6 releases (3 breaking)
0.4.1 | Nov 21, 2024 |
---|---|
0.4.0 | Nov 8, 2024 |
0.3.1 | Nov 8, 2024 |
0.2.0 | Oct 30, 2024 |
0.1.0 | Oct 29, 2024 |
#895 in Cryptography
495 downloads per month
160KB
3K
SLoC
FrodoKem
A pure rust implementation of
It's submission was included in NIST's PQ Round 3 competition, and is now being standardized at ISO.
⚠️ Security Warning
This crate has been tested against the test vectors provided by the FrodoKEM team and been rigorously tested for correctness, performance, and security. It has also been tested against opensafequatum's liboqs library to compatibility and correctness.
The implementation contained in this crate has never been independently audited!
USE AT YOUR OWN RISK!
Minimum Supported Rust Version
This crate requires Rust 1.82 at a minimum.
We may change the MSRV in the future, but it will be accompanied by a minor version bump.
Details
This crate provides the following FrodoKEM algorithms:
- FrodoKEM-640-AES ✅
- FrodoKEM-976-AES ✅
- FrodoKEM-1344-AES ✅
- FrodoKEM-640-SHAKE ✅
- FrodoKEM-976-SHAKE ✅
- FrodoKEM-1344-SHAKE ✅
- eFrodoKEM-640-AES ✅
- eFrodoKEM-976-AES ✅
- eFrodoKEM-1344-AES ✅
- eFrodoKEM-640-SHAKE ✅
- eFrodoKEM-976-SHAKE ✅
- eFrodoKEM-1344-SHAKE ✅
eFrodoKEM is a variant of FrodoKEM that is meant to be used one-time only. Using more than once is considered a security risk.
When in doubt use the FrodoKEM algorithm variants.
Expanding matrix A
NOTE on AES
To speed up AES, there are a few options available:
RUSTFLAGS="--cfg aes_armv8" cargo build --release
ensures that the ARMv8 AES instructions are used if available.frodo-kem-rs = { version = "0.3", features = ["openssl"] }
uses theopenssl
crate for AES.
By default, the aes
feature auto-detects the best AES implementation for your platform
for x86 and x86_64,
but not on ARMv8 where it defaults to the software implementation as of this writing.
To enable the ARMv8 AES instructions, the aes_armv8
feature is enabled in the .cargo/config
file in this crate.
Enabling openssl and aesni provides the fastest Aes algorithms.
openssl tends to be faster than the aes rust crate implementation by about 10-15% on Armv8.
NOTE on SHAKE
Shake auto detects the best implementation for your platform or like AES you can enable openssl
for it also.
On Armv8, the rust shake implementation is faster than the openssl implementation by about 22-25%.
Serialization
This crate has been tested against the following serde
compatible formats:
- serde_bare
- bincode
- postcard
- serde_cbor
- serde_json
- serde_yaml
- toml
License
Licensed under
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Dependencies
~0.6–1.8MB
~33K SLoC