Subsections of Releases

Leancrypto Version 1.0.1

Code

Changes 1.0.1

  • fix: Kyber keygen - add LC_KYBER_K to initial hash (change is only relevant when storing keys as seed and for interoperability)

  • fix: Dilithium keygen - add dimensions K and L (change is only relevant when storing keys as seed and for interoperability)

  • small performance improvements for hasher apps

Leancrypto Version 1.0.0

Code

Changes 1.0.0

  • enhancement: add Doxygen support - it is automatically compiled if Doxygen is present

  • enhancement: add Dilithium-ED25519 stream mode operation (i.e. init/update/final)

  • due to the Dilithium-ED25519 stream mode support, the Dilithium-ED25519 now used ED25519ph signature algorithm mode

  • Dilithium API change: the stream mode uses struct lc_dilithium_ctx instead of lc_hash_ctx to reflect the newly added Dilithium-ED25519 API - the lc_dilithium_ctx can be allocated on the stack or heap using LC_DILITHIUM_CTX_ON_STACK or lc_dilithium_ctx_alloc

  • enhancement: add Dilithium-ED25519 as Linux kernel akcipher algorithm

  • enhancement: make Kyber-X25519 as Linux kernel kpp algorithm consistent with the standalone Kyber kpp implementation and add a tester

  • seeded_rng: when using the ESDM as entropy source, use DRBG without prediction resistance. When having heavy respawning of applications, using the PR DRBG will strain the entropy source significantly.

  • Dilithium: add edge case tests as referenced by https://github.com/usnistgov/ACVP/pull/1525.patch and https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/G8Zf0hC-uu0/m/Kb3qNJb0AwAJ

Leancrypto Version 0.11.0

Code

Changes 0.11.0

  • security fix: fix possible leak of message in Kyber

  • Kyber: reduce memory footprint, use common lc_memcmp_secure API

  • Ascon-Keccak: include the tag length into the IV and thus implicitly authenticate the tag length (thanks to Markku-Juhani Saarinen to suggest this)

  • Kyber: change standard API such that caller can select Kyber type

  • Dilithium: change standard API such that caller can select Dilithium type

  • security: addition of Timecop and instrumentation of tests to find side-channels

  • enhancement: add Linux kernel crypto API support for Ascon / Ascon-Keccak

  • fix: performance of seeded RNG by setting reseed threshold to 1MB

  • fix: Linux kernel warning on return thunk

  • enhancement: add ASM ARMv7 and ARMv8 implementation for X25519

  • enhancement: add Ascon support for XDRBG

  • enhancement: performance increase for XDRBG256

  • enhancement: add ED25519ph to support Dilithium hybrid init/update/final handling

Leancrypto Version 0.10.1

Code

Changes 0.10.1

  • enhancement: Linux kernel - Kyber: allow parallel compilation of all Kyber types including all optimizations

  • enhancement: Linux kernel - Dilithium: allow parallel compilation of all Dilithium types including all optimizations

  • add additional hardening compiler flags stipulated by openssf.org

Changes 0.10.0

  • enhancement: add Sponge APIs

  • enhancement: add Ascon Keccak 512 and 256

Leancrypto Version 0.10.0

Code

Changes 0.10.0

  • enhancement: add Sponge APIs

  • enhancement: add Ascon Keccak 512 and 256

  • update AEAD: add lc_aead_enc|dec_init and change all AEAD algo’s tag calculation to now perform MAC(AAD || ciphertext) instead of MAC(ciphertext || AAD) - this brings it in line with all AEAD algorithms

  • enhancement: add Ascon AEAD 128 and 128b

  • rename API lc_shake to lc_xof

  • enhancement: add Ascon Hash 128 and 128a

  • enhancement: add Ascon XOF and XOFa

  • enhancement: add Ascon 128/128a hasher apps

  • large data tests can now execute on small systems by using smaller memory sizes

  • remove riscv64 hash assembler directory: it is a duplicate of the riscv32 assembler code

  • Kyber 768: Add AVX2, ARMv8, ARMv7 support

  • Dilithium 65: Add AVX2, ARMv8, ARMv7 support

  • Enable compilation of Kyber 1024, Kyber-768 and Kyber-512 at the same time (APIs starting with lc_kyber_768/lc_kex_768 refer to Kyber-768, APIs starting with lc_kyber_512/lc_kex_512 refer to Kyber-512, all others refer to Kyber-1024)

  • Enable compilation of Dilithium 87, Dilithium-65 and Dilithium-44 at the same time (APIs starting with lc_dilithium_65 refer to Dilithium-768, APIs starting with lc_dilithium_44 refer to Dilithium-44, all others refer to Dilithium-87)

  • enhancement: Windows is now supported as target platform using the MINGW compiler with full acceleration support

  • Dilithium: update SampleInBall implementation following https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/y8ul-ZcVWI4 - implementation is fully checked against NIST ACVP Demo server

Leancrypto Version 0.9.2

Code

Changes 0.9.2

  • fix: update “reduce memory footprint of Keccak state” to handle big-endian systems

  • enhancement: Seed the lc_seeded_rng with (random.c || Jitter RNG)

Leancrypto Version 0.9.1

Code

Changes 0.9.1

  • fix: move XOR-256 memory definitions to lc_memory_support.h as otherwise compilation of external applications and libraries fail due to missing xor256.h

Leancrypto Version 0.9.0

Code

Changes 0.9.0

  • enhancement: X/ED25519: enable 128 bit mode on Intel for both, kernel and user space

  • add Rust binding support

  • enhancement: reduce memory footprint of Keccak state

  • enhancement: add cSHAKE re-init support

  • fix: KMAC-AEAD / cSHAKE-AEAD - ensure proper re-initialization

  • enhancement: add RISC-V 64 bit Keccak - currently disabled due to a bug

  • enhancement: compile Dilithium ARMv8 support in Linux kernel (excluding the SIMD Keccak operation)

  • fix: fix ARM-CE detection logic

  • fix: potential Kyber side channel

  • fix: KMAC min MAC size is 32 bits

  • enhancement: use accelerated XOR for KMAC/cSHAKE AEAD

  • fix: enable poly_compress_avx for Linux kernel compilation when GCC >= 13 is present

  • enhancement: add interface code to register leancrypto with Linux kernel crypto API

Leancrypto Version 0.8.0

Code

Changes 0.8.0

  • enhancement: add applications

  • enhancement: add Dilithium ARMv8 support (including SHAKE 2x ARMv8 support)

  • enhancement: add Dilithium ARMv7 support

  • enhancement: add Kyber ARMv7 support

  • reduce memory footprint of Dilithium and Kyber

  • enhancement: Add Kyber-X25519 KEM, KEX, and IES

  • enhancement: Add Dilithium-ED25519

  • hardening: use -fzero-call-used-regs=used-gpr if available to counter ROP attacks

  • fix: Add fork-detection for seeded_rng

  • update XDRBG256 implementation based on latest draft

Leancrypto Version 0.7.0

Code

Changes 0.7.0

  • enhancement: add XDRBG256 - the SHAKE256-based DRNG discussed for SP800-90A inclusion (almost idential to cSHAKE/KMAC DRNG specified with leancrypto)

  • enhancement: add SymKMAC AEAD algorithm - it uses 100 bytes less context than SymHMAC (it is less than 1024 bytes now), uses accelerated Keccak for KDF and authentication but is otherwise identical to SymHMAC

  • Kyber: switch responder and initiator definitions

  • enhancement: add ESDM seed source to seed lc_seeded_rng

  • editorial: reformat code using clang-format and provided configuration file

  • Dilithium: Update implementation to match FIPS 204 (draft from Aug 24, 2023)

  • Kyber: Update implementation to match FIPS 203 (draft from Aug 24, 2023)

  • enhancement: Dilithium and Kyber security strengths are selectable via Meson options

  • Kyber KEM: Update shared secret KDF (as the KDF is now removed from FIPS 203, it can be adjusted to be more performant and consistent with SP800-108)

  • Kyber KEX: Updated shared secret KDF to use SP800-108 compliant KMAC KDF

  • enhancement: Add input parameter validatino to Kyber as specified in FIPS 203

  • enhancement: consolidate all testing requiring an RNG to use selftest_rng

Leancrypto Version 0.6.0

Code

Changes 0.6.0

  • enhancement: Linux - add memfd_secret(2) support for secure memory allocation

  • fix: documentation of lc_kyber_keypair

  • enhancement: remove the rng_ctx parameter in all Kyber APIs except the key generation - internally lc_seeded_rng is used instead

  • enhancement: use -Wmissing-prototypes and fix reported issues

  • enhancement: provide standalone CBC, CTR, KW implementation

  • enhancement: provide AESNI implementation

  • enhancement: provide AES ARM CE implementation

  • enhancement: provide AES RISC-V 64 assembler implementation

  • enhancement: provide Linux kernel configuration option to enable startup health tests

  • fix: apply fixes such that all self tests and regression tests pass when compiled for Linux kernel

  • fix: properly zeroize memory when using the workspace memory

Leancrypto Version 0.5.3

Code

Changes 0.5.3

  • convert to safe min/max implementations

  • enhancement: allow kernel modules to be compiled directly from installed user space headers

  • enhancement: make ARMv8 code compile on macOS

  • use O3 compiler optimization instead of Os - O3 is significantly faster especially for Kyber C implementation, yet both options work fine

Leancrypto Version 0.5.2

Code

Changes 0.5.2

  • enhancement: add ARMv7 Neon assembler support for Keccak

  • enhancement: add but disable ARMv8 Neon assembler support for Keccak (it is slower than optimized C)

  • enhancement: add sign/update/final Dilithium APIs

  • enhancement: add RISC-V assembler support for Keccak (yet disabled)

  • enhancement: add ARMv8 assembler implementation of Kyber

  • enhancement: add counter KDF RNG interface

  • enhancement: add ARMv8 assembler and ARMv8 CE Keccak support

Leancrypto Version 0.5.1

Code

Changes 0.5.1

  • enhancement: add Linux kernel configuration options

  • enhancement: add lc_rerun_selftests API

  • enhancement: add AVX2 support for memcmp_secure

  • fix: some comments

Leancrypto Version 0.5.0

Code

Changes 0.5.0

  • enhancement: add ability to compile leancrypto for the Linux kernel including all tests

  • enhancement: make leancrypto generic such that it can be used in environments other than user space

  • enhancement: add compile time option small_stack which ensures that leancrypto’s stack usage is always less than 2048 (also verified by the compiler warning if it is bigger)

  • enhancement: Add assembler accelerations for SHA3 (AVX2 and AVX512 are verified with NIST’s ACVP service)

  • bug fix: Fix the SHA-3 C implementation on big-endian system (one byte-swap missing)

  • bug fix: SHAKE128 state had wrong size causing an overflow with the memset_secure in lc_hash_zero

  • fix: remove compile-time warnings on 32 bit systems

  • enhancement: SHAKE AVX2 4x implementation used by Kyber AVX2 implementation

  • enhancement: Kyber AVX2 support

  • enhancement: Dilithium AVX2 support

  • leancrypto tested on macOS with an M2 system

  • bug fix: Dilithium C on Big Endian had implicit type casts leading to endianess issues

  • enhancement: add RPM SPEC file - successful build on OpenSUSE build service on x86_64, i586, aarch64, armv7l, armv6l, ppc64, ppc64le, riscv64

  • rename memset_secure to lc_memset_secure preventing any possible name space clash

  • enhancement: add self tests to all algorithms

  • bug fix: ChaCha20 on BigEndian systems

Leancrypto Version 0.4.0

Code

Changes 0.4.0

  • simplify Kyber code

  • add RNG context to HKDF

  • add RNG context to KMAC

  • add AES 128/192/256, ECB, CBC, CTR, KW

  • add lc_seeded_rng

  • add lc_aead API to provide common interface to AEAD algorithms

  • add KyberIES

  • change API to Kyber KEM: allow caller to specify size of generated key

  • add leancrypto.h for ease of use

  • add SymHMAC AEAD algorithm

  • add cSHAKE 128

  • add KMAC 128

Leancrypto Version 0.3.0

Code

Changes 0.3.0

  • Introduce lc_rng.h as a common interface to the random number generators

  • add KMAC DRNG

  • add cSHAKE DRNG

  • add SHAKE-128

  • add dilithium signature PQC schema - test vectors were generated by leancrypto, but compared with the reference implementation which calculate the same results

  • add kyber KEM PQC schema - test vectors were generated by leancrypto, but compared with the reference implementation which calculate the same results

  • add cSHAKE AEAD cipher

  • KMAC-AEAD cipher: auth key is now set to 256 bits