Conversation
The implementations of Dilithium and Kyber were based on the following PQM4 commit hash: 992f0f226503d43b6d33278ecb60a9168ed8d787 (By "pqm4" we mean this library: https://github.com/mupq/pqm4) As was mentioned in the file src/dilithium/README.md: > The above commit seems to most closely match "NIST Submission Round 3" of the > reference implementation. We have now upgraded the code to the following pqm commit hash: a24bb4b662016968c19f5e6a0719c9ad530f0286 As far as I can see, there is no clear git tag for the finalized ML-DSA/ML-KEM versions on the pqm4 release page, so I'm gambling here that this commit works fine. I have moreover made the choice to rely more on CMake and specifying source files to build, rather than copy-pasting them manually into this source tree. This seems to work alright. The only hurdle is the "randombytes.h" header file, which we're supposed to implement ourselves. Although, we also do have to make sure to have an -I (include) line before the regular includes of mupq/pqm4.
| #endif | ||
|
|
||
| int getMlDsaAlgorithmVariant() { | ||
| return DILITHIUM_MODE; |
There was a problem hiding this comment.
Should the name dilithium still appear here?
Collaborator
Author
There was a problem hiding this comment.
Yes, this is a macro from the config.h file from the pqm4 source code.
src/mldsa/wrapper.h
Outdated
| #define MLDSA_SIGNED_MESSAGE_SIZE (MLDSA_SIGNATURE_SIZE + MLDSA_MESSAGE_SIZE) | ||
|
|
||
| /** | ||
| * @brief Get the dilithium algorithm variant. There are a few variants and |
There was a problem hiding this comment.
Again dilithium appearing in comment this time. Probably also in other places?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These changes update ML-DSA FIPS 204 (previously known as "PQCrystals-Dilithium") and ML-KEM FIPS 203 (previously known as "PQCrystals-Kyber") to their NIST standards.
Of note here is that the ML-DSA private key and signature byte size has changed. This is noted at the top of the src/main.c file.
Due to these breaking changes we bump the major version to 4.0.
The upstream PQM4 commit chosen is:
a24bb4b662016968c19f5e6a0719c9ad530f0286
There is no clear git tag for the NIST standard at the upstream PQM4 repository, so we go with a commit from the main branch.
The strategy for integrating PQM4 has changed as well. Previously we manually added a subset of PQM4 sources to the repository. But now we checkout the actual PQM4 sources and reuse them.
The only custom integration step necessary is to define the
randombytesfunction, which is done in thesrc/pqm4_haldirectory. Care must be taken to ensure that this directory, as an include directory, comes before other PQM4 include directories. This way, the PQM4 sources will use therandombytesfunction from thesrc/pqm4_haldirectory. Ourrandombytesimplementation just plugs into the Pinata random generator.