Pull new HQC implementation from upstream

.CMake/alg_support.cmake

@@ -176,26 +176,8 @@ endif()
 
 option(OQS_ENABLE_KEM_HQC "Enable hqc algorithm family" ON)
 cmake_dependent_option(OQS_ENABLE_KEM_hqc_128 "" ON "OQS_ENABLE_KEM_HQC" OFF)
-if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
-if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI1_INSTRUCTIONS AND OQS_USE_PCLMULQDQ_INSTRUCTIONS))
-    cmake_dependent_option(OQS_ENABLE_KEM_hqc_128_avx2 "" ON "OQS_ENABLE_KEM_hqc_128" OFF)
-endif()
-endif()
-
 cmake_dependent_option(OQS_ENABLE_KEM_hqc_192 "" ON "OQS_ENABLE_KEM_HQC" OFF)
-if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
-if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI1_INSTRUCTIONS AND OQS_USE_PCLMULQDQ_INSTRUCTIONS))
-    cmake_dependent_option(OQS_ENABLE_KEM_hqc_192_avx2 "" ON "OQS_ENABLE_KEM_hqc_192" OFF)
-endif()
-endif()
-
 cmake_dependent_option(OQS_ENABLE_KEM_hqc_256 "" ON "OQS_ENABLE_KEM_HQC" OFF)
-if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
-if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI1_INSTRUCTIONS AND OQS_USE_PCLMULQDQ_INSTRUCTIONS))
-    cmake_dependent_option(OQS_ENABLE_KEM_hqc_256_avx2 "" ON "OQS_ENABLE_KEM_hqc_256" OFF)
-endif()
-endif()
-
 
 option(OQS_ENABLE_KEM_KYBER "Enable kyber algorithm family" ON)
 cmake_dependent_option(OQS_ENABLE_KEM_kyber_512 "" ON "OQS_ENABLE_KEM_KYBER" OFF)

CMakeLists.txt

@@ -33,7 +33,7 @@ set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(CMAKE_C_VISIBILITY_PRESET hidden)
-set(OQS_VERSION_TEXT "0.9.0")
+set(OQS_VERSION_TEXT "0.10.0-dev")
 set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
 set(OQS_MINIMAL_GCC_VERSION "7.1.0")
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)

README.md

@@ -44,7 +44,7 @@ The list below indicates all algorithms supported by liboqs, but not all those a
 - **BIKE**: BIKE-L1, BIKE-L3, BIKE-L5
 - **Classic McEliece**: Classic-McEliece-348864†, Classic-McEliece-348864f†, Classic-McEliece-460896†, Classic-McEliece-460896f†, Classic-McEliece-6688128†, Classic-McEliece-6688128f†, Classic-McEliece-6960119†, Classic-McEliece-6960119f†, Classic-McEliece-8192128†, Classic-McEliece-8192128f†
 - **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
-- **HQC**: HQC-128, HQC-192, HQC-256†
+- **HQC**: HQC-128, HQC-192, HQC-256
 - **Kyber**: Kyber512, Kyber768, Kyber1024
 - **NTRU-Prime**: sntrup761
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_END -->

docs/algorithms/kem/classic_mceliece.md

@@ -6,7 +6,7 @@
 - **Authors' website**: https://classic.mceliece.org
 - **Specification version**: SUPERCOP-20221025.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  - **Source**: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852
   - **Implementation license (SPDX-Identifier)**: Public domain
 - **Ancestors of primary source**:
   - SUPERCOP-20221025 "clean" and "avx2" implementations

docs/algorithms/kem/classic_mceliece.yml

@@ -378,4 +378,4 @@ parameter-sets:
 auxiliary-submitters: []
 primary-upstream:
   spdx-license-identifier: Public domain
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852

docs/algorithms/kem/hqc.md

@@ -2,34 +2,29 @@
 
 - **Algorithm type**: Key encapsulation mechanism.
 - **Main cryptographic assumption**: Syndrome decoding of structure codes (Hamming Quasi-Cyclic).
-- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Philippe Gaborit, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor, Loïc Bidoux.
+- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Arnaud Dion, Philippe Gaborit, Jérôme Lacan, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor.
 - **Authors' website**: https://pqc-hqc.org/
-- **Specification version**: NIST Round 3 submission.
+- **Specification version**: 2023-04-30.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  - **Source**: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852
   - **Implementation license (SPDX-Identifier)**: Public domain
 - **Ancestors of primary source**:
-  - https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc, which takes it from:
-  - submission 2020-10-01 at https://pqc-hqc.org/implementation.html
-
-## Advisories
-
-- The implementations for all parameter sets DO NOT provide constant time execution properties. See: https://github.com/open-quantum-safe/liboqs/issues/995.
+  - https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc, which takes it from:
+  - submission 2023-04-30 at https://pqc-hqc.org/implementation.html
 
 ## Parameter set summary
 
 |  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
 |:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
-|     HQC-128     | IND-CCA2         |                    1 |                      2249 |                      2289 |                      4481 |                           64 |
-|     HQC-192     | IND-CCA2         |                    3 |                      4522 |                      4562 |                      9026 |                           64 |
-|     HQC-256     | IND-CCA2         |                    5 |                      7245 |                      7285 |                     14469 |                           64 |
+|     HQC-128     | IND-CCA2         |                    1 |                      2249 |                      2305 |                      4433 |                           64 |
+|     HQC-192     | IND-CCA2         |                    3 |                      4522 |                      4586 |                      8978 |                           64 |
+|     HQC-256     | IND-CCA2         |                    5 |                      7245 |                      7317 |                     14421 |                           64 |
 
 ## HQC-128 implementation characteristics
 
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI1,PCLMULQDQ     | False                              | True                                           | False                 |
 
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
@@ -40,7 +35,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI1,PCLMULQDQ     | False                              | True                                           | False                |
 
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
@@ -49,7 +43,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI1,PCLMULQDQ     | False                              | True                                           | True                 |
 
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 

docs/algorithms/kem/hqc.yml

@@ -4,32 +4,31 @@ principal-submitters:
 - Carlos Aguilar Melchor
 - Nicolas Aragon
 - Slim Bettaieb
+- Loïc Bidoux
 - Olivier Blazy
 - Jurjen Bos
 - Jean-Christophe Deneuville
+- Arnaud Dion
 - Philippe Gaborit
+- Jérôme Lacan
 - Edoardo Persichetti
 - Jean-Marc Robert
 - Pascal Véron
 - Gilles Zémor
-- Loïc Bidoux
 crypto-assumption: Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
 website: https://pqc-hqc.org/
-nist-round: 3
-spec-version: NIST Round 3 submission
+nist-round: 4
+spec-version: 2023-04-30
 upstream-ancestors:
-- https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc
-- submission 2020-10-01 at https://pqc-hqc.org/implementation.html
-advisories:
-- 'The implementations for all parameter sets DO NOT provide constant time execution
-  properties. See: https://github.com/open-quantum-safe/liboqs/issues/995.'
+- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc
+- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
 parameter-sets:
 - name: HQC-128
   claimed-nist-level: 1
   claimed-security: IND-CCA2
   length-public-key: 2249
-  length-ciphertext: 4481
-  length-secret-key: 2289
+  length-ciphertext: 4433
+  length-secret-key: 2305
   length-shared-secret: 64
   implementations-switch-on-runtime-cpu-features: true
   implementations:
@@ -41,28 +40,12 @@ parameter-sets:
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
     upstream: primary-upstream
-  - upstream-id: avx2
-    supported-platforms:
-    - architecture: x86_64
-      operating_systems:
-      - Linux
-      - Darwin
-      required_flags:
-      - avx2
-      - bmi1
-      - pclmulqdq
-    common-crypto:
-    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
-    large-stack-usage: false
-    upstream: primary-upstream
 - name: HQC-192
   claimed-nist-level: 3
   claimed-security: IND-CCA2
-  length-ciphertext: 9026
+  length-ciphertext: 8978
   length-public-key: 4522
-  length-secret-key: 4562
+  length-secret-key: 4586
   length-shared-secret: 64
   implementations-switch-on-runtime-cpu-features: true
   implementations:
@@ -74,28 +57,12 @@ parameter-sets:
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
     upstream: primary-upstream
-  - upstream-id: avx2
-    supported-platforms:
-    - architecture: x86_64
-      operating_systems:
-      - Linux
-      - Darwin
-      required_flags:
-      - avx2
-      - bmi1
-      - pclmulqdq
-    common-crypto:
-    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
-    large-stack-usage: false
-    upstream: primary-upstream
 - name: HQC-256
   claimed-nist-level: 5
   claimed-security: IND-CCA2
-  length-ciphertext: 14469
+  length-ciphertext: 14421
   length-public-key: 7245
-  length-secret-key: 7285
+  length-secret-key: 7317
   length-shared-secret: 64
   implementations-switch-on-runtime-cpu-features: true
   implementations:
@@ -107,22 +74,6 @@ parameter-sets:
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
     upstream: primary-upstream
-  - upstream-id: avx2
-    supported-platforms:
-    - architecture: x86_64
-      operating_systems:
-      - Linux
-      - Darwin
-      required_flags:
-      - avx2
-      - bmi1
-      - pclmulqdq
-    common-crypto:
-    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
-    large-stack-usage: true
-    upstream: primary-upstream
 primary-upstream:
   spdx-license-identifier: Public domain
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852

docs/algorithms/sig/falcon.md

@@ -7,7 +7,7 @@
 - **Authors' website**: https://falcon-sign.info
 - **Specification version**: 20211101.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  - **Source**: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852
   - **Implementation license (SPDX-Identifier)**: MIT
 
 

docs/algorithms/sig/falcon.yml

@@ -18,7 +18,7 @@ website: https://falcon-sign.info
 nist-round: 3
 spec-version: 20211101
 primary-upstream:
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852
   spdx-license-identifier: MIT
   upstream-ancestors:
   - https://www.falcon-sign.info

docs/algorithms/sig/sphincs.md

@@ -7,7 +7,7 @@
 - **Authors' website**: https://sphincs.org/
 - **Specification version**: NIST Round 3 submission, v3.1 (June 10, 2022).
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
+  - **Source**: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852 with copy_from_upstream patches
   - **Implementation license (SPDX-Identifier)**: CC0-1.0
 
 

docs/algorithms/sig/sphincs.yml

@@ -26,7 +26,7 @@ nist-round: 3
 spec-version: NIST Round 3 submission, v3.1 (June 10, 2022)
 spdx-license-identifier: CC0-1.0
 primary-upstream:
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/0657749a785db30e7f49e9435452cb042edb1852
     with copy_from_upstream patches
   spdx-license-identifier: CC0-1.0
   upstream-ancestors: