From ba090cf59e421eca9c0535d9f5eb14e8fc023452 Mon Sep 17 00:00:00 2001 From: David Stainton Date: Tue, 9 Jul 2024 21:36:47 -0700 Subject: [PATCH 1/3] Add more hybrid NIKEs and KEMs --- kem/schemes/schemes.go | 26 ++++++++++++++++++++++++-- nike/hybrid/ctidh.go | 13 +++++++------ nike/schemes/schemes.go | 7 +++++-- 3 files changed, 36 insertions(+), 10 deletions(-) diff --git a/kem/schemes/schemes.go b/kem/schemes/schemes.go index eaa58e3..6c217b6 100644 --- a/kem/schemes/schemes.go +++ b/kem/schemes/schemes.go @@ -35,18 +35,39 @@ import ( var potentialSchemes = [...]kem.Scheme{ - // post quantum KEM schemes + // PQ KEMs adapter.FromNIKE(ctidh511.Scheme()), adapter.FromNIKE(ctidh512.Scheme()), adapter.FromNIKE(ctidh1024.Scheme()), adapter.FromNIKE(ctidh2048.Scheme()), + + // hybrid KEMs + + combiner.New( + "CTIDH512-X25519", + []kem.Scheme{ + adapter.FromNIKE(ctidh512.Scheme()), + adapter.FromNIKE(x25519.Scheme(rand.Reader)), + }, + ), + combiner.New( + "CTIDH1024-X448", + []kem.Scheme{ + adapter.FromNIKE(ctidh1024.Scheme()), + adapter.FromNIKE(x448.Scheme(rand.Reader)), + }, + ), } var allSchemes = []kem.Scheme{ // classical KEM schemes (converted from NIKE via hashed elgamal construction) + + // Classical DiffieHellman imeplementation has a bug with this ticket: + // https://github.com/katzenpost/hpqc/issues/39 adapter.FromNIKE(diffiehellman.Scheme()), + adapter.FromNIKE(x25519.Scheme(rand.Reader)), adapter.FromNIKE(x448.Scheme(rand.Reader)), @@ -78,7 +99,8 @@ var allSchemes = []kem.Scheme{ kyber768.Scheme(), ), - // An alternative to Xwing using a generic and secure KEM combiner. + // If Xwing is not the PQ Hybrid KEM you are looking for then we recommend + // using our secure generic KEM combiner: combiner.New( "MLKEM768-X25519", []kem.Scheme{ diff --git a/nike/hybrid/ctidh.go b/nike/hybrid/ctidh.go index 54d92c0..4fd4228 100644 --- a/nike/hybrid/ctidh.go +++ b/nike/hybrid/ctidh.go @@ -10,6 +10,7 @@ import ( "github.com/katzenpost/hpqc/nike/ctidh/ctidh511" "github.com/katzenpost/hpqc/nike/ctidh/ctidh512" "github.com/katzenpost/hpqc/nike/x25519" + "github.com/katzenpost/hpqc/nike/x448" "github.com/katzenpost/hpqc/rand" ) @@ -25,14 +26,14 @@ var CTIDH512X25519 nike.Scheme = &Scheme{ second: x25519.Scheme(rand.Reader), } -var CTIDH1024X25519 nike.Scheme = &Scheme{ - name: "CTIDH1024-X25519", +var CTIDH1024X448 nike.Scheme = &Scheme{ + name: "CTIDH1024-X448", first: ctidh1024.Scheme(), - second: x25519.Scheme(rand.Reader), + second: x448.Scheme(rand.Reader), } -var CTIDH2048X25519 nike.Scheme = &Scheme{ - name: "CTIDH2048-X25519", +var CTIDH2048X448 nike.Scheme = &Scheme{ + name: "CTIDH2048-X448", first: ctidh2048.Scheme(), - second: x25519.Scheme(rand.Reader), + second: x448.Scheme(rand.Reader), } diff --git a/nike/schemes/schemes.go b/nike/schemes/schemes.go index d72f01f..25b9275 100644 --- a/nike/schemes/schemes.go +++ b/nike/schemes/schemes.go @@ -29,8 +29,8 @@ var potentialSchemes = [...]nike.Scheme{ //hybrid.CTIDH511X25519, hybrid.CTIDH512X25519, - hybrid.CTIDH1024X25519, - hybrid.CTIDH2048X25519, + hybrid.CTIDH1024X448, + hybrid.CTIDH2048X448, // NOBS CSIDH doesn't work on arm32 // XXX TODO: deprecate and remove. @@ -42,6 +42,9 @@ var allSchemes = []nike.Scheme{ // classical NIKE schemes x25519.Scheme(rand.Reader), x448.Scheme(rand.Reader), + + // Classical DiffieHellman imeplementation has a bug with this ticket: + // https://github.com/katzenpost/hpqc/issues/39 diffiehellman.Scheme(), } From ded1ce3a70993f2c58953a8f2621493c9e08f740 Mon Sep 17 00:00:00 2001 From: David Stainton Date: Tue, 9 Jul 2024 21:58:12 -0700 Subject: [PATCH 2/3] Add another hybrid nike --- nike/hybrid/ctidh.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nike/hybrid/ctidh.go b/nike/hybrid/ctidh.go index 4fd4228..0c23d4b 100644 --- a/nike/hybrid/ctidh.go +++ b/nike/hybrid/ctidh.go @@ -26,6 +26,12 @@ var CTIDH512X25519 nike.Scheme = &Scheme{ second: x25519.Scheme(rand.Reader), } +var CTIDH512X448 nike.Scheme = &Scheme{ + name: "CTIDH512-X448", + second: ctidh512.Scheme(), + first: x448.Scheme(rand.Reader), +} + var CTIDH1024X448 nike.Scheme = &Scheme{ name: "CTIDH1024-X448", first: ctidh1024.Scheme(), From 951d134f35689b7193b5e77bb423128bd6dcb5b9 Mon Sep 17 00:00:00 2001 From: David Stainton Date: Tue, 9 Jul 2024 22:03:46 -0700 Subject: [PATCH 3/3] comment out the classical dh since it fails tests --- kem/schemes/schemes.go | 3 +-- nike/schemes/schemes.go | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/kem/schemes/schemes.go b/kem/schemes/schemes.go index 6c217b6..0c8548f 100644 --- a/kem/schemes/schemes.go +++ b/kem/schemes/schemes.go @@ -27,7 +27,6 @@ import ( "github.com/katzenpost/hpqc/nike/ctidh/ctidh2048" "github.com/katzenpost/hpqc/nike/ctidh/ctidh511" "github.com/katzenpost/hpqc/nike/ctidh/ctidh512" - "github.com/katzenpost/hpqc/nike/diffiehellman" "github.com/katzenpost/hpqc/nike/x25519" "github.com/katzenpost/hpqc/nike/x448" "github.com/katzenpost/hpqc/rand" @@ -66,7 +65,7 @@ var allSchemes = []kem.Scheme{ // Classical DiffieHellman imeplementation has a bug with this ticket: // https://github.com/katzenpost/hpqc/issues/39 - adapter.FromNIKE(diffiehellman.Scheme()), + //adapter.FromNIKE(diffiehellman.Scheme()), adapter.FromNIKE(x25519.Scheme(rand.Reader)), adapter.FromNIKE(x448.Scheme(rand.Reader)), diff --git a/nike/schemes/schemes.go b/nike/schemes/schemes.go index 25b9275..9f33ed8 100644 --- a/nike/schemes/schemes.go +++ b/nike/schemes/schemes.go @@ -8,7 +8,6 @@ import ( "github.com/katzenpost/hpqc/nike/ctidh/ctidh2048" "github.com/katzenpost/hpqc/nike/ctidh/ctidh511" "github.com/katzenpost/hpqc/nike/ctidh/ctidh512" - "github.com/katzenpost/hpqc/nike/diffiehellman" "github.com/katzenpost/hpqc/nike/hybrid" "github.com/katzenpost/hpqc/nike/x25519" "github.com/katzenpost/hpqc/nike/x448" @@ -45,7 +44,7 @@ var allSchemes = []nike.Scheme{ // Classical DiffieHellman imeplementation has a bug with this ticket: // https://github.com/katzenpost/hpqc/issues/39 - diffiehellman.Scheme(), + //diffiehellman.Scheme(), } var allSchemeNames map[string]nike.Scheme