusing? If a user wants standardized algorithms to be present, why present non-standardized name(s), particularly considering the algs are present under their standardized name(s)? |
Initially I had interpreted "STD" to mean "standards-track", because the various algorithms we had in there were not necessarily standards yet, but were on their way to standardization. Under that interpretation, having the "ipd" algorithms in there makes sense. But not everyone may have that interpretation. |
Indeed, initially "STD" meant "standards-track" -- but time has moved on and NIST made standardization decisions, so IMO "STD" now means exactly what is documented: "STD" selecting all algorithms standardized by NIST. |
|
NIST described the algorithms as Candidates to be Standardized, so I still interpret "STD" as standards-track at the moment. I think the relevant information is that there is a possibility that the algorithms are still changed before the final standard, and none of the algorithms in the STD list are a final standard yet. |
The link quoted above is from 2022. Time has moved on and FIPS-203 has been published, clearly designating the term "ML-KEM" as a standard:
I'd concede that it might be prudent to introduce a new algorithm class ("below" STD) as for example "STD-track" to list the algs that probably are subject to re-naming. If you want to do this in this PR, fine with me. But then again, this whole discussion aims to make life easier for consumers of the library (not having to adapt their integrations, configs and code to algorithm name changes). This of course only is a concern in case we want to make OQS more "production oriented", which I want to move towards. Accordingly I think retaining the "ipd" moniker is wrong, misleading and means lots of additional work (here and in all downstreams, now and in the future). |
|
Thanks for the feedback @baentsch @dstebila ! I think it's good to have this discussion about what "STD" means and what the requirements on naming and algorithms are. If I understand your comment @baentsch you mainly consider "STD" algorithms with "names that won't change". My interpretation was more on the lines of "algorithm compatibility won't break".
Although the ML-KEM name seems fixed for the final standard, it's still FIPS 203 (draft) and afaik the information on the 2022 page still holds: [.."After the close of the comment period, NIST will revise the draft standards as appropriate based on the feedback received."].
I'm with you with the goal to make life easier for consumers of the library. The alias feature was meant to allow the use case you promote to always track the latest algorithm version without name changes (for consumers accepting that future versions of the algorithm might be not compatible).
Agreed that the two classes make sense. Not sure if there is a consensus yet about what algorithms go to "STD" and "STD-track". Also, with this PR algorithm names and their alias are always both available and can be used interchangeably (e.g., either "ipd" can be used for forward-compatibility or "non-ipd" for stable names). |
Hmm... Two questions to check out this argument:
My understanding so far was that OIDs represent algorithms (and their versions) in certificates, but maybe I'm wrong. If so, we can also relax the requirement for proper OID management as per open-quantum-safe/oqs-provider#351 and move it to "management by names". I'd consider this dead wrong, but welcome comments.
Proposal:
This exactly is what I don't agree with as sensible: The two cannot and shall not be used interchangeably: -ipd IMO is a non-persistent name; it's the first (and hopefully only) name in Undisputed is that this PR fixes bugs, though, so I'm approving just because of this, not because I agree with your intentions -- which I infer from
You want to establish these names and along with that, the need to maintain this code for a long time -- really through space and time: The former denotes the availability of "-ipd" in all OQS downstreams, the latter means OQS will never be able to drop it -- and even have to support this code base in addition to the standardized one if and when someone eventually decides to afford some "production qualities" to |
|
The aliases give the possibility to support different versions at the same time. I don't see why you imply that algorithms therefore need to be supported forever. I also don't mean to replace OIDs in certificates with names, but simply to support a use case where libOQS can be used (by software handling certificates) with different versions at the same time. I don't see a different way to do this other than a separate identifier.
It seemed logical to me that the name and the alias are either both available or none, since they are the same algorithm. But I don't have a strong enough opinion on it to insist. I'm ok to update the PR to change this: for example, activating the ML-DSA macros won't automatically activate the ML-DSA-ipd macro (and vice versa). |
I don't imply this. You introduce this demand with the statement
Additionally you state,
"different versions at the same time" exactly states that you want to keep supporting "ml-kem/dsa-ipd" for an unspecified "future" in parallel to the standardized "ml-kem/dsa"
Me neither. We simply need to accept your demand to retain several versions of the same algorithm in the library at the same time. We have not done this so far -- one reason for which was to reduce the support and testing effort. An obvious alternative to support your use case is to create a "legacy provider" supporting old OIDs (e.g., those that you currently reserved for ml-dsa-ipd) built against a version of
That would be a great (re)solution. That way we can manage these two separate algorithms separately. Yes, I know, right now they are identical -- and may well remain so; but if there's a different "ipd2" or final standard, we're covered and can prune "-ipd" without impacting the downstreams. |
bhess
force-pushed
the
bhe-algsupport-fix
branch
from
3f7885c to
97d7b6a
Compare
It's now integrated with the latest commit. |
| @@ -6,6 +6,7 @@ | |||
|
|
|||
| #if defined(OQS_ENABLE_KEM_classic_mceliece_348864) | |||
|
|
|||
| #if defined(OQS_ENABLE_KEM_classic_mceliece_348864) | |||
There was a problem hiding this comment.
yeah this is superfluous, updated it to avoid the duplication.
There was a problem hiding this comment.
Thanks for working through this and addressing my previous comment(s) @bhess ! This seems LGTM (resolving the issues) but there seems to be a (hopefully minor) snafu in the generator scripts causing the PR to touch so (too?) many files. Can you please take a look?
Thank you for the feedback. I've updated the PR to avoid the generator scripts touching the unrelated files. |
- Updates alg_support fragments: ensure that dependencies (aliases and platform-specific code) are activated after applying filter_algs - Adds bike_l5 to NIST_R4 algorithms
bhess
force-pushed
the
bhe-algsupport-fix
branch
from
f004b92 to
19ccc26
Compare
* Ensure aliases are activated with cmake * Updates alg_support fragments: ensure that dependencies (aliases and platform-specific code) are activated after applying filter_algs * Adds bike_l5 to NIST_R4 algorithms * add CI test for aliases * remove ml_kem ipds from STD filter_algs * decouple name and alias * fixing vector tests Signed-off-by: Eddy Kim <Eddy.M.Kim@outlook.com>
Addresses the following cases:
-DOQS_ALGS_ENABLED=STD, I still expect the aarch64 (or avx2) variants available by default if they are supported on the target machine.-DOQS_ALGS_ENABLED=STD,I expect both ml-dsa-44-ipd and its alias ml-dsa-44 to be available, although only the alias was specified in the "STD" list.ml-dsa-44 is added to the STD list but not ml-dsa-44-ipdIt's addressed by refactoring alg_support.cmake and the fragments that generate it, by moving the cmake statements to conditionally activate platform-specific code and aliases below the calls to "filter_algs". filter_algs would otherwise remove these dependencies.
Adds a test to CI to check if both a ml-dsa-ipd and a ml-dsa alias is available with the STD build.
Adds missing bike_l5 to the NIST_R4 algs list (unless this variant wasn't there intentionally).
Fixes #1703
Fixes #1704