Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 #7622

Merged
merged 1 commit into from
Jun 19, 2024

Conversation

SparkiDev
Copy link
Contributor

Description

Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard. Implementation include making a key, signing and verification. Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.

Testing

./configure '--enable-experimental' '--enable-dilithium'

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@SparkiDev SparkiDev self-assigned this Jun 6, 2024
@SparkiDev SparkiDev force-pushed the ml-dsa branch 23 times, most recently from c3fcb5f to cde10ca Compare June 13, 2024 12:37
@SparkiDev SparkiDev force-pushed the ml-dsa branch 4 times, most recently from 4f499bf to 566d383 Compare June 14, 2024 02:08
@SparkiDev SparkiDev assigned wolfSSL-Bot and unassigned SparkiDev Jun 14, 2024
@SparkiDev SparkiDev requested a review from wolfSSL-Bot June 14, 2024 03:03
Copy link
Contributor

@douzzer douzzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(analyzer report sent separately)

also note that settings.h should be updated to require WOLFSSL_EXPERIMENTAL_SETTINGS if HAVE_DILITHIUM is defined.

@douzzer douzzer assigned SparkiDev and unassigned wolfSSL-Bot Jun 14, 2024
@SparkiDev SparkiDev force-pushed the ml-dsa branch 3 times, most recently from b84a256 to 19ab23c Compare June 17, 2024 08:40
@SparkiDev SparkiDev assigned douzzer and wolfSSL-Bot and unassigned SparkiDev Jun 17, 2024
@SparkiDev SparkiDev force-pushed the ml-dsa branch 2 times, most recently from 7d7604b to fe0a46f Compare June 18, 2024 08:49
@dgarske
Copy link
Contributor

dgarske commented Jun 18, 2024

Testing results on STM32H7A3 Cortex M7 at 240MHz:

Testing with build options:

#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define HAVE_DILITHIUM
#define WOLFSSL_WC_DILITHIUM
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
#define WOLFSSL_SHA3
SHA3-224                     1 MiB took 1.015 seconds,    1.131 MiB/s
SHA3-256                     1 MiB took 1.004 seconds,    1.070 MiB/s
SHA3-384                   850 KiB took 1.008 seconds,  843.254 KiB/s
SHA3-512                   600 KiB took 1.015 seconds,  591.133 KiB/s
SHAKE128                     1 MiB took 1.012 seconds,    1.303 MiB/s
SHAKE256                     1 MiB took 1.004 seconds,    1.070 MiB/s
HMAC-SHA256                  2 MiB took 1.007 seconds,    2.085 MiB/s
RSA     2048   public        88 ops took 1.000 sec, avg 11.364 ms, 88.000 ops/sec
RSA     2048  private         4 ops took 1.592 sec, avg 398.000 ms, 2.513 ops/sec
DH      2048  key gen         6 ops took 1.137 sec, avg 189.500 ms, 5.277 ops/sec
DH      2048    agree         6 ops took 1.141 sec, avg 190.167 ms, 5.259 ops/sec
ECC   [      SECP256R1]   256  key gen       218 ops took 1.004 sec, avg 4.606 ms, 217.131 ops/sec
ECDHE [      SECP256R1]   256    agree       110 ops took 1.000 sec, avg 9.091 ms, 110.000 ops/sec
ECDSA [      SECP256R1]   256     sign       100 ops took 1.012 sec, avg 10.120 ms, 98.814 ops/sec
ECDSA [      SECP256R1]   256   verify        64 ops took 1.003 sec, avg 15.672 ms, 63.809 ops/sec
ML-DSA    44  key gen        56 ops took 1.000 sec, avg 17.857 ms, 56.000 ops/sec
ML-DSA    44     sign        16 ops took 1.028 sec, avg 64.250 ms, 15.564 ops/sec
ML-DSA    44   verify        52 ops took 1.016 sec, avg 19.538 ms, 51.181 ops/sec
ML-DSA    65  key gen        34 ops took 1.035 sec, avg 30.441 ms, 32.850 ops/sec
ML-DSA    65     sign        12 ops took 1.075 sec, avg 89.583 ms, 11.163 ops/sec
ML-DSA    65   verify        32 ops took 1.016 sec, avg 31.750 ms, 31.496 ops/sec
ML-DSA    87  key gen        20 ops took 1.020 sec, avg 51.000 ms, 19.608 ops/sec
ML-DSA    87     sign         6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
ML-DSA    87   verify        20 ops took 1.051 sec, avg 52.550 ms, 19.029 ops/sec

Results adding WOLFSSL_DILITHIUM_SMALL:

SHA3-224                     1 MiB took 1.012 seconds,    1.134 MiB/s
SHA3-256                     1 MiB took 1.000 seconds,    1.074 MiB/s
SHA3-384                   850 KiB took 1.004 seconds,  846.614 KiB/s
SHA3-512                   600 KiB took 1.016 seconds,  590.551 KiB/s
SHAKE128                     1 MiB took 1.007 seconds,    1.309 MiB/s
SHAKE256                     1 MiB took 1.004 seconds,    1.070 MiB/s
HMAC-SHA256                  1 MiB took 1.000 seconds,    1.270 MiB/s
RSA     2048   public        88 ops took 1.020 sec, avg 11.591 ms, 86.275 ops/sec
RSA     2048  private         4 ops took 1.522 sec, avg 380.500 ms, 2.628 ops/sec
DH      2048  key gen         6 ops took 1.121 sec, avg 186.833 ms, 5.352 ops/sec
DH      2048    agree         6 ops took 1.117 sec, avg 186.167 ms, 5.372 ops/sec
ECC   [      SECP256R1]   256  key gen       218 ops took 1.008 sec, avg 4.624 ms, 216.270 ops/sec
ECDHE [      SECP256R1]   256    agree       114 ops took 1.000 sec, avg 8.772 ms, 114.000 ops/sec
ECDSA [      SECP256R1]   256     sign       100 ops took 1.000 sec, avg 10.000 ms, 100.000 ops/sec
ECDSA [      SECP256R1]   256   verify        66 ops took 1.008 sec, avg 15.273 ms, 65.476 ops/sec
ML-DSA    44  key gen        54 ops took 1.008 sec, avg 18.667 ms, 53.571 ops/sec
ML-DSA    44     sign        18 ops took 1.090 sec, avg 60.556 ms, 16.514 ops/sec
ML-DSA    44   verify        48 ops took 1.039 sec, avg 21.646 ms, 46.198 ops/sec
ML-DSA    65  key gen        30 ops took 1.000 sec, avg 33.333 ms, 30.000 ops/sec
ML-DSA    65     sign         8 ops took 1.192 sec, avg 149.000 ms, 6.711 ops/sec
ML-DSA    65   verify        30 ops took 1.062 sec, avg 35.400 ms, 28.249 ops/sec
ML-DSA    87  key gen        20 ops took 1.094 sec, avg 54.700 ms, 18.282 ops/sec
ML-DSA    87     sign        10 ops took 1.255 sec, avg 125.500 ms, 7.968 ops/sec
ML-DSA    87   verify        18 ops took 1.059 sec, avg 58.833 ms, 16.997 ops/sec

Code size difference is 6520 bytes (.text: normal=237228, small=230708)

dgarske
dgarske previously approved these changes Jun 18, 2024
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
Copy link
Contributor

@douzzer douzzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fantabulous!

now passing quantum-safe-wolfssl-all-gcc-latest quantum-safe-wolfssl-all-clang-tidy quantum-safe-wolfssl-all-intelasm-sp-asm-sanitizer quantum-safe-wolfssl-all-noasm-sanitizer quantum-safe-wolfssl-all-noasm-smallstack-sanitizer quantum-safe-wolfssl-all-crypto-only-noasm-linuxkm-insmod quantum-safe-wolfssl-all-noasm-stack-sizes quantum-safe-wolfssl-all-crypto-only-benchmark-sanitizer quantum-safe-wolfssl-all-cppcheck quantum-safe-wolfssl-all-cross-aarch64-armasm-unittest-sanitizer with --enable-dilithium added to ALL_NATIVE_QUANTUM_SAFER and -DWOLFSSL_DILITHIUM_ALIGNMENT=8 added to noasm sanitizer builds.

@douzzer douzzer merged commit 38c7327 into wolfSSL:master Jun 19, 2024
117 checks passed
xv-ian-c added a commit to expressvpn/wolfssl-rs that referenced this pull request Sep 3, 2024
Moving from v5.6.6-stable we are picking up:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
(there was no 5.7.1)

Our `disable-falcon-dilithium.patch` required an update, likely due to the
changes in wolfSSL/wolfssl#7622.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants