Skip to content

liboqs version 0.11.0 release candidate 1

Pre-release
Pre-release
Compare
Choose a tag to compare
@praveksharma praveksharma released this 13 Sep 23:09

liboqs version 0.11.0-rc1

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024.

This release updates ML-KEM implementations to their final FIPS 203 versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from NIST Additional Signatures Round 1 along with stateful hash-based signature schemes XMSS and LMS. Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade.

LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md.

What's New

This release continues from the 0.10.1 release of liboqs.

Key encapsulation mechanisms

  • Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade.
  • ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
  • Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer.

Digital signature schemes

  • LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS.
  • MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1.
  • CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1.

Other changes

  • Added callback API to use custom implementations of AES, SHA2, and SHA3.
  • Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API.

Detailed changelog

New Contributors

Full Changelog: 0.10.1...0.11.0-rc1