- Updated to 0.14.0:
* Key encapsulation mechanisms:
- HQC: Disabled compiler optimizations to avoid secret-dependent branching in certain configurations. HQC remains disabled by default.
- ML-KEM: Updated the default ML-KEM implementation to [PQCP's mlkem-native v1.0.0](https://github.com/pq-code-package/mlkem-native/releases/tag/v1.0.0).
* Digital signature schemes:
- New API: added an API function to check if a signature scheme supports signing with a context string.
- SNOVA: added [SNOVA](https://snova.pqclab.org/) from NIST Additional Signature Schemes Round 2.
* Other changes:
- Added an AVX512VL-optimized backend for SHA3.
- Improved memory management throughout the codebase.
- CVE-2025-52473: Disabled compiler optimizations for HQC to avoid
secret-dependent branches. Thank you to Zhenzhi Lai and Zhiyuan Zhang
from from the University of Melbourne and the Max Planck Institute
for Security and Privacy for identifying the issue. (bsc#1246301)
- new major library version liboqs.so.8
OBS-URL: https://build.opensuse.org/request/show/1291769
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=36
- Updated to 0.13.0:
- Key encapsulation mechanisms
- New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
- ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large +parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness +of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light).
- ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
- ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
- ML-KEM: Improved testing of ML-KEM keys.
- HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
- Digital signature schemes
- ML-DSA: Improved testing for ML-DSA.
- CROSS: Updated to NIST Additional Signatures Round 2 version.
- MAYO: Updated to NIST Additional Signatures Round 2 version.
- UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
OBS-URL: https://build.opensuse.org/request/show/1270598
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=29
- Updated to 0.12.0:
- This release updates the ML-DSA implementation to the [final
FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) version. This
release still includes the NIST Round 3 version of Dilithium for
interoperability purposes, but we plan to remove Dilithium Round 3 in
a future release.
- This will be the last release of liboqs to include Kyber (that is,
the NIST Round 3 version of Kyber, prior to its standardization by NIST
as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).
- The addition of ML-DSA FIPS 204 final version to liboqs has
introduced a new signature API which includes a context string
parameter. We are planning to remove the old version of the API
without a context string in the next release to streamline the
API and bring it in line with NIST specifications. Users who
have an opinion on this removal are invited to provide input at
https://github.com/open-quantum-safe/liboqs/issues/2001.
Security issues:
- CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect
shared secret value during decapsulation when called with an invalid
ciphertext. (bsc#1234292)
OBS-URL: https://build.opensuse.org/request/show/1230160
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=27
- Updated to 0.11.0:
* This release updates ML-KEM implementations to their final FIPS 203
https://csrc.nist.gov/pubs/fips/203/final versions .
* This release still includes the NIST Round 3 version of Kyber for
interoperability purposes, but we plan to remove Kyber Round 3 in a
future release.
* Additionally, this release adds support for MAYO and CROSS
digital signature schemes from [NIST Additional Signatures Round 1
https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures
along with stateful hash-based signature schemes XMSS
https://datatracker.ietf.org/doc/html/rfc8391 and LMS
https://datatracker.ietf.org/doc/html/rfc8554.
* Finally, this release provides formally verified
implementations of Kyber-512 and Kyber-768 from libjade
https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2
* LMS and XMSS are disabled by default due to the security risks associated with their use in software.
See the note on stateful hash-based signatures in CONFIGURE.md
* Key encapsulation mechanisms:
- Kyber: Added formally-verified portable C and AVX2 implementations
of Kyber-512 and Kyber-768 from libjade.
- ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512,
ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
- Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and
Kyber-1024 to work with AddressSanitizer.
* Digital signature schemes:
- LMS/XMSS: Added implementations of stateful hash-based signature
schemes: XMSS and LMS
- MAYO: Added portable C and AVX2 implementations of MAYO signature
scheme from NIST Additional Signatures Round 1.
- CROSS: Added portable C and AVX2 implementations of CROSS signature
OBS-URL: https://build.opensuse.org/request/show/1205213
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=25
- updated to 0.10.0:
Key encapsulation mechanisms:
- BIKE: Updated portable C implementation to include constant-time fixes from upstream.
- HQC: Updated to NIST Round 4 version.
- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.
Digital signature schemes:
- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.
Other changes:
- Improved thread safety.
- Removed support for the "NIST-KAT" DRBG.
- Added extended KAT test programs.
- library major version changed from 4 to 5
OBS-URL: https://build.opensuse.org/request/show/1160954
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=21
- updated to 0.8.0
This release features many algorithm updates, including removal
of algorithms and variants no longer proceeding through NIST
standardization and updates to newer versions. See the detailed list
of algorithm updates below.
Key encapsulation mechanisms:
- BIKE: updated to Round 4 version.
- Kyber: 90s variants were removed.
- NTRU Prime: All variants were removed, except for sntrup761.
- Saber: removed.
Digital signature schemes
- Dilithium; AES variants were removed.
- Falcon: updated to the 2023-02-07 version.
- Picnic: removed.
- Rainbow: removed.
- SPHINCS+: updated to version 3.1; SPHINCS+-Haraka variants were removed; SPHINCS+-SHA256 and SPHINCS+-SHAKE variants were renamed
Other changes
- Add Cryptographic Bill of Materials (CBOM)
- Improve building on ARM platforms
- Improve performance when using OpenSSL 3 for symmetric cryptography
- Increment shared object library version
- New configure-time options for algorithm selections
- pkgconfig file now available
- removed 0001-Add-support-for-powerpc64.-1160.patch: upstream
- 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch: upstream
- liboqs is now liboqs.so.3.
OBS-URL: https://build.opensuse.org/request/show/1092832
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=11
