Skip to content

0.10.0

Compare
Choose a tag to compare
@baentsch baentsch released this 23 Mar 13:05
· 99 commits to main since this release
36be574

liboqs version 0.10.0

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.10.0 of liboqs. It was released on March 20, 2024.
This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.

What's New

This release continues from the 0.9.2 release of liboqs.

Key encapsulation mechanisms

  • BIKE: Updated portable C implementation to include constant-time fixes from upstream.
  • HQC: Updated to NIST Round 4 version.
  • ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.

Digital signature schemes

  • Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
  • ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.

Other changes

  • Improved thread safety.
  • Added uninstall support via ninja uninstall
  • Documented platforms by support tier in PLATFORMS.md.
  • Added support for Zephyr RTOS.
  • Improved support for macOS on Apple Silicon.
  • Removed support for the "NIST-KAT" DRBG.
  • Added extended KAT test programs.

Detailed changelog

New Contributors

Full Changelog: 0.9.2...0.10.0