Update lattice-based algorithms

1. Update ML-DSA to the FIPS 204 2. Remove Kyber 3. Remove Dilithium
open-quantum-safe · Dec 19, 2024 · 135b633 · 135b633
1 parent 0599bb5
commit 135b633
Show file tree

Hide file tree

Showing 29 changed files with 130 additions and 544 deletions.
diff --git a/README.md b/README.md
@@ -70,7 +70,6 @@ Along with `X25519MLKEM768` and `X25519Kyber768Draft00` supported by BoringSSL t
 
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_START -->
 - **BIKE**: `bikel1`, `p256_bikel1`, `x25519_bikel1`, `bikel3`, `p384_bikel3`, `bikel5`, `p521_bikel5`
-- **CRYSTALS-Kyber**: `kyber512`, `p256_kyber512`, `x25519_kyber512`, `kyber768`, `p256_kyber768`, `p384_kyber768`, `kyber1024`, `p521_kyber1024`
 - **FrodoKEM**: `frodo640aes`, `p256_frodo640aes`, `x25519_frodo640aes`, `frodo640shake`, `p256_frodo640shake`, `x25519_frodo640shake`, `frodo976aes`, `p384_frodo976aes`, `frodo976shake`, `p384_frodo976shake`, `frodo1344aes`, `p521_frodo1344aes`, `frodo1344shake`, `p521_frodo1344shake`
 - **HQC**: `hqc128`, `p256_hqc128`, `x25519_hqc128`, `hqc192`, `p384_hqc192`, `hqc256`, `p521_hqc256`†
 - **ML-KEM**: `mlkem768`, `p256_mlkem768`, `p384_mlkem768`, `mlkem1024`, `p384_mlkem1024`, `p521_mlkem1024`
@@ -86,7 +85,6 @@ The following quantum-safe digital signature algorithms from liboqs are supporte
 
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START -->
 - **CROSS**: `CROSSrsdp128balanced`
-- **CRYSTALS-DILITHIUM**: `dilithium2`, `dilithium3`, `dilithium5`
 - **Falcon**: `falcon512`, `rsa3072_falcon512`, `falconpadded512`, `falcon1024`, `falconpadded1024`
 - **MAYO**: `mayo1`, `mayo2`, `mayo3`, `mayo5`
 - **ML-DSA**: `p256_mldsa44`, `mldsa65`, `p384_mldsa65`, `mldsa87`, `p521_mldsa87`

diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c
@@ -231,12 +231,6 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
       return &mldsa87_asn1_meth;
     case EVP_PKEY_P521_MLDSA87:
       return &p521_mldsa87_asn1_meth;
-    case EVP_PKEY_DILITHIUM2:
-      return &dilithium2_asn1_meth;
-    case EVP_PKEY_DILITHIUM3:
-      return &dilithium3_asn1_meth;
-    case EVP_PKEY_DILITHIUM5:
-      return &dilithium5_asn1_meth;
     case EVP_PKEY_FALCON512:
       return &falcon512_asn1_meth;
     case EVP_PKEY_RSA3072_FALCON512:

diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c
@@ -83,9 +83,6 @@ static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = {
     &p384_mldsa65_asn1_meth,
     &mldsa87_asn1_meth,
     &p521_mldsa87_asn1_meth,
-    &dilithium2_asn1_meth,
-    &dilithium3_asn1_meth,
-    &dilithium5_asn1_meth,
     &falcon512_asn1_meth,
     &rsa3072_falcon512_asn1_meth,
     &falconpadded512_asn1_meth,

diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c
@@ -78,9 +78,6 @@ static const EVP_PKEY_METHOD *const evp_methods[] = {
     &p384_mldsa65_pkey_meth,
     &mldsa87_pkey_meth,
     &p521_mldsa87_pkey_meth,
-    &dilithium2_pkey_meth,
-    &dilithium3_pkey_meth,
-    &dilithium5_pkey_meth,
     &falcon512_pkey_meth,
     &rsa3072_falcon512_pkey_meth,
     &falconpadded512_pkey_meth,

diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h
@@ -334,9 +334,6 @@ extern const EVP_PKEY_ASN1_METHOD mldsa65_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD p384_mldsa65_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD mldsa87_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD p521_mldsa87_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dilithium2_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dilithium3_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dilithium5_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD falcon512_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa3072_falcon512_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD falconpadded512_asn1_meth;
@@ -374,9 +371,6 @@ extern const EVP_PKEY_METHOD mldsa65_pkey_meth;
 extern const EVP_PKEY_METHOD p384_mldsa65_pkey_meth;
 extern const EVP_PKEY_METHOD mldsa87_pkey_meth;
 extern const EVP_PKEY_METHOD p521_mldsa87_pkey_meth;
-extern const EVP_PKEY_METHOD dilithium2_pkey_meth;
-extern const EVP_PKEY_METHOD dilithium3_pkey_meth;
-extern const EVP_PKEY_METHOD dilithium5_pkey_meth;
 extern const EVP_PKEY_METHOD falcon512_pkey_meth;
 extern const EVP_PKEY_METHOD rsa3072_falcon512_pkey_meth;
 extern const EVP_PKEY_METHOD falconpadded512_pkey_meth;

diff --git a/crypto/evp/p_oqs.c b/crypto/evp/p_oqs.c
@@ -306,9 +306,6 @@ DEFINE_OQS_PKEY_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65)
 DEFINE_OQS_PKEY_METHODS(p384_mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_P384_MLDSA65)
 DEFINE_OQS_PKEY_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87)
 DEFINE_OQS_PKEY_METHODS(p521_mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_P521_MLDSA87)
-DEFINE_OQS_PKEY_METHODS(dilithium2, OQS_SIG_alg_dilithium_2, EVP_PKEY_DILITHIUM2)
-DEFINE_OQS_PKEY_METHODS(dilithium3, OQS_SIG_alg_dilithium_3, EVP_PKEY_DILITHIUM3)
-DEFINE_OQS_PKEY_METHODS(dilithium5, OQS_SIG_alg_dilithium_5, EVP_PKEY_DILITHIUM5)
 DEFINE_OQS_PKEY_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512)
 DEFINE_OQS_PKEY_METHODS(rsa3072_falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_RSA3072_FALCON512)
 DEFINE_OQS_PKEY_METHODS(falconpadded512, OQS_SIG_alg_falcon_padded_512, EVP_PKEY_FALCONPADDED512)

diff --git a/crypto/evp/p_oqs_asn1.c b/crypto/evp/p_oqs_asn1.c
@@ -426,31 +426,22 @@ static int decode_EC_pub(int nid, const unsigned char* encoded_key, int key_len,
 // the OIDs can also be found in the kObjectData array in crypto/obj/obj_dat.h
 ///// OQS_TEMPLATE_FRAGMENT_DEF_ASN1_METHODS_START
 DEFINE_OQS_ASN1_METHODS(mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_MLDSA44)
-DEFINE_OQS_PKEY_ASN1_METHOD(mldsa44, EVP_PKEY_MLDSA44, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x04, 0x04))
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa44, EVP_PKEY_MLDSA44, OID(0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11))
 
 DEFINE_OQS_ASN1_METHODS(p256_mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_P256_MLDSA44)
-DEFINE_OQS_PKEY_ASN1_METHOD(p256_mldsa44, EVP_PKEY_P256_MLDSA44, OID(0x2B, 0xCE, 0x0F, 0x07, 0x01))
+DEFINE_OQS_PKEY_ASN1_METHOD(p256_mldsa44, EVP_PKEY_P256_MLDSA44, OID(0x2B, 0xCE, 0x0F, 0x07, 0x05))
 
 DEFINE_OQS_ASN1_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65)
-DEFINE_OQS_PKEY_ASN1_METHOD(mldsa65, EVP_PKEY_MLDSA65, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x06, 0x05))
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa65, EVP_PKEY_MLDSA65, OID(0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12))
 
 DEFINE_OQS_ASN1_METHODS(p384_mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_P384_MLDSA65)
-DEFINE_OQS_PKEY_ASN1_METHOD(p384_mldsa65, EVP_PKEY_P384_MLDSA65, OID(0x2B, 0xCE, 0x0F, 0x07, 0x03))
+DEFINE_OQS_PKEY_ASN1_METHOD(p384_mldsa65, EVP_PKEY_P384_MLDSA65, OID(0x2B, 0xCE, 0x0F, 0x07, 0x07))
 
 DEFINE_OQS_ASN1_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87)
-DEFINE_OQS_PKEY_ASN1_METHOD(mldsa87, EVP_PKEY_MLDSA87, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x08, 0x07))
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa87, EVP_PKEY_MLDSA87, OID(0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13))
 
 DEFINE_OQS_ASN1_METHODS(p521_mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_P521_MLDSA87)
-DEFINE_OQS_PKEY_ASN1_METHOD(p521_mldsa87, EVP_PKEY_P521_MLDSA87, OID(0x2B, 0xCE, 0x0F, 0x07, 0x04))
-
-DEFINE_OQS_ASN1_METHODS(dilithium2, OQS_SIG_alg_dilithium_2, EVP_PKEY_DILITHIUM2)
-DEFINE_OQS_PKEY_ASN1_METHOD(dilithium2, EVP_PKEY_DILITHIUM2, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, 0x04, 0x04))
-
-DEFINE_OQS_ASN1_METHODS(dilithium3, OQS_SIG_alg_dilithium_3, EVP_PKEY_DILITHIUM3)
-DEFINE_OQS_PKEY_ASN1_METHOD(dilithium3, EVP_PKEY_DILITHIUM3, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, 0x06, 0x05))
-
-DEFINE_OQS_ASN1_METHODS(dilithium5, OQS_SIG_alg_dilithium_5, EVP_PKEY_DILITHIUM5)
-DEFINE_OQS_PKEY_ASN1_METHOD(dilithium5, EVP_PKEY_DILITHIUM5, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, 0x08, 0x07))
+DEFINE_OQS_PKEY_ASN1_METHOD(p521_mldsa87, EVP_PKEY_P521_MLDSA87, OID(0x2B, 0xCE, 0x0F, 0x07, 0x08))
 
 DEFINE_OQS_ASN1_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512)
 DEFINE_OQS_PKEY_ASN1_METHOD(falcon512, EVP_PKEY_FALCON512, OID(0x2B, 0xCE, 0x0F, 0x03, 0x0B))