Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PQCrystals Dilithium3 to AWS-LC #610

Closed
wants to merge 7 commits into from
Closed

Add PQCrystals Dilithium3 to AWS-LC #610

wants to merge 7 commits into from

Conversation

jakemas
Copy link
Contributor

@jakemas jakemas commented Sep 1, 2022

Description of changes:

This PR introduces a new signature algorithm Crystals Dilithium that has been selected for standardization by NIST as part of the PQC project. We import the Dilithium source code from this commit of the official Dilithium repository pq-crystals/dilithium@3e9b9f1.

Dilithium has been added into the EVP_PKEY APIs utilizing key generation, sign and verify. This introduction follows a similar pattern as the import of Crystals Kyber in #343.

Call-outs:

Addition to EVP interface
In addition to simply importing the Dilithium source code and providing an interface to the sign/verify methods, this PR also makes Dilithium3 keys available to the EVP PKEY interface including a subset of methods for key management. As the Dilithium signing procedure is a single-shot signing algorithm that does not use a pre-hash, we follow much of the same structure as the EVP interface for Ed25519. For example, to sign and verify we use the EVP operations EVP_DigestSign and EVP_DigestVerify with hash |type| set to NULL.

Dilithium3-Ref
The source code imported is for the Reference implementation of Dilithium3. This was selected for initial import due to it being platform agnostic. The optimized implementation is for AVX2 instruction sets and so priority was given to the implementation which will work on all architectures. Importing optimized versions (and higher security levels) can be done as a follow-on effort.

There are two pairs of sign/verify APIs provided by Dilithium, pqcrystals_dilithium3_ref_signature and pqcrystals_dilithium3_ref_verify which sign and verify (resp.) a Dilithium3 signature generated for some message m, and pqcrystals_dilithium3_ref and pqcrystals_dilithium3_ref_open, which sign and verify (resp.) a Dilithium3 signed message (which is the composition of a Dilithium3 and the message m that was signed) for some message m. We have chosen to select the two APIs pqcrystals_dilithium3_ref_signature and pqcrystals_dilithium3_ref_verify to be consistent with existing EVP signature functionality. This is also consistent with other implementations, such as within LibOQS.

SHA-3/SHAKE
Dilithium requires SHA-3 and SHAKE methods which are in the process of being added to AWS-LC. For this PR, the needed SHA-3/SHAKE dependencies are included within the Dilithium3 source tree directly. We are currently working on separating out a separate SHA-3/SHAKE interface in AWS-LC and utilizing this across both Kyber and Dilithium.

DRBG
To support KAT testing, a deterministic random number generator was needed. This PR introduces the same DRBG (AES-CTR) used by the Dilithium source code and uses the same randombytes interface to seed and get random bytes from it. The DRBG only gets built when the testing flag is enabled. Otherwise, the existing RNG is used.

Testing:

Unit tests were added which exercise the use of Dilithium3 in the EVP interface. KAT tests from the Dilithium submission to NIST's Round 3 Post-Quantum Cryptography selection process are also included. To support running the KAT tests, an additional random number generator was added which is deterministic and only built-in test mode.

The KAT tests are built by the Dilithium team using the pqcrystals_dilithium3_ref and pqcrystals_dilithium3_ref_open APIs (which include the message within the signature). Since we are using the APIs that do not include the message within the signature we truncate the full signature in the KAT to only the signature part to exclude the copy of the message.

... other existing tests ...

[----------] 5 tests from Dilithium3Test
[ RUN      ] Dilithium3Test.KeyGeneration
[       OK ] Dilithium3Test.KeyGeneration (0 ms)
[ RUN      ] Dilithium3Test.KeyComparison
[       OK ] Dilithium3Test.KeyComparison (1 ms)
[ RUN      ] Dilithium3Test.NewKeyFromBytes
[       OK ] Dilithium3Test.NewKeyFromBytes (0 ms)
[ RUN      ] Dilithium3Test.KeySize
[       OK ] Dilithium3Test.KeySize (0 ms)
[ RUN      ] Dilithium3Test.KAT
[       OK ] Dilithium3Test.KAT (114 ms)
[----------] 5 tests from Dilithium3Test (115 ms total)
... other existing tests ...

[----------] Global test environment tear-down
[==========] 1224 tests from 96 test suites ran. (21495 ms total)
[  PASSED  ] 1224 tests.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@torben-hansen
Copy link
Contributor

torben-hansen commented Sep 1, 2022
edited
Loading

Can we please split this PR into several logically separated PRs?

I.e.

  1. import dilithium
  2. higher level API integration

@jakemas
Copy link
Contributor Author

jakemas commented Sep 7, 2022

Can we please split this PR into several logically separated PRs?

I.e.

  1. import dilithium
  2. higher level API integration

Okay, splitting up into 2 PRs. Please leave this PR open while I spilt so I can refer back to it in the meantime.

@andrewhop andrewhop closed this Oct 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewhop andrewhop Awaiting requested review from andrewhop

@dkostic dkostic Awaiting requested review from dkostic

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jakemas @torben-hansen @andrewhop