From cba0a52aa8c9a3058779046ff425aac969d06630 Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Wed, 14 Feb 2024 11:35:40 -0500
Subject: content/posts/2023-10-07-c11-fips203ipd.md: add barrett reduction
 note, minor wording fixes

---
 content/posts/2023-10-07-c11-fips203ipd.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'content/posts')

diff --git a/content/posts/2023-10-07-c11-fips203ipd.md b/content/posts/2023-10-07-c11-fips203ipd.md
index b32e47f..c04c086 100644
--- a/content/posts/2023-10-07-c11-fips203ipd.md
+++ b/content/posts/2023-10-07-c11-fips203ipd.md
@@ -16,15 +16,17 @@ encapsulation mechanism (KEM)][kem].
 * Full implementation of all three parameter sets from the [FIPS 203
   initial public draft][fips203ipd].
 * [C11][], no external dependencies (other than the standard library).
+* Constant-time [Barrett reduction][].  Not vulnerable to [KyberSlash][].
 * Test suite w/ common sanitizers enabled (`make test`).
 * Doxygen-friendly API documentation (`fips203ipd.h`).  Also available
   online [here][api-docs].
-* short example application (`examples/0-hello-kem/`).
+* Short example application (`examples/0-hello-kem/`).
+* Independent implementation. Not based on other libraries.
 
-[Git Repository][github]
+[Git Repository][github], [API Documentation][api-docs]
 
 **Note:** This is an initial release based on the draft standard with no
-real optimization; it is slow and memory-intensive.
+real optimization; it is probably slower than other implementations.
 
 **Another Note:** Worth reading before relying on any [Kyber][]
 implementation: [2020.10.03: The inability to count
@@ -138,6 +140,7 @@ int main(void) {
   fputs("\n\n", stdout);
 
   // check result
+  // (note: example only; memcmp() is not constant-time)
   if (!memcmp(a_key, b_key, sizeof(a_key))) {
     // success: alice and bob have the same shared secret
     fputs("SUCCESS! alice secret `a_key` and bob secret `b_key` match.\n", stdout);
@@ -182,6 +185,9 @@ added a brief explanation to the example section.
 speed improvements, a new example, and [online API
 documentation][api-docs].
 
+**Update (2024-02-14):** Added [Barrett reduction][] and independent
+implementation to feature list.  Minor wording fixes.
+
 [c11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision)
   "ISO/IEC 9899:2011"
 [SHA-3]: https://en.wikipedia.org/wiki/SHA-3
@@ -212,3 +218,7 @@ documentation][api-docs].
   "Daniel J. Bernstein"
 [api-docs]: https://pmdn.org/api-docs/fips203ipd/
   "online API documentation"
+[kyberslash]: kyberslash.cr.yp.to/
+  "Timing vulnerability in many implementations of Kyber and FIPS203"
+[barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction
+  "Barrett modular reduction"
-- 
cgit v1.2.3