Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Dilithium from crystals upstream #1894

Merged
merged 14 commits into from
Oct 7, 2024
Merged

Update Dilithium from crystals upstream #1894

merged 14 commits into from
Oct 7, 2024

Conversation

jakemas
Copy link
Contributor

@jakemas jakemas commented Oct 1, 2024
edited
Loading

Issues:

Resolves #CryptoAlg-2722

Description of changes:

This PR updates the implementation of Dilithium (v3.1) with subsequent changes made in the official upstream repository (https://github.com/pq-crystals/dilithium).

As there are significant algorithmic changes between pre-FIPS 204 Dilithium (v3.1) and FIPS 204 IPD/Final we note that the integration of this code will cause Dilithium v3.1 signatures to fail. Consumers of AWS-LC were made aware of the unstable nature of the Dilithium implementation and API during the integration into the library (see https://github.com/aws/aws-lc/blob/8a1ee93969d8df64c4c51b2d6ddffb26a54adea9/crypto/dilithium/README.md).

As part of our due diligence we have verified that there are no existing deployments contingent on the stability of Dilithium. As such, we will continue to support the most up to date version of the algorithm from the authors upstream.

Call-outs:

Among the changes are modifications made per the FIPS 204 ML-DSA standard:

  • changes to signature and key sizes
  • addition of signing context "ctx" added to signature
  • removal of AES-based modes
  • new KATs
  • we maintain the fqmul refactor added in code refactor to add fqmul #1748
  • small changes to documentation (e.g. reduce.c#L27, poly.c#L24, polyvec.c#L164)

Changes from upstream source:

Testing:

As the signature size and private key size of ML-DSA has changed since v3.1, so too must the tests EVPExtraTest.d2i_PrivateKey for testing the parsing of ML-DSA private keys, as well as the certificates used for X509Test.TestDilithium3.

I have updated the private key kExampleDilithium3KeyDER and test certificate kDilithium3Cert to reflect changes to the signature/key lengths, but will need to manually reproduce test-case certificates kDilithium3CertNull, kDilithium3CertParam.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@jakemas jakemas requested a review from a team as a code owner October 1, 2024 18:38
@codecov-commenter
Copy link

codecov-commenter commented Oct 1, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.46%. Comparing base (8b2ebfc) to head (7f31525).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1894      +/-   ##
==========================================
- Coverage   78.47%   78.46%   -0.02%     
==========================================
  Files         585      585              
  Lines       99518    99517       -1     
  Branches    14242    14242              
==========================================
- Hits        78099    78086      -13     
- Misses      20783    20794      +11     
- Partials      636      637       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

geedo0
geedo0 suggested changes Oct 2, 2024
View reviewed changes
crypto/dilithium/pqcrystals_dilithium_ref_common/README.md

**Source code origin and modifications.** The source code was imported from a branch of the official repository of the Crystals-Dilithium team: https://github.com/pq-crystals/dilithium. The code was taken at [commit](https://github.com/pq-crystals/dilithium/commit/cbcd8753a43402885c90343cd6335fb54712cda1) as of 10/01/2024. At the moment, only the reference C implementation is imported.

The `api.h`, `fips202.h` and `params.h` header files were modified to support our [prefixed symbols build](https://github.com/awslabs/aws-lc/blob/main/BUILDING.md#building-with-prefixed-symbols).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be helpful to describe how they were modified in order to help future maintainers that have to deal with conflicts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I completely agree. There are going to be further changes to the Dilithium code, then I will update this readme after to reflect all changes. I've left the note about the prefix build stuff in here as-is for now, as in a following PR I will be removing all the prefix build stuff for Dilithium. Essentially, the same changes made to ML-KEM (7b5ba89) will be made for ML-DSA. Once those changes are in, I will update this text with similar text from the ML-KEM readme.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this would be helpful so I can verify the code was copied over without unintended modifications.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in 72d7271. Will continue to update this readme with additional changes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added more detail in 7f31525.

crypto/dilithium/sig_dilithium.h Show resolved Hide resolved
crypto/dilithium/pqcrystals_dilithium_ref_common/api.h Show resolved Hide resolved
crypto/x509/x509_test.cc Outdated Show resolved Hide resolved
andrewhop
andrewhop reviewed Oct 3, 2024
View reviewed changes
crypto/dilithium/pqcrystals_dilithium_ref_common/README.md Show resolved Hide resolved
crypto/dilithium/pqcrystals_dilithium_ref_common/packing.h Show resolved Hide resolved
crypto/dilithium/pqcrystals_dilithium_ref_common/README.md

**Source code origin and modifications.** The source code was imported from a branch of the official repository of the Crystals-Dilithium team: https://github.com/pq-crystals/dilithium. The code was taken at [commit](https://github.com/pq-crystals/dilithium/commit/cbcd8753a43402885c90343cd6335fb54712cda1) as of 10/01/2024. At the moment, only the reference C implementation is imported.

The `api.h`, `fips202.h` and `params.h` header files were modified to support our [prefixed symbols build](https://github.com/awslabs/aws-lc/blob/main/BUILDING.md#building-with-prefixed-symbols).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this would be helpful so I can verify the code was copied over without unintended modifications.

crypto/dilithium/pqcrystals_dilithium_ref_common/README.md Outdated Show resolved Hide resolved
crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c Outdated Show resolved Hide resolved
geedo0
geedo0 previously approved these changes Oct 3, 2024
View reviewed changes
@skmcgrail skmcgrail merged commit bda01b4 into aws:main Oct 7, 2024
110 of 111 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewhop andrewhop andrewhop approved these changes

@geedo0 geedo0 geedo0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jakemas @codecov-commenter @geedo0 @andrewhop @skmcgrail