Releases: open-quantum-safe/liboqs
0.10.1 release candidate 1
liboqs version 0.10.1-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 1 of version 0.10.1 of liboqs. It was released on June 5, 2024.
This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber based on pq-crystals/kyber@0264efa and pq-crystals/kyber@9b8d306. It also includes a fix for incorrectly named macros in the ML-DSA implementation.
What's New
This release continues from the 0.10.0 release of liboqs.
Key encapsulation mechanisms
- Kyber: portable C and AVX2 implementations updated
- ML-KEM: portable C and AVX2 implementations updated
Digital signature schemes
- ML-DSA: incorrectly named macros renamed
Detailed changelog
- switching to dev mode again by @baentsch in #1743
- Update README.md by @vsoftco in #1769
- Fix README.md to work with Doxygen release 1.10.0 by @praveksharma in #1775
- Fix for incorrect macros in signatures. by @bhess in #1799
- Pull Kyber/ML-KEM CT-Fix from upstream by @bhess
- Force gcc 13.2.0 over 13.3.0 by @planetf1 in #1805
Full Changelog: 0.10.0...0.10.1-rc1
0.10.0
liboqs version 0.10.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.10.0 of liboqs. It was released on March 20, 2024.
This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.
What's New
This release continues from the 0.9.2 release of liboqs.
Key encapsulation mechanisms
- BIKE: Updated portable C implementation to include constant-time fixes from upstream.
- HQC: Updated to NIST Round 4 version.
- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.
Digital signature schemes
- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.
Other changes
- Improved thread safety.
- Added uninstall support via
ninja uninstall
- Documented platforms by support tier in PLATFORMS.md.
- Added support for Zephyr RTOS.
- Improved support for macOS on Apple Silicon.
- Removed support for the "NIST-KAT" DRBG.
- Added extended KAT test programs.
Detailed changelog
- PR template update & OpenSSL clarification by @baentsch in #1582
- Use CMAKE_USE_PTHREADS_INIT by @zxjtan in #1576
- Add section to CONFIGURE.md link by @iyanmv in #1578
- Run copy_from_upstream and test by @baentsch in #1589
- Support several pqclean upstream versions by @baentsch in #1595
- Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in #1549
- minor updates by @vsoftco in #1600
- Pull new HQC implementation from upstream by @SWilson4 in #1585
- add uninstall support by @baentsch in #1604
- Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in #1618
- update .travis.yml by @bhess in #1629
- Pull latest Kyber version from upstream by @bhess in #1631
- platform support documentation [skip ci] by @baentsch in #1605
- Add support for Zephyr RTOS by @Frauschi in #1621
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in #1636
- Fix BIKE constant-time errors by @SWilson4 in #1632
- Fix falcon constant time check in Valgrind by @cothan in #1646
- Correct cmake version requirement by @baentsch in #1643
- Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in #1649
- Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in #1659
- Zephyr: fixes for platform support by @Frauschi in #1658
- Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in #1661
- Riscv zephyr support by @trigpolynom in #1641
- Zephyr: CMake fixes by @Frauschi in #1664
- Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in #1668
- Make internal API available to (only) test programs by @SWilson4 in #1667
- Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in #1669
- Add a document describing our subproject governance by @dstebila in #1675
- Set the correct compile flag for the memory sanitizer build by @SWilson4 in #1680
- Test against all 100 KAT values by @SWilson4 in #1560
- Update BIKE documentation to exclude x86 by @SWilson4 in #1679
- find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in #1653
- Call set_available_cpu_extensions using pthread_once by @zxjtan in #1671
- Discontinue AppVeyor CI testing by @SWilson4 in #1682
- Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in #1654
- Fix link in GOVERNANCE.md by @Martyrshot in #1686
- Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in #1684
- Update McEliece suppression files for generic config by @SWilson4 in #1677
- Update SPHINCS+ "clean" suppression files by @SWilson4 in #1683
- Update Sphincs+ Markdown documentation from YAML by @SWilson4 in #1690
- properly document release support level [skip ci] by @baentsch in #1688
- set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in #1695
- Fix cross compilation and test in CI by @SWilson4 in #1696
- update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in #1701
- Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in #1626
- Small fixes after adding ML-* by @bhess in #1702
- Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in #1709
- Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in #1699
- Fix for the Zephyr CI tests by @Frauschi in #1714
- remove references to unsupported openssh [skip ci] by @baentsch in #1713
- fix documentation generation by @baentsch in #1715
- Support Falcon PADDED format by @SWilson4 in #1710
- Fix for alg_support.cmake by @bhess in https://git...
liboqs version 0.10.0 release candidate 2
liboqs version 0.10.0-rc2
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 2 of version 0.10.0 of liboqs. It was released on March 13, 2024.
This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.
What's New
This release continues from the 0.9.2 release of liboqs.
Key encapsulation mechanisms
- BIKE: Updated portable C implementation to include constant-time fixes from upstream.
- HQC: Updated to NIST Round 4 version.
- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-786, and ML-KEM-1024.
Digital signature schemes
- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.
Other changes
- Improved thread safety.
- Added uninstall support via
ninja uninstall
- Documented platforms by support tier in PLATFORMS.md.
- Added support for Zephyr RTOS.
- Improved support for macOS on Apple Silicon.
- Removed support for the "NIST-KAT" DRBG.
- Added extended KAT test programs.
Detailed changelog
- PR template update & OpenSSL clarification by @baentsch in #1582
- Use CMAKE_USE_PTHREADS_INIT by @zxjtan in #1576
- Add section to CONFIGURE.md link by @iyanmv in #1578
- Run copy_from_upstream and test by @baentsch in #1589
- Support several pqclean upstream versions by @baentsch in #1595
- Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in #1549
- minor updates by @vsoftco in #1600
- Pull new HQC implementation from upstream by @SWilson4 in #1585
- add uninstall support by @baentsch in #1604
- Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in #1618
- update .travis.yml by @bhess in #1629
- Pull latest Kyber version from upstream by @bhess in #1631
- platform support documentation [skip ci] by @baentsch in #1605
- Add support for Zephyr RTOS by @Frauschi in #1621
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in #1636
- Fix BIKE constant-time errors by @SWilson4 in #1632
- Fix falcon constant time check in Valgrind by @cothan in #1646
- Correct cmake version requirement by @baentsch in #1643
- Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in #1649
- Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in #1659
- Zephyr: fixes for platform support by @Frauschi in #1658
- Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in #1661
- Riscv zephyr support by @trigpolynom in #1641
- Zephyr: CMake fixes by @Frauschi in #1664
- Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in #1668
- Make internal API available to (only) test programs by @SWilson4 in #1667
- Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in #1669
- Add a document describing our subproject governance by @dstebila in #1675
- Set the correct compile flag for the memory sanitizer build by @SWilson4 in #1680
- Test against all 100 KAT values by @SWilson4 in #1560
- Update BIKE documentation to exclude x86 by @SWilson4 in #1679
- find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in #1653
- Call set_available_cpu_extensions using pthread_once by @zxjtan in #1671
- Discontinue AppVeyor CI testing by @SWilson4 in #1682
- Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in #1654
- Fix link in GOVERNANCE.md by @Martyrshot in #1686
- Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in #1684
- Update McEliece suppression files for generic config by @SWilson4 in #1677
- Update SPHINCS+ "clean" suppression files by @SWilson4 in #1683
- Update Sphincs+ Markdown documentation from YAML by @SWilson4 in #1690
- properly document release support level [skip ci] by @baentsch in #1688
- set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in #1695
- Fix cross compilation and test in CI by @SWilson4 in #1696
- update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in #1701
- Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in #1626
- Small fixes after adding ML-* by @bhess in #1702
- Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in #1709
- Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in #1699
- Fix for the Zephyr CI tests by @Frauschi in #1714
- remove references to unsupported openssh [skip ci] by @baentsch in #1713
- fix documentation generation by @baentsch in #1715
- Support Falcon PADDED format by @SWilson4 in #1710
- Fix for alg_su...
0.10.0 release candidate 1
liboqs version 0.10.0-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 1 of version 0.10.0 of liboqs. It was released on March 8, 2024.
This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.
What's New
This release continues from the 0.9.2 release of liboqs.
Key encapsulation mechanisms
- BIKE: Updated portable C implementation to include constant-time fixes from upstream.
- HQC: Updated to NIST Round 4 version.
- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-786, and ML-KEM-1024.
Digital signature schemes
- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.
Other changes
- Improved thread safety.
- Added uninstall support via
ninja uninstall
- Documented platforms by support tier in PLATFORMS.md.
- Added support for Zephyr RTOS.
- Improved support for macOS on Apple Silicon.
- Removed support for the "NIST-KAT" DRBG.
- Added extended KAT test programs.
Detailed changelog
- PR template update & OpenSSL clarification by @baentsch in #1582
- Use CMAKE_USE_PTHREADS_INIT by @zxjtan in #1576
- Add section to CONFIGURE.md link by @iyanmv in #1578
- Run copy_from_upstream and test by @baentsch in #1589
- Support several pqclean upstream versions by @baentsch in #1595
- Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in #1549
- minor updates by @vsoftco in #1600
- Pull new HQC implementation from upstream by @SWilson4 in #1585
- add uninstall support by @baentsch in #1604
- Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in #1618
- update .travis.yml by @bhess in #1629
- Pull latest Kyber version from upstream by @bhess in #1631
- platform support documentation [skip ci] by @baentsch in #1605
- Add support for Zephyr RTOS by @Frauschi in #1621
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in #1636
- Fix BIKE constant-time errors by @SWilson4 in #1632
- Fix falcon constant time check in Valgrind by @cothan in #1646
- Correct cmake version requirement by @baentsch in #1643
- Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in #1649
- Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in #1659
- Zephyr: fixes for platform support by @Frauschi in #1658
- Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in #1661
- Riscv zephyr support by @trigpolynom in #1641
- Zephyr: CMake fixes by @Frauschi in #1664
- Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in #1668
- Make internal API available to (only) test programs by @SWilson4 in #1667
- Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in #1669
- Add a document describing our subproject governance by @dstebila in #1675
- Set the correct compile flag for the memory sanitizer build by @SWilson4 in #1680
- Test against all 100 KAT values by @SWilson4 in #1560
- Update BIKE documentation to exclude x86 by @SWilson4 in #1679
- find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in #1653
- Call set_available_cpu_extensions using pthread_once by @zxjtan in #1671
- Discontinue AppVeyor CI testing by @SWilson4 in #1682
- Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in #1654
- Fix link in GOVERNANCE.md by @Martyrshot in #1686
- Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in #1684
- Update McEliece suppression files for generic config by @SWilson4 in #1677
- Update SPHINCS+ "clean" suppression files by @SWilson4 in #1683
- Update Sphincs+ Markdown documentation from YAML by @SWilson4 in #1690
- properly document release support level [skip ci] by @baentsch in #1688
- set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in #1695
- Fix cross compilation and test in CI by @SWilson4 in #1696
- update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in #1701
- Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in #1626
- Small fixes after adding ML-* by @bhess in #1702
- Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in #1709
- Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in #1699
- Fix for the Zephyr CI tests by @Frauschi in #1714
- remove references to unsupported openssh [skip ci] by @baentsch in #1713
- fix documentation generation by @baentsch in #1715
- Support Falcon PADDED format by @SWilson4 in #1710
- Fix for alg_sup...
liboqs version 0.9.2
liboqs version 0.9.2
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.9.2 of liboqs. It was released on January 16, 2024.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@272125f
What's New
This release continues from the 0.9.1 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation updated
Detailed changelog
- Pull Kyber division fixes from PQ-Crystals into dev-092 by @praveksharma in #1652
Full Changelog: 0.9.1...0.9.2
liboqs version 0.9.2 release candidate 1
liboqs version 0.9.2-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 1 of version 0.9.2 of liboqs. It was released on January 11, 2024.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@272125f
What's New
This release continues from the 0.9.1 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation updated
Detailed changelog
- Pull Kyber division fixes from PQ-Crystals into dev-092 by @praveksharma in #1652
Full Changelog: 0.9.1...0.9.2-rc1
liboqs version 0.9.1
liboqs version 0.9.1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.9.1 of liboqs. It was released on December 22, 2023.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@dda29cc
What's New
This release continues from the 0.9.0 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation updated
Detailed changelog
- pull kyber from upstream: dda29cc63af721981ee2c831cf00822e69be3220 (#1631) by @dstebila in #1633
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue -> targeting 0.9.1 by @bhess in #1637
Full Changelog: 0.9.0...0.9.1
liboqs version 0.9.1 release candidate 1
liboqs version 0.9.1-rc1
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is release candidate 1 for version 0.9.1 of liboqs. It was released on December 19, 2023.
This release is a security release which fixes potential non-constant-time behaviour in Kyber based on pq-crystals/kyber@dda29cc
What's New
This release continues from the 0.9.0 release of liboqs.
Key encapsulation mechanisms
- Kyber: C, AVX2, and aarch64 implementation
Detailed changelog
- pull kyber from upstream: dda29cc63af721981ee2c831cf00822e69be3220 (#1631) by @dstebila in #1633
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue -> targeting 0.9.1 by @bhess in #1637
Full Changelog: 0.9.0...0.9.1-rc1
liboqs version 0.9.0
liboqs version 0.9.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.9.0 of liboqs. It was released on October 12, 2023.
This release features an update to the Classic McEliece KEM, bringing it in line with NIST Round 4. It also adds or updates ARM implementations for Kyber, Dilithium, and Falcon.
What's New
This release continues from the 0.8.0 release of liboqs.
Key encapsulation mechanisms
- Classic McEliece: updated to Round 4 version.
- Kyber: aarch64 implementation updated.
Digital signature schemes
- Dilithium: aarch64 implementation updated.
- Falcon: aarch64 implementation added.
Other changes
- Update algorithm documentation
- Support compilation for Windows on ARM64, Apple mobile, and Android platforms
- Improve resilience of randombytes on Apple systems
Release call
Users of liboqs are invited to join a webinar on Thursday, November 2, 2023, from 12-1pm US Eastern time for information on this release, plans for the next release cycle, and to provide feedback on OQS usage and features.
The Zoom link for the webinar is: https://uwaterloo.zoom.us/j/98288698086
Detailed changelog
- Fix libdir value in liboqs.pc by @vt-alt in #1496
- update version and remove CCI triggers by @baentsch in #1498
- create deb package and retain as artifact by @baentsch in #1501
- README correction to docs path & additional gitignore to macos + vscode by @planetf1 in #1503
- Trigger liboqs-python CI via GitHub API by @SWilson4 in #1507
- Update Classic McEliece by @praveksharma in #1470
- update BIKE documentation by @baentsch in #1509
- kyber/dilithium aarch64 pull from pqclean + patches by @bhess in #1512
- Pull Falcon updates from PQClean by @dstebila in #1523
- Bump XCode by @baentsch in #1526
- Update Classic McEliece supression files by @praveksharma in #1527
- Bump gitpython from 3.1.30 to 3.1.32 in /scripts/copy_from_upstream by @dependabot in #1524
- ci: add CI for android by @res0nance in #1531
- re-enable armhf speed testing by @baentsch in #1535
- Bump gitpython from 3.1.32 to 3.1.34 in /scripts/copy_from_upstream by @dependabot in #1538
- Prefer arc4random on Apple platforms by @res0nance in #1544
- Bump gitpython from 3.1.34 to 3.1.35 in /scripts/copy_from_upstream by @dependabot in #1551
- Update Classic McEliece suppression files by @praveksharma in #1541
- Pull Neon implementation of Falcon from PQClean by @SWilson4 in #1547
- ci: add CI for apple mobile platforms by @res0nance in #1546
- Add Windows ARM64 support by @res0nance in #1545
- Document Falcon constant time errors by @praveksharma in #1552
- ci: github actions CI for Windows x86 and x64 by @res0nance in #1554
- build: Align VS test folder with all other Generators by @res0nance in #1557
- Fix weekly.yml to skip McEliece by @praveksharma in #1562
- Enable extensions in constant-time tests by @SWilson4 in #1567
- Update Classic McEliece supression files by @praveksharma in #1568
- liboqs 0.9.0 release candidate 1 by @SWilson4 in #1570
- add community standard documentation [skip ci] by @baentsch in #1565
- Bump gitpython from 3.1.35 to 3.1.37 in /scripts/copy_from_upstream by @dependabot in #1575
New Contributors
- @planetf1 made their first contribution in #1503
- @SWilson4 made their first contribution in #1507
- @praveksharma made their first contribution in #1470
- @res0nance made their first contribution in #1531
Full Changelog: 0.8.0...0.9.0
liboqs version 0.8.0
liboqs version 0.8.0
About
The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
Release notes
This is version 0.8.0 of liboqs. It was released on June 7, 2023.
What's New
This release continues from the 0.7.2 release of liboqs.
This release features many algorithm updates, including removal of algorithms and variants no longer proceeding through NIST standardization and updates to newer versions. See the detailed list of algorithm updates below.
Key encapsulation mechanisms
- BIKE: updated to Round 4 version.
- Kyber: 90s variants were removed.
- NTRU Prime: All variants were removed, except for sntrup761.
- Saber: removed.
Digital signature schemes
- Dilithium; AES variants were removed.
- Falcon: updated to the 2023-02-07 version.
- Picnic: removed.
- Rainbow: removed.
- SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed
Other changes
- Add Cryptographic Bill of Materials (CBOM)
- Improve building on ARM platforms
- Improve performance when using OpenSSL 3 for symmetric cryptography
- Increment shared object library version
- New configure-time options for algorithm selections
- pkgconfig file now available
Known issues
- Issue #1488: 32-bit builds fail in Microsoft Visual C for Falcon AVX code
Detailed changelog
- Add missing requirements to the requirements.txt by @thb-sb in #1295
- Solve '-Wstrict-prototypes' for clang >= 15.0 by @thb-sb in #1293
- Ensure build without an executable stack (fixes #1285) by @sebastinas in #1294
- Fix typo in Picnic's NEON detection by @sebastinas in #1298
- ARM32 gcc12 build workaround by @baentsch in #1297
- Fallback code for
aligned_alloc
and use ofexplicit_bzero
by @sebastinas in #1300 - update version string indicating dev status by @baentsch in #1305
- addressing sig length questions by @baentsch in #1306
- Integer overflow leading to incorrect SHA3 computation by @jschanck in #1312
- Fixing OQS ARM inconsistencies by @Martyrshot in #1307
- automatically activate USE_RASPBERRY_PI define by @baentsch in #1313
- update Kyber and Dilithium from upstream by @bhess in #1316
- Remove rainbow by @xvzcf in #1321
- Removed Picnic signature scheme. by @xvzcf in #1323
- Removed NTRU-Prime. by @xvzcf in #1325
- Removed SABER. by @xvzcf in #1326
- add valgrind option by @malbert1 in #1327
- Removed NTRU. by @xvzcf in #1335
- Add ntruprime by @ryndia in #1328
- fix: initialize context after reset in ossl_sha3x4 by @bhess in #1339
- Enable algorithm filtering by @baentsch in #1333
- Revert "Enable algorithm filtering (#1333)" by @baentsch in #1351
- llvm15 update by @baentsch in #1350
- Adds CBOM for liboqs by @bhess in #1337
- Fix Doxygen Markdown failures by @dstebila in #1349
- Build dump_alg_info in tests by @dstebila in #1353
- Build Doxygen docs in whatever the CMake build directory is by @dstebila in #1357
- NIST std algs list selection enablement by @baentsch in #1355
- Config update by @baentsch in #1361
- add cpack (for .deb packages) by @baentsch in #1362
- Updated PQClean commit in
copy_from_upstream.yml
by @xvzcf in #1359 - Bump gitpython from 3.0.7 to 3.1.30 in /scripts/copy_from_upstream by @dependabot in #1354
- Fixed mismatch between YAML and markdown docs for some algorithms. by @xvzcf in #1365
- adding OpenSSL3 test; activating sanitizer test by @baentsch in #1363
- re-enabling msys2 testing after picnic is gone by @baentsch in #1373
- Use OQS_STATUS types in FrodoKEM by @dstebila in #1377
- compiler future-proofing Release builds by @baentsch in #1378
- BIKE Round-4 update by @dkostic in #1369
- Fix rendering error in Markdown by @dstebila in #1384
- Update Falcon to 20230207 by @dstebila in #1386
- Revert "Update Falcon to 20230207 (PQClean commit 96dfee95cc56207d1ec… by @baentsch in #1392
- Add full-cycle speed test by @baentsch in #1391
- update BIKE documentation by @baentsch in #1387
- correct free in test_kem/sig by @baentsch in #1399
- Copy from upstream (Kyber), add pqcrystals-* licenses to README by @bhess in #1403
- Update Falcon implementation by @thomwiggers in #1395
- adding issue template [skip ci] by @baentsch in #1410
- Copy_from_upstream: no subprocess call & update_cbom fix for CI. by @bhess in #1412
- CI test copy_from_upstream by @baentsch in #1405
- Fix constant time failure for Falcon AVX2 by @dstebila in #1415
- clarify OpenSSL config [skip ci] by @baentsch in #1429
- Make BIKE decode function void to avoid ct issues by @dkostic in #1400
- rm duped "the" in pull_request_template.md by @Rudxain in #1439
- fix "ths" typo by @Rudxain in #1438
- Generate and install pkgconfig file by @tranzystorek-io in #1435
- Initial fetching of MD and Cipher objects from OpenSSL(3) by @beldmit in #1431
- Use CMake flag for -Werror by @thomwiggers in #1444
- ...