Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add XMSS-SHAKE256_{10, 16, 20}_256 parameters #1819

Merged
merged 2 commits into from
Jun 25, 2024
Merged

Add XMSS-SHAKE256_{10, 16, 20}_256 parameters #1819

merged 2 commits into from
Jun 25, 2024

Conversation

cothan
Copy link
Contributor

@cothan cothan commented Jun 8, 2024
edited
Loading

Signed-off-by: Duc Tri Nguyen [email protected]

Base on #1818. Please review #1818 first.

  • Add additional XMSS-SHAKE256{10, 16, 20}_256 parameters to meet NIST SP 800 208.
  • Add emoji to Table parameters sig_stfl_xmss.h, I hope it's helpful and save developer time.
  • Add KATs.
  • Add tests.
  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider will also need to be ready for review and merge by the time this is merged.)

The XMSS parameter table looks like this:


/*
 * | Algorithms                    | oid  | sk (b) | pk (b) | sig (b) | n  | RFC8391 | NIST SP 800-208 | CNSA 2.0 |
 * |-------------------------------|------|--------|--------|---------|----| ------- | --------------- | -------- |
 * | XMSS-SHA2_10_256              | 0x01 |  1373  |   64   |  2500   | 32 |    ✅   |       ✅        |    ✅    |
 * | XMSS-SHA2_16_256              | 0x02 |  2093  |   64   |  2692   | 32 |    ✅   |       ✅        |    ✅    |
 * | XMSS-SHA2_20_256              | 0x03 |  2573  |   64   |  2820   | 32 |    ✅   |       ✅        |    ✅    |
 *
 * | XMSS-SHAKE_10_256             | 0x07 |  1373  |   64   |  2500   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSS-SHAKE_16_256             | 0x08 |  2093  |   64   |  2692   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSS-SHAKE_20_256             | 0x09 |  2573  |   64   |  2820   | 32 |    ✅   |       ❌        |    ❌    |
 *
 * | XMSS-SHA2_10_512              | 0x04 |  2653  |  128   |  9092   | 64 |    ✅   |       ❌        |    ❌    |
 * | XMSS-SHA2_16_512              | 0x05 |  4045  |  128   |  9476   | 64 |    ✅   |       ❌        |    ❌    |
 * | XMSS-SHA2_20_512              | 0x06 |  4973  |  128   |  9732   | 64 |    ✅   |       ❌        |    ❌    |
 *
 * | XMSS-SHAKE_10_512             | 0x0a |  2653  |  128   |  9092   | 64 |    ✅   |       ❌        |    ❌    |
 * | XMSS-SHAKE_16_512             | 0x0b |  4045  |  128   |  9476   | 64 |    ✅   |       ❌        |    ❌    |
 * | XMSS-SHAKE_20_512             | 0x0c |  4973  |  128   |  9732   | 64 |    ✅   |       ❌        |    ❌    |
 *
 * | XMSS-SHA2_10_192              | 0x0d |  1053  |   48   |  1492   | 24 |    ❌   |       ✅        |    ✅    |
 * | XMSS-SHA2_16_192              | 0x0e |  1605  |   48   |  1636   | 24 |    ❌   |       ✅        |    ✅    |
 * | XMSS-SHA2_20_192              | 0x0f |  1973  |   48   |  1732   | 24 |    ❌   |       ✅        |    ✅    |
 *
 * | XMSS-SHAKE256_10_256          | 0x10 |  1373  |   64   |  2500   | 32 |    ❌   |       ✅        |    ✅    |
 * | XMSS-SHAKE256_16_256          | 0x11 |  2093  |   64   |  2692   | 32 |    ❌   |       ✅        |    ✅    |
 * | XMSS-SHAKE256_20_256          | 0x12 |  2573  |   64   |  2820   | 32 |    ❌   |       ✅        |    ✅    |
 *
 * | XMSS-SHAKE256_10_192          | 0x13 |  1053  |   48   |  1492   | 24 |    ❌   |       ✅        |    ✅    |
 * | XMSS-SHAKE256_16_192          | 0x14 |  1605  |   48   |  1636   | 24 |    ❌   |       ✅        |    ✅    |
 * | XMSS-SHAKE256_20_192          | 0x15 |  1973  |   48   |  1732   | 24 |    ❌   |       ✅        |    ✅    |
 *
 * | XMSSMT-SHA2_20/2_256          | 0x01 |  5998  |   64   |  4963   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_20/4_256          | 0x02 | 10938  |   64   |  9251   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_40/2_256          | 0x03 |  9600  |   64   |  5605   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_40/4_256          | 0x04 | 15252  |   64   |  9893   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_40/8_256          | 0x05 | 24516  |   64   | 18469   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_60/3_256          | 0x06 | 16629  |   64   |  8392   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_60/6_256          | 0x07 | 24507  |   64   | 14824   | 32 |    ✅   |       ✅        |    ❌    |
 * | XMSSMT-SHA2_60/12_256         | 0x08 | 38095  |   64   | 27688   | 32 |    ✅   |       ✅        |    ❌    |
 *
 * | XMSSMT-SHAKE_20/2_256         | 0x11 |  5998  |   64   |  4963   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_20/4_256         | 0x12 | 10938  |   64   |  9251   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_40/2_256         | 0x13 |  9600  |   64   |  5605   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_40/4_256         | 0x14 | 15252  |   64   |  9893   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_40/8_256         | 0x15 | 24516  |   64   | 18469   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_60/3_256         | 0x16 | 16629  |   64   |  8392   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_60/6_256         | 0x17 | 24507  |   64   | 14824   | 32 |    ✅   |       ❌        |    ❌    |
 * | XMSSMT-SHAKE_60/12_256        | 0x18 | 38095  |   64   | 27688   | 32 |    ✅   |       ❌        |    ❌    |
 */

This table reflects what are in the RFC8391, NIST SP 800-208 and CNSA 2.0.
I believe jotting this down is helpful.

@cothan cothan force-pushed the add_xmss_shake256-16-16-20-256_parameters branch from 67f4cd5 to 23490d3 Compare June 8, 2024 22:00
@cothan cothan force-pushed the add_xmss_shake256-16-16-20-256_parameters branch from 23490d3 to cbfa38c Compare June 18, 2024 03:39
@cothan cothan marked this pull request as ready for review June 18, 2024 04:14
@cothan cothan requested a review from dstebila as a code owner June 18, 2024 04:14
@cothan cothan requested review from ashman-p and SWilson4 and removed request for dstebila June 18, 2024 04:14
cothan added 2 commits June 18, 2024 14:35
@cothan
add XMSS-SHAKE256_*_256 parameters
ffd7c61 
Signed-off-by: Duc Tri Nguyen <[email protected]>
@cothan
[trigger downstream]
2682fa5 
Signed-off-by: Duc Tri Nguyen <[email protected]>
@cothan cothan force-pushed the add_xmss_shake256-16-16-20-256_parameters branch from 1c7e7e3 to 2682fa5 Compare June 18, 2024 18:35
@cothan
Copy link
Contributor Author

cothan commented Jun 23, 2024

Hi @ashman-p , can you take a look at the PR?

@cothan cothan merged commit 51ddd33 into main Jun 25, 2024
114 checks passed
@cothan cothan deleted the add_xmss_shake256-16-16-20-256_parameters branch June 25, 2024 15:29
@BrewTestBot BrewTestBot mentioned this pull request Sep 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SWilson4 SWilson4 SWilson4 approved these changes

@ashman-p ashman-p ashman-p approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cothan @ashman-p @SWilson4