Add ML-KEM

Add ACVP vectors for ML-KEM

Signed-off-by: Basil Hess <[email protected]>

.CMake/alg_support.cmake

@@ -127,11 +127,8 @@ cmake_dependent_option(OQS_ENABLE_KEM_kyber_768 "" ON "OQS_ENABLE_KEM_KYBER" OFF
 cmake_dependent_option(OQS_ENABLE_KEM_kyber_1024 "" ON "OQS_ENABLE_KEM_KYBER" OFF)
 
 option(OQS_ENABLE_KEM_ML_KEM "Enable ml_kem algorithm family" ON)
-cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
 cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
-cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
 cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
-cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
 cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024 "" ON "OQS_ENABLE_KEM_ML_KEM" OFF)
 
 option(OQS_ENABLE_SIG_DILITHIUM "Enable dilithium algorithm family" ON)
@@ -311,21 +308,18 @@ endif()
 
 if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
 if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
-    cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512_ipd" OFF)
     cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_512_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_512" OFF)
 endif()
 endif()
 
 if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
 if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
-    cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768_ipd" OFF)
     cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_768_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_768" OFF)
 endif()
 endif()
 
 if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin")
 if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS AND OQS_USE_POPCNT_INSTRUCTIONS))
-    cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_ipd_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024_ipd" OFF)
     cmake_dependent_option(OQS_ENABLE_KEM_ml_kem_1024_avx2 "" ON "OQS_ENABLE_KEM_ml_kem_1024" OFF)
 endif()
 endif()

.github/workflows/unix.yml

@@ -178,7 +178,7 @@ jobs:
           path: build/*.deb
       - name: Check STD algorithm and alias
         if: matrix.name == 'jammy-std-openssl3'
-        run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n    isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n    isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n    isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512-ipd:\n    isnull: true"'
+        run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n    isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n    isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n    isnull: false"'
         working-directory: build
 
   linux_arm_emulated:

README.md

@@ -56,7 +56,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
 - **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
 - **HQC**: HQC-128, HQC-192, HQC-256
 - **Kyber**: Kyber512, Kyber768, Kyber1024
-- **ML-KEM**: ML-KEM-512-ipd (alias: ML-KEM-512), ML-KEM-768-ipd (alias: ML-KEM-768), ML-KEM-1024-ipd (alias: ML-KEM-1024)
+- **ML-KEM**: ML-KEM-512, ML-KEM-768, ML-KEM-1024
 - **NTRU-Prime**: sntrup761
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_END -->
 

docs/algorithms/kem/ml_kem.md

@@ -4,22 +4,22 @@
 - **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
 - **Principal submitters**: Peter Schwabe.
 - **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
-- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd
-- **Specification version**: ML-KEM-ipd.
+- **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
+- **Specification version**: ML-KEM.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37 with copy_from_upstream patches
+  - **Source**: https://github.com/pq-crystals/kyber/commit/3c874cddd5fdaf4a7bd13f7e2e4d98a2a1eb8dc4 with copy_from_upstream patches
   - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
 
 
 ## Parameter set summary
 
 |  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
 |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
-| ML-KEM-512-ipd  | ML-KEM-512            | IND-CCA2         |                    1 |                       800 |                      1632 |                       768 |                           32 |
-| ML-KEM-768-ipd  | ML-KEM-768            | IND-CCA2         |                    3 |                      1184 |                      2400 |                      1088 |                           32 |
-| ML-KEM-1024-ipd | ML-KEM-1024           | IND-CCA2         |                    5 |                      1568 |                      3168 |                      1568 |                           32 |
+|   ML-KEM-512    | NA                    | IND-CCA2         |                    1 |                       800 |                      1632 |                       768 |                           32 |
+|   ML-KEM-768    | NA                    | IND-CCA2         |                    3 |                      1184 |                      2400 |                      1088 |                           32 |
+|   ML-KEM-1024   | NA                    | IND-CCA2         |                    5 |                      1568 |                      3168 |                      1568 |                           32 |
 
-## ML-KEM-512-ipd implementation characteristics
+## ML-KEM-512 implementation characteristics
 
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
@@ -30,7 +30,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
  ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 
-## ML-KEM-768-ipd implementation characteristics
+## ML-KEM-768 implementation characteristics
 
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
@@ -39,7 +39,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
-## ML-KEM-1024-ipd implementation characteristics
+## ML-KEM-1024 implementation characteristics
 
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|

docs/algorithms/kem/ml_kem.yml

@@ -13,16 +13,15 @@ auxiliary-submitters:
 - Gregor Seiler
 - Damien Stehlé
 crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
-website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203/ipd
-nist-round: ipd
-spec-version: ML-KEM-ipd
+website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
+nist-round: FIPS203
+spec-version: ML-KEM
 primary-upstream:
-  source: https://github.com/pq-crystals/kyber/commit/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37
+  source: https://github.com/pq-crystals/kyber/commit/3c874cddd5fdaf4a7bd13f7e2e4d98a2a1eb8dc4
     with copy_from_upstream patches
   spdx-license-identifier: CC0-1.0 or Apache-2.0
 parameter-sets:
-- name: ML-KEM-512-ipd
-  alias: ML-KEM-512
+- name: ML-KEM-512
   claimed-nist-level: 1
   claimed-security: IND-CCA2
   length-public-key: 800
@@ -55,8 +54,7 @@ parameter-sets:
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
-- name: ML-KEM-768-ipd
-  alias: ML-KEM-768
+- name: ML-KEM-768
   claimed-nist-level: 3
   claimed-security: IND-CCA2
   length-public-key: 1184
@@ -89,8 +87,7 @@ parameter-sets:
     no-secret-dependent-branching-claimed: true
     no-secret-dependent-branching-checked-by-valgrind: true
     large-stack-usage: false
-- name: ML-KEM-1024-ipd
-  alias: ML-KEM-1024
+- name: ML-KEM-1024
   claimed-nist-level: 5
   claimed-security: IND-CCA2
   length-public-key: 1568

docs/cbom.json

@@ -1,23 +1,23 @@
 {
   "bomFormat": "CBOM",
   "specVersion": "1.4-cbom-1.0",
-  "serialNumber": "urn:uuid:004d7395-7601-44af-97dd-57c2214e5f60",
+  "serialNumber": "urn:uuid:bce3cc7d-3596-41d7-b1d5-4c1114d5988e",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-07-11T15:22:22.228289",
+    "timestamp": "2024-08-20T15:17:32.093405",
     "component": {
       "type": "library",
-      "bom-ref": "pkg:github/open-quantum-safe/liboqs@ca5d956097e10672aaa9bb7994057bcc58291b65",
+      "bom-ref": "pkg:github/open-quantum-safe/liboqs@3488f0a598c64b730ee2e2a4acb38e1a51797c99",
       "name": "liboqs",
-      "version": "ca5d956097e10672aaa9bb7994057bcc58291b65"
+      "version": "3488f0a598c64b730ee2e2a4acb38e1a51797c99"
     }
   },
   "components": [
     {
       "type": "library",
-      "bom-ref": "pkg:github/open-quantum-safe/liboqs@ca5d956097e10672aaa9bb7994057bcc58291b65",
+      "bom-ref": "pkg:github/open-quantum-safe/liboqs@3488f0a598c64b730ee2e2a4acb38e1a51797c99",
       "name": "liboqs",
-      "version": "ca5d956097e10672aaa9bb7994057bcc58291b65"
+      "version": "3488f0a598c64b730ee2e2a4acb38e1a51797c99"
     },
     {
       "type": "crypto-asset",
@@ -961,12 +961,12 @@
     },
     {
       "type": "crypto-asset",
-      "bom-ref": "alg:ML-KEM-512-ipd:generic",
+      "bom-ref": "alg:ML-KEM-512:generic",
       "name": "ML-KEM",
       "cryptoProperties": {
         "assetType": "algorithm",
         "algorithmProperties": {
-          "variant": "ML-KEM-512-ipd",
+          "variant": "ML-KEM-512",
           "primitive": "kem",
           "implementationLevel": "softwarePlainRam",
           "cryptoFunctions": [
@@ -981,12 +981,12 @@
     },
     {
       "type": "crypto-asset",
-      "bom-ref": "alg:ML-KEM-512-ipd:x86_64",
+      "bom-ref": "alg:ML-KEM-512:x86_64",
       "name": "ML-KEM",
       "cryptoProperties": {
         "assetType": "algorithm",
         "algorithmProperties": {
-          "variant": "ML-KEM-512-ipd",
+          "variant": "ML-KEM-512",
           "primitive": "kem",
           "implementationLevel": "softwarePlainRam",
           "cryptoFunctions": [
@@ -1001,12 +1001,12 @@
     },
     {
       "type": "crypto-asset",
-      "bom-ref": "alg:ML-KEM-768-ipd:generic",
+      "bom-ref": "alg:ML-KEM-768:generic",
       "name": "ML-KEM",
       "cryptoProperties": {
         "assetType": "algorithm",
         "algorithmProperties": {
-          "variant": "ML-KEM-768-ipd",
+          "variant": "ML-KEM-768",
           "primitive": "kem",
           "implementationLevel": "softwarePlainRam",
           "cryptoFunctions": [
@@ -1021,12 +1021,12 @@
     },
     {
       "type": "crypto-asset",
-      "bom-ref": "alg:ML-KEM-768-ipd:x86_64",
+      "bom-ref": "alg:ML-KEM-768:x86_64",
       "name": "ML-KEM",
       "cryptoProperties": {
         "assetType": "algorithm",
         "algorithmProperties": {
-          "variant": "ML-KEM-768-ipd",
+          "variant": "ML-KEM-768",
           "primitive": "kem",
           "implementationLevel": "softwarePlainRam",
           "cryptoFunctions": [
@@ -1041,12 +1041,12 @@
     },
     {
       "type": "crypto-asset",
-      "bom-ref": "alg:ML-KEM-1024-ipd:generic",
+      "bom-ref": "alg:ML-KEM-1024:generic",
       "name": "ML-KEM",
       "cryptoProperties": {
         "assetType": "algorithm",
         "algorithmProperties": {
-          "variant": "ML-KEM-1024-ipd",
+          "variant": "ML-KEM-1024",
           "primitive": "kem",
           "implementationLevel": "softwarePlainRam",
           "cryptoFunctions": [
@@ -1061,12 +1061,12 @@
     },
     {
       "type": "crypto-asset",
-      "bom-ref": "alg:ML-KEM-1024-ipd:x86_64",
+      "bom-ref": "alg:ML-KEM-1024:x86_64",
       "name": "ML-KEM",
       "cryptoProperties": {
         "assetType": "algorithm",
         "algorithmProperties": {
-          "variant": "ML-KEM-1024-ipd",
+          "variant": "ML-KEM-1024",
           "primitive": "kem",
           "implementationLevel": "softwarePlainRam",
           "cryptoFunctions": [
@@ -2328,7 +2328,7 @@
   ],
   "dependencies": [
     {
-      "ref": "pkg:github/open-quantum-safe/liboqs@ca5d956097e10672aaa9bb7994057bcc58291b65",
+      "ref": "pkg:github/open-quantum-safe/liboqs@3488f0a598c64b730ee2e2a4acb38e1a51797c99",
       "dependsOn": [
         "alg:BIKE-L1:x86_64",
         "alg:BIKE-L3:x86_64",
@@ -2377,12 +2377,12 @@
         "alg:Kyber1024:generic",
         "alg:Kyber1024:x86_64",
         "alg:Kyber1024:armv8-a",
-        "alg:ML-KEM-512-ipd:generic",
-        "alg:ML-KEM-512-ipd:x86_64",
-        "alg:ML-KEM-768-ipd:generic",
-        "alg:ML-KEM-768-ipd:x86_64",
-        "alg:ML-KEM-1024-ipd:generic",
-        "alg:ML-KEM-1024-ipd:x86_64",
+        "alg:ML-KEM-512:generic",
+        "alg:ML-KEM-512:x86_64",
+        "alg:ML-KEM-768:generic",
+        "alg:ML-KEM-768:x86_64",
+        "alg:ML-KEM-1024:generic",
+        "alg:ML-KEM-1024:x86_64",
         "alg:sntrup761:generic",
         "alg:sntrup761:x86_64",
         "alg:Dilithium2:generic",
@@ -2809,42 +2809,42 @@
       "dependencyType": "uses"
     },
     {
-      "ref": "alg:ML-KEM-512-ipd:generic",
+      "ref": "alg:ML-KEM-512:generic",
       "dependsOn": [
         "alg:sha3"
       ],
       "dependencyType": "uses"
     },
     {
-      "ref": "alg:ML-KEM-512-ipd:x86_64",
+      "ref": "alg:ML-KEM-512:x86_64",
       "dependsOn": [
         "alg:sha3"
       ],
       "dependencyType": "uses"
     },
     {
-      "ref": "alg:ML-KEM-768-ipd:generic",
+      "ref": "alg:ML-KEM-768:generic",
       "dependsOn": [
         "alg:sha3"
       ],
       "dependencyType": "uses"
     },
     {
-      "ref": "alg:ML-KEM-768-ipd:x86_64",
+      "ref": "alg:ML-KEM-768:x86_64",
       "dependsOn": [
         "alg:sha3"
       ],
       "dependencyType": "uses"
     },
     {
-      "ref": "alg:ML-KEM-1024-ipd:generic",
+      "ref": "alg:ML-KEM-1024:generic",
       "dependsOn": [
         "alg:sha3"
       ],
       "dependencyType": "uses"
     },
     {
-      "ref": "alg:ML-KEM-1024-ipd:x86_64",
+      "ref": "alg:ML-KEM-1024:x86_64",
       "dependsOn": [
         "alg:sha3"
       ],

scripts/copy_from_upstream/copy_from_upstream.yml

@@ -33,10 +33,10 @@ upstreams:
     name: pqcrystals-kyber-standard
     git_url: https://github.com/pq-crystals/kyber.git
     git_branch: standard
-    git_commit: d1321ce5ac0b53f583eb47a040dc3625ee8e7e37
+    git_commit: 3c874cddd5fdaf4a7bd13f7e2e4d98a2a1eb8dc4
     kem_meta_path: '{pretty_name_full}_META.yml'
     kem_scheme_path: '.'
-    patches: [pqcrystals-ml_kem_ipd.patch]
+    patches: [pqcrystals-ml_kem.patch]
   -
     name: pqcrystals-dilithium
     git_url: https://github.com/pq-crystals/dilithium.git
@@ -151,22 +151,19 @@ kems:
     upstream_location: pqcrystals-kyber-standard
     schemes:
       -
-        scheme: "512_ipd"
-        pqclean_scheme: ml-kem-512-ipd
-        pretty_name_full: ML-KEM-512-ipd
-        alias_scheme: "512"
+        scheme: "512"
+        pqclean_scheme: ml-kem-512
+        pretty_name_full: ML-KEM-512
         alias_pretty_name_full: ML-KEM-512
       -
-        scheme: "768_ipd"
-        pqclean_scheme: ml-kem-768-ipd
-        pretty_name_full: ML-KEM-768-ipd
-        alias_scheme: "768"
+        scheme: "768"
+        pqclean_scheme: ml-kem-768
+        pretty_name_full: ML-KEM-768
         alias_pretty_name_full: ML-KEM-768
       -
-        scheme: "1024_ipd"
-        pqclean_scheme: ml-kem-1024-ipd
-        pretty_name_full: ML-KEM-1024-ipd
-        alias_scheme: "1024"
+        scheme: "1024"
+        pqclean_scheme: ml-kem-1024
+        pretty_name_full: ML-KEM-1024
         alias_pretty_name_full: ML-KEM-1024
 sigs:
   -