kris
/
pqc
1
1
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Reference implementations of PQC
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
1070 Revīzijas
9 Atzari
14 MiB
Atzars: master
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'master'
${ noResults }
pqc/SECURITY.md

SECURITY.md 2.4 KiB
Neapstrādāts Patstāvīgā saite Parastais skats Vēsture

Create SECURITY.md Uses the new Gitlab security documenting features/"standard" to explain our security non-policy.
pirms 5 gadiem
Document security issues (#236) It seems wise to include _some_ form of guidance on what we know about problems with certain (versions of) implementations. [ci skip]
pirms 5 gadiem
FrodoKEM: Fix bug in the output of the ct_verify function (#367) * Fix bug in the output of the ct_verify function A bug in the CCA transformation was reported on the pqc-forum on 2020-12-10 https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/kSUKzDNc5ME It was fixed today in https://github.com/microsoft/PQCrypto-LWEKE/commit/669522db63850fa64d1a24a47e138e80a59349db. This commit ports that fix to PQClean * add note to SECURITY.md * update upstream commit in META.yml
pirms 3 gadiem
Mention FrodoKEM timing leak in SECURITY.md
pirms 4 gadiem
Document security issues (#236) It seems wise to include _some_ form of guidance on what we know about problems with certain (versions of) implementations. [ci skip]
pirms 5 gadiem
Create SECURITY.md Uses the new Gitlab security documenting features/"standard" to explain our security non-policy.
pirms 5 gadiem
Document security issues (#236) It seems wise to include _some_ form of guidance on what we know about problems with certain (versions of) implementations. [ci skip]
pirms 5 gadiem
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. # A note on the security of the included implementations and schemes

  2. 

  3. This project contains (reference) implementations of cryptographic libraries.

  4. We do not make any security claims about the code included in PQClean.

  5. In the current state, we distribute reference implementations with minor modifications.

  6. We did not perform any extensive security analyses.

  7. This code is suitable for experimental or scientific use.

  8. We recommend careful expert code review before using any of the included implementations in production environments.

  9. 

  10. See also the [NIST PQC Forum][forum] for discussion about the cryptographic schemes included in PQClean.

  11. 

  12. ## Current and past security issues

  13. 

  14. We will attempt to document security vulnerabilities made known to us on a best-effort basis.

  15. If an issue is marked with a date, the issue has been resolved since any commits made after that date.

  16. 

  17. Again, we emphasise that the code in this repository has not seen any formal analysis or audit!

  18. Use at your own risk.

  19. 

  20. ### Open issues

  21. * LEDAcryptKEM `leaktime` implementations are known to not be constant-time and expected to have timing side channel vulnerabilities.

  22. 

  23. <!-- new date line

  24. ### 2019-XX-XX

  25. -->

  26. 

  27. ### 2020-12-11

  28. * The fix of the timing leak in the CCA transform of FrodoKEM in [PR #303](https://github.com/PQClean/PQClean/pull/303) was ineffective. The FrodoKEM team released another [fix](https://github.com/microsoft/PQCrypto-LWEKE/commit/669522db63850fa64d1a24a47e138e80a59349db) which was ported to PQClean in [PR #367](https://github.com/PQClean/PQClean/pull/367).

  29. 

  30. ### 2020-06-19

  31. * A potential timing leak was present in the FrodoKEM decapsulation routine, as identified by [Guo, Johansson, and Nilsson](https://eprint.iacr.org/2020/743).  This was fixed in [PR #303](https://github.com/PQClean/PQClean/pull/303).

  32. 

  33. ### 2019-09-24

  34. * All Falcon implementations before [PR #235][PR 235] got merged were insecure. See [EPRINT report 2019/893][2019/893].

  35. 

  36. ### 2019-09-10

  37. * The included incremental `sha512` implementation was calling `crypto_hashblocks_sha256` before 2019-9-10.

  38.   This lead to an insufficient security level of the results of this hash function.

  39.   The function was not used in any implementations, though.

  40.   See [PR #232][PR 232].

  41. 

  42. 

  43. [2019/893]: https://eprint.iacr.org/2019/893

  44. [forum]: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Email-List

  45. 

  46. [PR 232]: https://github.com/PQClean/PQClean/pull/232

  47. [PR 235]: https://github.com/PQClean/PQClean/pull/235