The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.
liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.
liboqs can be used with the following Open Quantum Safe application integrations:
- oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key authentication and exchange for TLS 1.3, X.509 certificate generation and CMS operations.
- OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
- OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
liboqs can also be used in the following programming languages via language-specific wrappers:
- C++, via https://github.com/open-quantum-safe/liboqs-cpp
- Go, via https://github.com/open-quantum-safe/liboqs-go
- Java, via https://github.com/open-quantum-safe/liboqs-java
- .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
- Python 3, via https://github.com/open-quantum-safe/liboqs-python
- Rust, via https://github.com/open-quantum-safe/liboqs-rust
This is version 0.10.0 of liboqs. It was released on March 20, 2024.
This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of FIPS 203 and FIPS 204, respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures.
This release continues from the 0.9.2 release of liboqs.
- BIKE: Updated portable C implementation to include constant-time fixes from upstream.
- HQC: Updated to NIST Round 4 version.
- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024.
- Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification.
- ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87.
- Improved thread safety.
- Added uninstall support via
ninja uninstall - Documented platforms by support tier in PLATFORMS.md.
- Added support for Zephyr RTOS.
- Improved support for macOS on Apple Silicon.
- Removed support for the "NIST-KAT" DRBG.
- Added extended KAT test programs.
- PR template update & OpenSSL clarification by @baentsch in open-quantum-safe#1582
- Use CMAKE_USE_PTHREADS_INIT by @zxjtan in open-quantum-safe#1576
- Add section to CONFIGURE.md link by @iyanmv in open-quantum-safe#1578
- Run copy_from_upstream and test by @baentsch in open-quantum-safe#1589
- Support several pqclean upstream versions by @baentsch in open-quantum-safe#1595
- Call Keccak_(X4_)Dispatch with pthread_once by @zxjtan in open-quantum-safe#1549
- minor updates by @vsoftco in open-quantum-safe#1600
- Pull new HQC implementation from upstream by @SWilson4 in open-quantum-safe#1585
- add uninstall support by @baentsch in open-quantum-safe#1604
- Ensure generic OQS_OPT_TARGET in weekly CT tests by @SWilson4 in open-quantum-safe#1618
- update .travis.yml by @bhess in open-quantum-safe#1629
- Pull latest Kyber version from upstream by @bhess in open-quantum-safe#1631
- platform support documentation [skip ci] by @baentsch in open-quantum-safe#1605
- Add support for Zephyr RTOS by @Frauschi in open-quantum-safe#1621
- Apply patch to Kyber aarch64 code from PQClean for variable-time division issue. by @bhess in open-quantum-safe#1636
- Fix BIKE constant-time errors by @SWilson4 in open-quantum-safe#1632
- Fix falcon constant time check in Valgrind by @cothan in open-quantum-safe#1646
- Correct cmake version requirement by @baentsch in open-quantum-safe#1643
- Pull Kyber division fixes from PQ-Crystals into main by @praveksharma in open-quantum-safe#1649
- Bump gitpython from 3.1.37 to 3.1.41 in /scripts/copy_from_upstream by @dependabot in open-quantum-safe#1659
- Zephyr: fixes for platform support by @Frauschi in open-quantum-safe#1658
- Bump jinja2 from 2.11.3 to 3.1.3 in /scripts/copy_from_upstream by @dependabot in open-quantum-safe#1661
- Riscv zephyr support by @trigpolynom in open-quantum-safe#1641
- Zephyr: CMake fixes by @Frauschi in open-quantum-safe#1664
- Clarify that copyright is held by authors and not the project itself [skip ci] by @dstebila in open-quantum-safe#1668
- Make internal API available to (only) test programs by @SWilson4 in open-quantum-safe#1667
- Remove reference to old BIKE variants from CONFIGURE.md [skip ci] by @SWilson4 in open-quantum-safe#1669
- Add a document describing our subproject governance by @dstebila in open-quantum-safe#1675
- Set the correct compile flag for the memory sanitizer build by @SWilson4 in open-quantum-safe#1680
- Test against all 100 KAT values by @SWilson4 in open-quantum-safe#1560
- Update BIKE documentation to exclude x86 by @SWilson4 in open-quantum-safe#1679
- find_package(Threads) regardless of BUILD_ONLY_LIB by @zxjtan in open-quantum-safe#1653
- Call set_available_cpu_extensions using pthread_once by @zxjtan in open-quantum-safe#1671
- Discontinue AppVeyor CI testing by @SWilson4 in open-quantum-safe#1682
- Run oqs-provider release tests in CI on release candidate branches by @SWilson4 in open-quantum-safe#1654
- Fix link in GOVERNANCE.md by @Martyrshot in open-quantum-safe#1686
- Rename weekly runs and skip Falcon-1024 [skip ci] by @SWilson4 in open-quantum-safe#1684
- Update McEliece suppression files for generic config by @SWilson4 in open-quantum-safe#1677
- Update SPHINCS+ "clean" suppression files by @SWilson4 in open-quantum-safe#1683
- Update Sphincs+ Markdown documentation from YAML by @SWilson4 in open-quantum-safe#1690
- properly document release support level [skip ci] by @baentsch in open-quantum-safe#1688
- set(OQS_USE_PTHREADS OFF) on MinGW/Cygwin by @zxjtan in open-quantum-safe#1695
- Fix cross compilation and test in CI by @SWilson4 in open-quantum-safe#1696
- update brew install instructions to use openssl@3 instead of openssl@1.1.1 [skip ci] by @Martyrshot in open-quantum-safe#1701
- Add ML-DSA-ipd and ML-KEM-ipd & NIST supplied test vectors by @bhess in open-quantum-safe#1626
- Small fixes after adding ML-* by @bhess in open-quantum-safe#1702
- Move MacOS CI tests to GitHub Actions; add M1 CI tests by @SWilson4 in open-quantum-safe#1709
- Update liboqs readme to point to oqs-provider instead of deprecated openssl1.1.1 fork [skip ci] by @Martyrshot in open-quantum-safe#1699
- Fix for the Zephyr CI tests by @Frauschi in open-quantum-safe#1714
- remove references to unsupported openssh [skip ci] by @baentsch in open-quantum-safe#1713
- fix documentation generation by @baentsch in open-quantum-safe#1715
- Support Falcon PADDED format by @SWilson4 in open-quantum-safe#1710
- Fix for alg_support.cmake by @bhess in open-quantum-safe#1716
- Fix SPHINCS+ naming in CT tests [skip ci] by @SWilson4 in open-quantum-safe#1720
- improve algorithm documentation [skip ci] by @baentsch in open-quantum-safe#1721
- Always build "internal" library as static by @SWilson4 in open-quantum-safe#1725
- @zxjtan made their first contribution in open-quantum-safe#1576
- @iyanmv made their first contribution in open-quantum-safe#1578
- @Frauschi made their first contribution in open-quantum-safe#1621
- @cothan made their first contribution in open-quantum-safe#1646
- @trigpolynom made their first contribution in open-quantum-safe#1641
Full Changelog: https://github.com/open-quantum-safe/liboqs/compare/0.9.2...0.10.0