Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync algs with liboqs and oqs-provider #124

Merged
merged 1 commit into from
Sep 19, 2024

Conversation

pi-314159
Copy link
Member

No description provided.

* Add CROSS
* Update ML-KEM
@pi-314159 pi-314159 requested a review from baentsch September 16, 2024 08:02
Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I understand this PR: This seems to be removing for example p256_falcon512: Why? In which way does this sync with liboqs?

@pi-314159
Copy link
Member Author

@baentsch Although I've added hybrid signatures to OQS-BoringSSL, I prefer to keep the clienthello size small by not enabling them by default. However, we do need to test these hybrid signature algorithms. Since we only have four types—p256_*, p384_*, p521_*, and rsa3072_*—I've decided to enable one algorithm from each type for testing purposes. Specifically, I've enabled:

  • p256_mldsa44
  • p384_mldsa65
  • p521_mldsa87
  • rsa3072_falcon512

This setup is easy to remember: mldsa with elliptic curves and falcon with rsa3072. It's a clean and straightforward way to track which algorithms are enabled.

@pi-314159 pi-314159 requested a review from baentsch September 16, 2024 08:21
@pi-314159 pi-314159 changed the title Sync algs with liboqs Sync algs with liboqs and oqs-provider Sep 16, 2024
@pi-314159
Copy link
Member Author

@baentsch Do you have any additional comments? If not, I'll go ahead and merge this PR. I'll update the commit message to include that "we changed the default hybrid signature algorithms."

@baentsch
Copy link
Member

@baentsch Do you have any additional comments? If not, I'll go ahead and merge this PR. I'll update the commit message to include that "we changed the default hybrid signature algorithms."

And that actually is the purpose of the PR, no "sync with liboqs/oqsprovider", right? Wouldn't it be fair to say that this PR creates a stronger difference between oqsprovider and boringssl even? If so, should this be documented somewhere so users understand (the rationale)?

@pi-314159
Copy link
Member Author

@baentsch It syncs with oqs-provider by updating the ML-KEM code points.
Anyway I'll label it as "update algorithms," and the commit message will be:

  • Add CROSS
  • Update ML-KEM
  • Change default enabled hybrid signature algorithms

I think it's clear that oqs-boringssl supports only a subset of algorithms available in oqs-provider.

Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK as per

label it as "update algorithms," and the commit message will be:

Add CROSS
Update ML-KEM
Change default enabled hybrid signature algorithms

@pi-314159 pi-314159 merged commit d3ab1f9 into open-quantum-safe:master Sep 19, 2024
4 checks passed
@pi-314159 pi-314159 deleted the 20240916 branch September 19, 2024 05:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants