-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ML-KEM / FIPS203 final #1899
Conversation
Even though just a draft, allow me to comment that this LGTM:
--> This leads me to suggest including this PR also already in the next release. Any reason to wait? |
Add ACVP vectors for ML-KEM Signed-off-by: Basil Hess <[email protected]>
Signed-off-by: Basil Hess <[email protected]>
5780779
to
062e793
Compare
Signed-off-by: Basil Hess <[email protected]>
Signed-off-by: Basil Hess <[email protected]>
Thanks for the feedback @baentsch . The PR is conceptually ready - docs are updated and ct-tests pass, so moving it to "ready for review". In the meanwhile, TLS hybrid code points for ML-KEM are available (open-quantum-safe/oqs-provider#503) as well as NIST OIDs (https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration), so it should be ok to include this in a release. As far as I've seen the ML-KEM changes from -ipd to final are minor: Encaps/Decaps didn't change, keygen had one change in the initial seed (one byte is added to the seed). I wouldn't see a big issue to just removing the -ipd variant given this minor change. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the integration. Looking over it, it indeed mostly seems like a removal of the "-ipd" moniker -- making downstream integration (at least in oqsprovider
) seamless. Thus OK to merge even without tracker PR there (basically, it'll just be an OID update if I'm not mistaken, right, @bhess ?).
Thanks @bhess! This is really important work, great to have it completed. I haven't heard any use of -ipd, so I'm personally in favour of dropping it immediately. If we wanted to be thorough, we could make a discussion forum post asking for feedback on that, send an email to our mailing lists pointing people to that, and give it say one week, then make a decision based on that. |
Adds ML-KEM from FIPS203
The PR removes the previous ML-KEM-ipd implementation, as initially suggested in #1891.
Technically it would be possible to support both ML-KEM and ML-KEM-ipd (e.g. to give potential users of -ipd the possibility to phase it out over the next release).
TODOs:
Partially-fixes #1891.