liboqs-rust: Rust bindings for liboqs

Qyantum Safe liboqs rust bindings

liboqs-rust: Rust bindings for liboqs

crate crates.io docs.rs License
oqs-sys
oqs

liboqs-rust offers two Rust wrappers for the Open Quantum Safe liboqs C library, which is a C library for quantum-resistant cryptographic algorithms.

  • The oqs-sys crate compiles and builds liboqs and generates unsafe bindings to the C library.
  • The oqs crate offers a Rust-style safe interface to the schemes included in liboqs.

Pre-requisites

oqs-sys depends on the liboqs C library. It will build liboqs automatically.

Contents

This crate provides unsafe ffi bindings in the oqs-sys crate, and safe wrappers are offered via the oqs crate. The rendered rustdoc documentation can be found here

Usage

Update your Cargo.toml and include oqs:

oqs-sys can be specified equivalently.

Minimal builds

The default-on kems and sigs features turn on all supported KEMs and signature schemes. If you want a smaller build, turn off these default features and opt-in to individual algorithms. Note that if you specify default-features = false, you may also want to re-include the oqs-sys/openssl feature.

Serde support

You can enable serde serialization support by enabling the serde feature on the oqs crate.

std support

The oqs-sys crate does not use std at all. Note that the default features do enable building liboqs with openssl, so use default-features = false.

To make oqs a #![no_std] crate make sure the std feature is disabled. Make sure to also disable the oqs-sys/openssl feature by specifying default-features = false.

As default-features includes the kems and sigs features, consider re-adding them as well. This results into:

You will probably want to change the random-number generator through the OQS_RAND API offered by oqs-sys.

non_portable feature

If compiled with the non_portable feature, liboqs-sys will not enable CPU feature detection and always use the best implementation on your current platform. This enables support for implementations where feature detection is not functional.

Stack usage

Some algorithms use large amounts of stack space. This means that you may need to specify RUST_MIN_STACK in your environment. This for example affects tests.

Algorithm features

  • kems (default): Compile with all KEMs enabled
    • bike
    • classic_mceliece
    • frodokem
    • hqc
    • kyber
    • ntru
    • ntruprime
    • saber
    • sidh
    • sike
  • sigs (default): Compile with all signature schemes enabled
    • dilithium
    • falcon
    • picnic
    • rainbow
    • sphincs: SPHINCS+

Running

Adding new algorithms

KEMs

  1. Update the Git submodule
  2. oqs-sys will now update when you build again
  3. Add it to the implement_kems! macro call in oqs/src/kem.rs:
  • The structure is a name for the algorithm in CamelCase, and the name of the constant of the algorithm (OQS_KEM_alg_...)
  1. Add the necessary features to Cargo.toml and oqs-sys/build.rs.

Signature schemes:

  1. Update the Git submodule
  2. oqs-sys is now up-to-date when you build again
  3. Add it to implement_sigs! macro call in oqs/src/sig.rs.
  • The structure is a name for the algorithm in CamelCase, and the name of the constant of the algorithm (OQS_SIG_alg_...)
  1. Add the necessary features to Cargo.toml and oqs-sys/build.rs.

Limitations and security

liboqs is designed for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.

We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. liboqs does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.

We acknowledge that some parties may want to begin deploying post-quantum cryptography prior to the conclusion of the NIST standardization project. We strongly recommend that any attempts to do make use of so-called hybrid cryptography, in which post-quantum public-key algorithms are used alongside traditional public key algorithms (like RSA or elliptic curves) so that the solution is at least no less secure than existing traditional cryptography.

Just like liboqs, liboqs-rust is provided "as is", without warranty of any kind. See LICENSE-MIT for the full disclaimer.

License

liboqs-rust is dual-licensed under the MIT and Apache-2.0 licenses.

The included library liboqs is covered by the liboqs license.

Team

The Open Quantum Safe project is led by Douglas Stebila and Michele Mosca at the University of Waterloo.

liboqs-rust was developed by Thom Wiggers at Radboud University.

Support

Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Canadian Centre for Cyber Security.

We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, and Microsoft Research.

Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.

Thom Wiggers was supported by the European Research Council through Starting Grant No. 805031 (EPOQUE).

Versions

Find the latest versions by id

v0.7.1 - Dec 17, 2021

Changes since liboqs-rs 0.7.0

  • NTRU level 5 algorithms
  • NTRUPrime level 5 algorithms
  • Be able to extract Algorithm from Sig/Kem
  • Invert no_std feature (breaking, sorry!)
  • Implement Display, Hash, Eq for Kem, Sig
  • Implement Display for Algorithm

Changes from liboqs

KEMs

  • Add NTRU level 5 parameter sets (ntruhps40961229, ntruhrss1373)
  • Add NTRU Prime level 5 parameter sets (ntrulpr1277, sntrup1277)
  • Add ARMv8 aarch64 optimized implementations of Kyber and SABER
  • Minor updates to Kyber, NTRU, NTRU Prime, and SIKE implementations

Digital signature schemes

  • Minor updates to Dilithium implementation

Other changes

  • Optimized AES implementation on ARMv8 with crypto extensions.
  • Preliminary support for building on S390x platform
  • Improved build configurations on ARM platforms
  • Improvements to benchmarking harness, with improved precision on ARM platforms

See also https://github.com/open-quantum-safe/liboqs/releases/tag/0.7.1

Commit History

Full Changelog: https://github.com/open-quantum-safe/liboqs-rust/compare/v0.7.0...v0.7.1

v0.7.0 - Aug 12, 2021

Changes in liboqs-rust

  • Updates to liboqs 0.7.0 (see below)
  • New feature flags for each algorithm
    • Default features include kems and sigs which in turn include all algorithms.

liboqs changelog:

This release continues from the 0.6.0 release of liboqs.

Key encapsulation mechanisms

  • Update BIKE to Round 3 (version 3.2) -- add BIKE1, BIKE3, remove BIKE1-L1-CPA, BIKE1-L1-FO, BIKE1-L3-CPA, BIKE1-L3-FO
  • Update NTRU Prime implementation
  • Update SIKE implementation
  • Remove OQS_KEM_DEFAULT alias

Digital signature schemes

  • Remove OQS_SIG_DEFAULT alias

Other changes

  • Allow liboqs to build on other architectures, with preliminary builds on ppc64le and x86.
  • Support for building liboqs on Apple Silicon
  • New algorithm datasheets with more details on implementations.
  • Optimized SHA-256 implementation on ARMv8 with crypto extensions.

v0.6.0 - Jun 08, 2021

Updates to oqs-rs

  • Expose random API
  • Add non_portable flag
  • Build portable by default, unlike liboqs default
  • to_owned now consumes self to follow to_* convention.

OQS Changelog

  • Update Classic McEliece implementation
  • Bug fixes in SIKE
  • Bug fixes in HQC
  • Fix in KEM api
  • Fix wrong NIST level for Kyber768-90s
  • Update SPHINCS+ to round 3
  • Improve random number generator when not relying on OpenSSL
  • Constant-time AES code

v0.5.0 - Mar 11, 2021

This corresponds to version 0.5.0 of liboqs.

oqs-rs changelog

  • Algorithm updates corresponding with liboqs
  • Fixed some algorithm names

liboqs-sys changelog

  • Updated bindings to liboqs 0.5.0

liboqs changelog

Copied from https://github.com/open-quantum-safe/liboqs/releases/tag/0.5.0

Release notes

This is version 0.5.0 of liboqs. It was released on March 10, 2021.

What's New

This release continues from the 0.4.0 release of liboqs. Its main goal is to incorporate updates submitted to Round 3 of the NIST Post-Quantum Cryptography Standardization Project.

Deprecations

As a result of NIST's announcement of Round 3 of the Post-Quantum Cryptography Standardization Project, the 0.4.x series was the last release of liboqs to contain algorithms from Round 2 that are not Round 3 finalists or alternate candidates. Those algorithms have been removed in the 0.5.0 series. The algorithms in question are: NewHope, ThreeBears, MQDSS, and qTesla.

Key encapsulation mechanisms

  • BIKE: No changes.
  • Classic McEliece: Added AVX2 implementation.
  • FrodoKEM: Incorporate upstream bug fixes and add runtime CPU feature detection for AVX2/AES-NI implementation.
  • HQC: Update to Round 3 version.
  • Kyber: Update to Round 3 version.
  • NTRU: Incorporate upstream bug fixes.
  • NTRUPrime: Add NTRUPrime.
  • Saber: Update to Round 3 version.
  • SIKE: Update to version 3.4.

Digital signature schemes

  • Dilithium: Update to version 3.1.
  • Falcon: Update to Round 3 version.
  • Picnic: Update to Picnic v3.0.4.
  • Rainbow: Update to Round 3 version.
  • SPHINCS+: Incorporate upstream bug fixes.

Other changes

  • Support for building liboqs with CPU extensions has been enhanced, and most implementations now have runtime CPU feature detection.
  • A tool for benchmarking memory usage has been added (test_kem_mem and test_sig_mem).
  • Valgrind is used to check for secret-dependent branch throughout the library. Note that not all implementations currently avoid secret-dependent branching; see tests/constant_time for details.

v0.3.0 - Nov 25, 2020

  • no_std support
  • serde support
  • Update liboqs (includes e.g. HQC round 3 update)
  • Make API panic less (sorry, breaking changes)

v0.2.0 - Oct 16, 2020

  • Updates to current version of liboqs (development branch)
  • New implementation

Information - Updated Jan 10, 2022

Stars: 26
Forks: 14
Issues: 0

Rust bindings for libinjection

Add libinjection to dependencies of Cargo

Rust bindings for libinjection

Rust bindings for the shaderc library

Rust bindings for the Compiler interface to compile GLSL/HLSL

Rust bindings for the shaderc library

Rust bindings for the C++ api of PyTorch

LIghtweight wrapper for pytorch eg libtorch in rust

Rust bindings for the C++ api of PyTorch

Rust bindings for Sciter

this page for other language bindings (Delphi / D / Go /

Rust bindings for Sciter

Rust bindings to *nix APIs

wrapping the libc functionality with types/abstractions that enforce legal/safe

Rust bindings to *nix APIs

Rust bindings for the FLTK Graphical User Interface library

The fltk crate is a crossplatform lightweight gui library which can be statically linked to produce small, self-contained and fast gui applications

Rust bindings for the FLTK Graphical User Interface library

Rust bindings to bgfx, a cross-platform, graphics API agnostic, "Bring Your Own Engine/Framework" style rendering...

Rust bindings to wrapper for Rust exists, the code here takes a different approach and generate high-level bindings from the BGFX API examples an how...

Rust bindings to bgfx, a cross-platform, graphics API agnostic, "Bring Your Own Engine/Framework" style rendering...
Cargo

1.5K

Rust bindings for the python interpreter

Copyright (c) 2015-2021 Daniel Grunwald

Rust bindings for the python interpreter

Rust bindings for the NumPy C-API

Basically, our MSRV follows the one of ndarray for rust-side matrix library

Rust bindings for the NumPy C-API

Rust Bindings to AVX2-optimized SIP-like hash functions

bindings to three hash functions implemented in C++

Rust Bindings to AVX2-optimized SIP-like hash functions

Rust bindings for Torch

rs (torturous) is a set of Rust bindings for torch intended

Rust bindings for Torch

Rust bindings to libdeflate, a high-performance

Rust bindings to libdeflate

Rust bindings to libdeflate, a high-performance
Facebook Instagram Twitter GitHub Dribbble
Privacy