You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This aligns the algorithms supported by the OQS OpenSSH fork with the algorithms available in liboqs.
- Added support for ML-KEM-IPD using the ML-KEM alias and the names/curves documented by the [PQ SSH draft RFC](https://datatracker.ietf.org/doc/draft-kampanakis-curdle-ssh-pq-ke/).
- Added support for ML-DSA-IPD using the ML-DSA alias following the conventions from the Dilithium implementation. The Dilithium signatures have been disabled.
- Updated from BIKE Round 3 to Round 4. This adds a new parameter set for BIKE-L5.
- Added support for the Falcon PADDED format. It is disabled by default to preserve entries in the bit-mask.
- Added support for MAYO. The level 1 variant is left disabled.
The KEX algorithms specified by the draft RFC do not match the security
level pairing convention followed by Kyber so we chose to prefer the
pairings specified in the document. There were no proposed parameter
sets for ML-KEM-512 so we defaulted to the conventional parameters.
x25519 hybrids are currently not handled by the oqs-openssh fork so
we've omitted `mlkem768x25519-sha256` support for now.
This does not add support for sntrup761 as that requires handling the conflict with the upstream OpenSSH implementation.
Related to Issue open-quantum-safe#163
Signed-off-by: Gerardo Ravago <gcr@amazon.com>
Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. For example, McEliece require building `oqs-openssh` with a large(r) stack provision than is default: Adding `LDFLAGS="-Wl,--stack,20000000"` to [the `./configure` command below](#step-2-build-the-fork) is required to allow cygwin-based testing to pass.
86
88
89
+
Algorithms which involve ML-KEM are provided using the names as proposed in [draft-kampanakis-curdle-ssh-pq-ke](https://datatracker.ietf.org/doc/draft-kampanakis-curdle-ssh-pq-ke/). The underlying implementation uses a liboqs API name for the final ML-KEM implementation which is currently (August 13th, 2024) aliased to ML-KEM-IPD. When the final implementation for ML-KEM becomes available, the alias will also be updated to the standardized ML-KEM implementation.
90
+
87
91
#### Digital Signature
88
92
89
93
The following digital signature algorithms from liboqs are supported (assuming they have been enabled in liboqs). Note that only select L3 signature variants are enabled by default. In general, algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-fork#code-generation).
@@ -101,6 +107,8 @@ The following hybrid algorithms are supported; they combine a quantum-safe algor
101
107
- if `<SIG>` has L3 security, the fork provides the method `ecdsa-nistp384-<SIG>`, which combines `<SIG>` with ECDSA using NIST's P384 curve.
102
108
- if `<SIG>` has L5 security, the fork provides the method `ecdsa-nistp521-<SIG>`, which combines `<SIG>` with ECDSA using NIST's P521 curve.
103
109
110
+
Algorithms which involve ML-DSA use a liboqs API name for the final ML-DSA implementation which is currently (August 13th, 2024) aliased to ML-DSA-IPD. When the final implementation for ML-DSA becomes available, the alias will also be updated to the standardized ML-DSA implementation.
111
+
104
112
## Quickstart
105
113
106
114
The steps below have been confirmed to work on Ubuntu 20.04.1 Focal
0 commit comments