-
Notifications
You must be signed in to change notification settings - Fork 476
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIST CAVP validation of liboqs ML-DSA algorithm #1931
Comments
Thanks for the question, @stauro79. I'm not aware of any plans to do this, though perhaps it's something we could do after the final standard is integrated (in 0.12.0). That said, I imagine we'd want to have a very stable implementation of any algorithm we have certified: perhaps this would be a good criterion for a future 1.0.0 release? Assuming you're a (possibly potential) consumer of liboqs, is CAVP validation something that you would find valuable and/or essential? |
Thanks @SWilson4 . Yes it is essential as there is a requirement to use/deploy CAVP validated cryptographic algorithms |
Well, correct me if I'm wrong, but isn't this but one (of many) ways to ascertain a specific product conforms to the NIST standards (though admittedly the most automated and convenient one)? If so, three thoughts and one question on this:
|
I believe @ashman-p had been looking at the CAVP test vectors. |
ML-KEM in liboqs is currently tested against NIST's static ACVP vectors. Planning to do the same for the ML-DSA integration. AFAIK the same type of tests are performed during a certification. |
Great! Thanks for reminding (at least me). And the reason we're not landing #1919 is because we're waiting on APIs to become available enabling this test, right? Just for my personal curiosity now: There's no such additional API needed for MLKEM? And to the rest of the team: What are our plans wrt SLH-DSA in this regard? Worth while adding to #1894? |
Thanks @baentsch. yes, validation would apply to all the PQC algs defined in the new NIST standard. I am using liboqs through OpenSSL OQS Provider module. |
Yes to both. Plus to incorporate the tests against the external API that NIST announced for around October. |
Thanks @bhess for the confirmation(s). @stauro79 this comment lets me wonder though:
Wouldn't you then need to have "certification" applied at that module level instead as it also/further "twiddles around" with the algorithms (not the core logic, though)? Or even better, at OpenSSL level itself (further "twiddling" there :)? |
The openssl has released OpenSSL FIPS Provider (crypto module) that is certificated by NIST. https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282 Incase of liboqs and oqs provider, I am not sure how certification should work.. liboqs is crypto library and oqs provider just consumes the liboqs crypto implementation. |
Personally, I do not think there is the slightest chance this software combination can ever be getting FIPS certified. I think the best chance for that is getting ML-DSA integrated directly into OpenSSL (and there, with all required prerequisites (that are unknown to me) into the FIPS provider). |
Is there any road-map/plan for liboqs ML-DSA algorithm to be certified using NIST Cryptographic Algorithm Validation Program (CAVP)?
The text was updated successfully, but these errors were encountered: