aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2023-10-07-c11-fips203ipd.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts/2023-10-07-c11-fips203ipd.md')
-rw-r--r--content/posts/2023-10-07-c11-fips203ipd.md16
1 files changed, 13 insertions, 3 deletions
diff --git a/content/posts/2023-10-07-c11-fips203ipd.md b/content/posts/2023-10-07-c11-fips203ipd.md
index b32e47f..c04c086 100644
--- a/content/posts/2023-10-07-c11-fips203ipd.md
+++ b/content/posts/2023-10-07-c11-fips203ipd.md
@@ -16,15 +16,17 @@ encapsulation mechanism (KEM)][kem].
* Full implementation of all three parameter sets from the [FIPS 203
initial public draft][fips203ipd].
* [C11][], no external dependencies (other than the standard library).
+* Constant-time [Barrett reduction][]. Not vulnerable to [KyberSlash][].
* Test suite w/ common sanitizers enabled (`make test`).
* Doxygen-friendly API documentation (`fips203ipd.h`). Also available
online [here][api-docs].
-* short example application (`examples/0-hello-kem/`).
+* Short example application (`examples/0-hello-kem/`).
+* Independent implementation. Not based on other libraries.
-[Git Repository][github]
+[Git Repository][github], [API Documentation][api-docs]
**Note:** This is an initial release based on the draft standard with no
-real optimization; it is slow and memory-intensive.
+real optimization; it is probably slower than other implementations.
**Another Note:** Worth reading before relying on any [Kyber][]
implementation: [2020.10.03: The inability to count
@@ -138,6 +140,7 @@ int main(void) {
fputs("\n\n", stdout);
// check result
+ // (note: example only; memcmp() is not constant-time)
if (!memcmp(a_key, b_key, sizeof(a_key))) {
// success: alice and bob have the same shared secret
fputs("SUCCESS! alice secret `a_key` and bob secret `b_key` match.\n", stdout);
@@ -182,6 +185,9 @@ added a brief explanation to the example section.
speed improvements, a new example, and [online API
documentation][api-docs].
+**Update (2024-02-14):** Added [Barrett reduction][] and independent
+implementation to feature list. Minor wording fixes.
+
[c11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision)
"ISO/IEC 9899:2011"
[SHA-3]: https://en.wikipedia.org/wiki/SHA-3
@@ -212,3 +218,7 @@ documentation][api-docs].
"Daniel J. Bernstein"
[api-docs]: https://pmdn.org/api-docs/fips203ipd/
"online API documentation"
+[kyberslash]: kyberslash.cr.yp.to/
+ "Timing vulnerability in many implementations of Kyber and FIPS203"
+[barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction
+ "Barrett modular reduction"