Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PQC: Implement draft RFC for ML-DSA with Ed25519 #13

Merged
merged 5 commits into from
Nov 25, 2024
Merged

PQC: Implement draft RFC for ML-DSA with Ed25519 #13

merged 5 commits into from
Nov 25, 2024

Conversation

larabr
Copy link

@larabr larabr commented Mar 18, 2024
edited
Loading

Split from #10 .

ML-DSA implementation of draft-wussler-openpgp-pqc.

TODO:

  • OpenPGP: update algo IDs to use experimental values?
  • OpenPGP: add ML-DSA key validation code
  • Core: use/implement NIST spec for algos, instead of round 3 implementations
    • Use standard NIST version
  • Core: pick/confirm PQC lib
    • benchmarks? (+ performance/size ratio?)
    • Noble
    • for AgustinSRG/crystals-dilithium-js (written for Node only):
      • remove Buffer code
      • remove "duplicate" SHA3/SHAKE code (use noble-hashes, or wasm)
      • test the random poly generator(s)
    • other existing WASM-compiled libs:
      • take message as input instead of digest
  • Core: would use WASM for selected ops provide considerable speedup? JS seems fast enough on its own
    • Dilithium has 64-bit multiplications
    • Can we take advantage of SSE (also for the underlying SHAKE)? AVX2 is not supported by WASM yet
      • Yes for AES256ctr (irrelevant, only used in AES variant)
      • Reference code only has AVX2 code for the rest
  • Testing: add test vectors for keys/signature/messages when available
  • Testing: update ML-DSA final test vectors from RFC when ready
  • Future: add SHOULD algorithms? (Ed448 and SH-DSA)
  • Merge after PQC: Implement draft RFC for ML-KEM with X25519 #10

@larabr larabr force-pushed the v6 branch 2 times, most recently from ddb87a4 to 4364eae Compare May 17, 2024 14:02
@larabr larabr force-pushed the pqc-dsa branch 3 times, most recently from 53f00fe to e0bd52c Compare July 9, 2024 13:39
@larabr larabr force-pushed the pqc-dsa branch 2 times, most recently from 2c3fdc2 to 8c54e04 Compare October 21, 2024 17:04
@larabr larabr deleted the branch main November 6, 2024 13:06
@larabr larabr closed this Nov 6, 2024
@larabr larabr reopened this Nov 6, 2024
@larabr larabr requested a review from twiss November 6, 2024 15:19
@larabr larabr force-pushed the pqc-dsa branch 3 times, most recently from 263300d to 463495b Compare November 25, 2024 09:45
@larabr larabr changed the base branch from v6 to main November 25, 2024 09:48
@larabr larabr marked this pull request as ready for review November 25, 2024 13:26
@larabr larabr merged commit a5eb714 into main Nov 25, 2024
12 of 13 checks passed
larabr added a commit that referenced this pull request Nov 25, 2024
@larabr
PQC: Implement draft RFC for ML-DSA with Ed25519 (#13)
7d41db4 
Implements Draft 6
(https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/06/).

Also, chunk ML-KEM and ML-DSA together in lightweight bundle.
Noble-curves had to be updated to v1.7.0 to ensure the same
version of noble-hashes is used as noble-post-quantum,
making it possible to reuse the sha3 code/chunk across libs.
larabr added a commit that referenced this pull request Nov 25, 2024
@larabr
PQC: Implement draft RFC for ML-DSA with Ed25519 (#13)
b60c5d5 
Implements Draft 6
(https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/06/).

Also, chunk ML-KEM and ML-DSA together in lightweight bundle.
Noble-curves had to be updated to v1.7.0 to ensure the same
version of noble-hashes is used as noble-post-quantum,
making it possible to reuse the sha3 code/chunk across libs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twiss twiss Awaiting requested review from twiss

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@larabr