-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SLH-DSA: integrate final standard #1894
Comments
Yes, we will. I'm prioritising Kyber -> ML-KEM myself as we have that deployed quite widely. I'll ping the rest of the team. |
Hello, According to Commit 36f3994 , liboqs is compliant with SPHINCS+ 3.1, June 10, 2022. Now the FIPS 205 pdf reads that Sphinx+ 3.1 is a superset of SLH-DSA. So it looks like, except for changing the cipher user-friendly names, liboqs is already compliant with FIPS 205. Can anyone help here? Does liboqs now fully implement a binary compatible FIPS 205? Thank you and kind regards! Paul |
Hi, @psheer-spirent. I do agree that Appendix A of FIPS 205 makes it sound like SLH-DSA and SPHINCS+ 3.1 should be the same on the parameter sets we support. However, I suspect that in order to implement FIPS 205, we would need to add the "external" API, which appears to add domain separation and a context string. We need to make similar changes to support the FIPS 204 final version of ML-DSA. |
Thanks @SWilson4 for that clarification. Do you know if oqs-provider+liboqs intends full compliance with FIPS-203, FIPS-204, and FIPS-205? Is anyone right now working toward full compliance? Kind regards, Paul |
Good question, @psheer-spirent but not totally simple to answer: The answer to the best of my knowledge is "Most likely, Yes": The key challenge is that the OQS project does not do algorithm development or maintenance itself, so is completely dependent on the upstreams for code (incl. its properties, like adherence to standards or safety and security properties) and thus cannot make any guarantees. The phrase you quote above indeed was worded too aggressively: At the time of that release, NIST didn't complete standardization, it only announced "initial public drafts". It was those that the software was in line with at the time. Mea culpa -- I've become much more cautious in phrasing things since then, e.g., also adding explicitly the usage warning from The state of affairs on FIPS 205 is captured in this issue and OQS welcomes contributions to resolve the issue. FIPS 204 is being worked on by the upstream contributor in #1919. |
Thanks for that explanation. I appreciate your time. Kind regards. |
In line with FIPS 205.
We have support for Round 3 SPHINCS+, but nothing more recent. Our current upstream source is https://github.com/sphincs/sphincsplus via PQClean, so we should find out their plans for updates.
Tagging @bwesterb as a significant upstream contributor: are there plans to bring the implementation in sync with the final standard?
The text was updated successfully, but these errors were encountered: