From cba0a52aa8c9a3058779046ff425aac969d06630 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Wed, 14 Feb 2024 11:35:40 -0500 Subject: content/posts/2023-10-07-c11-fips203ipd.md: add barrett reduction note, minor wording fixes --- content/posts/2023-10-07-c11-fips203ipd.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'content') diff --git a/content/posts/2023-10-07-c11-fips203ipd.md b/content/posts/2023-10-07-c11-fips203ipd.md index b32e47f..c04c086 100644 --- a/content/posts/2023-10-07-c11-fips203ipd.md +++ b/content/posts/2023-10-07-c11-fips203ipd.md @@ -16,15 +16,17 @@ encapsulation mechanism (KEM)][kem]. * Full implementation of all three parameter sets from the [FIPS 203 initial public draft][fips203ipd]. * [C11][], no external dependencies (other than the standard library). +* Constant-time [Barrett reduction][]. Not vulnerable to [KyberSlash][]. * Test suite w/ common sanitizers enabled (`make test`). * Doxygen-friendly API documentation (`fips203ipd.h`). Also available online [here][api-docs]. -* short example application (`examples/0-hello-kem/`). +* Short example application (`examples/0-hello-kem/`). +* Independent implementation. Not based on other libraries. -[Git Repository][github] +[Git Repository][github], [API Documentation][api-docs] **Note:** This is an initial release based on the draft standard with no -real optimization; it is slow and memory-intensive. +real optimization; it is probably slower than other implementations. **Another Note:** Worth reading before relying on any [Kyber][] implementation: [2020.10.03: The inability to count @@ -138,6 +140,7 @@ int main(void) { fputs("\n\n", stdout); // check result + // (note: example only; memcmp() is not constant-time) if (!memcmp(a_key, b_key, sizeof(a_key))) { // success: alice and bob have the same shared secret fputs("SUCCESS! alice secret `a_key` and bob secret `b_key` match.\n", stdout); @@ -182,6 +185,9 @@ added a brief explanation to the example section. speed improvements, a new example, and [online API documentation][api-docs]. +**Update (2024-02-14):** Added [Barrett reduction][] and independent +implementation to feature list. Minor wording fixes. + [c11]: https://en.wikipedia.org/wiki/C11_(C_standard_revision) "ISO/IEC 9899:2011" [SHA-3]: https://en.wikipedia.org/wiki/SHA-3 @@ -212,3 +218,7 @@ documentation][api-docs]. "Daniel J. Bernstein" [api-docs]: https://pmdn.org/api-docs/fips203ipd/ "online API documentation" +[kyberslash]: kyberslash.cr.yp.to/ + "Timing vulnerability in many implementations of Kyber and FIPS203" +[barrett reduction]: https://en.wikipedia.org/wiki/Barrett_reduction + "Barrett modular reduction" -- cgit v1.2.3