Leancrypto Version 1.1.0

Code

Changes 1.1.0

  • ML-KEM remove modulus check of decapsulation key (not required by FIPS 203)

  • ML-KEM: add key pair PCT API - leancrypto cannot invoke it itself as it does not know when both keys are provided from outside

  • ML-DSA: add consistency with FIPS 204 - the signature changes as the input data handling is added (if you want to apply the old signature, use the new lc_dilithium_[sign|verify]_ctx API with ctx->ml_dsa_internal = 1)

  • ML-DSA: add API to allow caller to provide a user context as allowed by FIPS 204, to invoke ML-DSA.Sign_internal, ML-DSA.Verify_internal and HashML-DSA

  • ML-KEM: rename source code directory to ml-kem

  • ML-DSA: rename source code directory to ml-dsa

  • BIKE: Add NIST round 4 KEM candiate

  • ML-DSA: Add support to retain the expanded key to increase the performance of signature operations by 15 to 20%

  • ML-DSA: add key pair PCT API - leancrypto will not invoke it, but provides it for FIPS 140 support

  • SLH-DSA: Add SLH-DSA-SHAKE-256s, SLH-DSA-SHAKE-256f, SLH-DSA-SHAKE-192s, SLH-DSA-SHAKE-192f, SLH-DSA-SHAKE-128s, SLH-DSA-SHAKE-128f

  • ML-DSA, ML-KEM, SLH-DSA, BIKE, Hash, AEAD, RNG, HMAC, HKDF, symmetric: move API implementation from H to C file - this implies that no RUST wrappers are needed

  • Linux kernel: ML-DSA / SLH-DSA sigver input changed to be compliant to existing kernel structures: req->src SGL contains signature || msg, req->dst SGL is not processed