Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Understand why SLH-DSA implementation is mostly failing against LibOQS Provider #132

Open
johngray-dev opened this issue Aug 6, 2024 · 4 comments
Open

Understand why SLH-DSA implementation is mostly failing against LibOQS Provider #132

johngray-dev opened this issue Aug 6, 2024 · 4 comments

Comments

@johngray-dev
Copy link
Collaborator

SLH-DSA in automation tables doesn't look good. In OQS they are not enabled by default.

https://ietf-hackathon.github.io/pqc-certificates/pqc_hackathon_results_certs_r3_automated_tests.html

Does anyone know if the LibOQS provider has only enabled 4 SLH-DSA parameters sets? Is there a good reason? The only change is the pre-hash coming in the final document. LibOQS claims support for SPHINCS+ in their documentation, so do they actually support SLH-DSA or is that a documentation issue?

Action John: Send an email to the OQS team to try and sort out SLH-DSA / SPHINCS+ support and clarify OIDs and why they are off by default.
@SWilson4
Copy link

SWilson4 commented Aug 8, 2024

I believe that most SPHINCS+ variants are switched off by default due to an issue in OpenSSL limiting the number of signature algorithms a provider can advertise without causing hangups: see open-quantum-safe/oqs-provider#465 for a recent reference and open-quantum-safe/oqs-provider#399 for an in-depth discussion.

Our SPHINCS+ code is still at the Round 3 version and hasn't been updated to support the SLH-DSA draft version. The liboqs implementation is inherited from PQClean, which is in turn inherited from https://github.com/sphincs/sphincsplus. As far as I can tell, neither of those upstreams have implemented the draft modifications.

@baentsch
Copy link
Collaborator

baentsch commented Aug 8, 2024
edited
Loading

Send an email to the OQS team to try and sort out SLH-DSA / SPHINCS+ support and clarify OIDs and why they are off by default.

Here is the current list of sig algs, OIDs and alg code levels made available by oqsprovider for reference. In addition to the comments regarding the upstream alg sources in liboqs by @SWilson4 above, please also note oqsprovider and liboqs are separate projects and may not always be at the same level. Be sure to check the file above for the current state of "main" (or the same file within any release) for oqsprovider.

If anyone wants to enable other sig algs, follow this guidance. If anyone has specific wishes for default sig algs, please chime in to this discussion.

Edit/add: There's something fishy with Composite algs in the file mentioned above. Will be fixed.

@danvangeest
Copy link
Collaborator

There is conflict with oqsprovider OIDs and IETF hackathon ones at https://github.com/IETF-Hackathon/pqc-certificates/blob/master/docs/oid_mapping.md

IETF hackathon calls ones SLH-DSA while oqsprovider calls the same OID sphincsplus. For example 1.3.9999.6.9.10. The SLH-SDA and sphincsplus versions aren't interoperable (unlike some of the lower parameter sets). How did this OID conflict come about?

@SWilson4
Copy link

SWilson4 commented Aug 9, 2024

We've been using those OIDs since before the SLH-DSA standard was released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@danvangeest @SWilson4 @johngray-dev @baentsch