Intent with respect to liboqs-rust? #2
Comments
|
Hello @jac-cbi The current version of liboqs is not secure anymore. There was a timing attack against kyber where you could get the secret key. This is fixed in this version of oqs that im using (version 0.10.1 of the c impl: https://github.com/Open-Quantum-Safe/liboqs/tree/5dd87dcaafa6f90e983ef464f9f6a75f9485fb26) |
|
Ok, I see that now. I just did a diff between the two repos and that didn't show the diff of liboqs. I assumed the liboqs bump was just to pull in ML-KEM / ML-DSA. My bad. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi! Thanks for opening up issues on this repo, much appreciated.
As I mentioned in my issue for
liboqs-rust269, I'm in the early stages of writing a rust library which requires both ML-KEM (FIPS), and Kyber (non-fips). I've started withsafe-oqsfor two simple reasons: 1) it has a more recentliboqswhich contains ML-KEM, and 2) it's published on crates.io.afaict, there are only two differences between
safe-oqsandliboqs-rust.newer version of
liboqs, which includes ML-KEM, ML-DSAExposes both to Rust users.
The rest of the diff is just renaming the library.
In the big picture, openssl has incorporated liboqs into their repo, and so there is yet another path for end users, particularly FIPS users to use PQ crypto from Rust.
Which leads to my main question: What is the purpose of
safe-oqs? It provides no extra "safety" over its upstream code. Did attempts to upstream changes forML-KEMandML-DSAto liboqs-rust fail?The text was updated successfully, but these errors were encountered: