Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIPS 203 FINAL - Candidate new KAT inputs and results #15

Merged
merged 1 commit into from
Aug 25, 2024
Merged

FIPS 203 FINAL - Candidate new KAT inputs and results #15

merged 1 commit into from
Aug 25, 2024

Conversation

rod-chapman
Copy link
Contributor

This PR contributes candidate KAT files for FIPS 203 FINAL (MLKEM), updated for the 13th August 2024 issue of FIPS 203.

The same random inputs, seeds, and messages are used as before.

New results were produced by the AWS LibMLKEM implementation. I hope verification of these results with other implementations will follow.

@rod-chapman
FIPS 203 FINAL - Candidate new KAT inputs and results
42df1f7 
Signed-off-by: Rod Chapman <rodchap@amazon.com>
@rod-chapman rod-chapman mentioned this pull request Aug 15, 2024
Closed
@dkostic
Copy link

dkostic commented Aug 16, 2024
edited
Loading

I can confirm that AWS-LC's ML-KEM implementation successfully passes the KATs.

To check this I did the following:

  • updated AWS-LC's ML-KEM-IPD implementation to conform with FIPS 203 FINAL (adding domain separation in key generation was the only thing needed),
  • converted KATs to the form AWS-LC unit tests expect (AWS-LC expects the keygen coins (d, z) as a single value d||z; also, AWS-LC uses encaps_coins instead of msg),
  • built the library and run:
./crypto/crypto_test --gtest_filter="All/PerKEMTest.KAT/MLKEM*"
Note: Google Test filter = All/PerKEMTest.KAT/MLKEM*
[==========] Running 3 tests from 1 test suite.
[----------] Global test environment set-up.
[----------] 3 tests from All/PerKEMTest
[ RUN      ] All/PerKEMTest.KAT/MLKEM512IPD
[       OK ] All/PerKEMTest.KAT/MLKEM512IPD (83 ms)
[ RUN      ] All/PerKEMTest.KAT/MLKEM768IPD
[       OK ] All/PerKEMTest.KAT/MLKEM768IPD (108 ms)
[ RUN      ] All/PerKEMTest.KAT/MLKEM1024IPD
[       OK ] All/PerKEMTest.KAT/MLKEM1024IPD (159 ms)
[----------] 3 tests from All/PerKEMTest (350 ms total)

[----------] Global test environment tear-down
[==========] 3 tests from 1 test suite ran. (350 ms total)
[  PASSED  ] 3 tests.

I pushed the test to my fork of AWS-LC for posterity: aws/aws-lc@81cb021.

Note1: this is just a quick test in my fork of AWS-LC, I'll soon push a change to update AWS-LC itself.

Note2: that the implementation in AWS-LC was originally copied from the official Kyber repository (https://github.com/pq-crystals/kyber).

dkostic pushed a commit to dkostic/aws-lc that referenced this pull request Aug 16, 2024
ML-KEM-ipd to ML-KEM
ec81149 
Added domain separation in keygen and new KATs.
The KATs were sourced from post-quantum-cryptography/KAT#15.
@dkostic dkostic mentioned this pull request Aug 16, 2024
Closed
dkostic pushed a commit to dkostic/aws-lc that referenced this pull request Aug 23, 2024
ML-KEM-ipd to ML-KEM
5866cbf 
Added domain separation in keygen and new KATs.
The KATs were sourced from post-quantum-cryptography/KAT#15.
@dkostic dkostic mentioned this pull request Aug 23, 2024
Merged
dkostic added a commit to aws/aws-lc that referenced this pull request Aug 23, 2024
@dkostic
ML-KEM-IPD to ML-KEM as defined in FIPS 203 (#1796)
51890da 
In this PR we made a small change that transitions the ML-KEM
implementation from the Initial Public Draft (IPD) to the final ML-KEM
as defined in FIPS 203:
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf.
The only change needed was the domain separation in key generation.
This required updated KATs as well. The new KATs were obtained from:
post-quantum-cryptography/KAT#15,
and converted to the form AWS-LC expects.

In as subsequent PR we'll rename all functions/folders/identifiers
to drop the "ipd" suffix.

p.s. Python script used for KATs conversion:
```
import sys

if len(sys.argv) != 2:
    print("Usage: python convert.py <filename>")
    sys.exit(1)
filename = sys.argv[1]

# PARSE THE INPUT FILE
all_groups = []
try:
    with open(filename, 'r') as file:
        group = {}
        for line in file:
            key = line.strip().split(" ")[0]
            value = line.strip().split(" ")[2]
            if key == "count":
                if (len(group) != 0):
                    all_groups.append(group)
                group = {}
            group[key] = value
except FileNotFoundError:
    print(f"Error: The file '{filename}' was not found.")

try:
    with open(filename + "_out.txt", 'w') as file:
        for group in all_groups:
            file.write("\n")
            file.write("count = " + group["count"] + "\n")
            file.write("keypair_coins = " + group["d"] + group["z"] + "\n")
            file.write("pk = " + group["pk"] + "\n")
            file.write("sk = " + group["sk"] + "\n")
            file.write("encap_coins = " + group["msg"] + "\n")
            file.write("ct = " + group["ct"] + "\n")
            file.write("ss = " + group["ss"] + "\n")

except FileNotFoundError:
    print(f"Error: The file '{filename}' was not found.")
```
@kriskwiatkowski
Copy link
Member

@rod-chapman I can confirm it works on one of my implementations. I've one more to update and check.
PS: sorry for late response, I just came back from Holidays.

@kriskwiatkowski kriskwiatkowski merged commit aa3eb43 into post-quantum-cryptography:main Aug 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rod-chapman @dkostic @kriskwiatkowski