Skip to content
This repository was archived by the owner on Dec 2, 2025. It is now read-only.

FIPS 203 FINAL - Candidate new KAT inputs and results#15

Merged
kriskwiatkowski merged 1 commit intopost-quantum-cryptography:mainfrom
rod-chapman:fips_203_kats
Aug 25, 2024
Merged

FIPS 203 FINAL - Candidate new KAT inputs and results#15
kriskwiatkowski merged 1 commit intopost-quantum-cryptography:mainfrom
rod-chapman:fips_203_kats

Conversation

@rod-chapman
Copy link
Copy Markdown
Contributor

@rod-chapman rod-chapman commented Aug 15, 2024

This PR contributes candidate KAT files for FIPS 203 FINAL (MLKEM), updated for the 13th August 2024 issue of FIPS 203.

The same random inputs, seeds, and messages are used as before.

New results were produced by the AWS LibMLKEM implementation. I hope verification of these results with other implementations will follow.

@rod-chapman
FIPS 203 FINAL - Candidate new KAT inputs and results
42df1f7 
Signed-off-by: Rod Chapman <rodchap@amazon.com>
@rod-chapman rod-chapman mentioned this pull request Aug 15, 2024
Closed
@dkostic
Copy link
Copy Markdown

dkostic commented Aug 16, 2024
edited
Loading

I can confirm that AWS-LC's ML-KEM implementation successfully passes the KATs.

To check this I did the following:

  • updated AWS-LC's ML-KEM-IPD implementation to conform with FIPS 203 FINAL (adding domain separation in key generation was the only thing needed),
  • converted KATs to the form AWS-LC unit tests expect (AWS-LC expects the keygen coins (d, z) as a single value d||z; also, AWS-LC uses encaps_coins instead of msg),
  • built the library and run:
./crypto/crypto_test --gtest_filter="All/PerKEMTest.KAT/MLKEM*"
Note: Google Test filter = All/PerKEMTest.KAT/MLKEM*
[==========] Running 3 tests from 1 test suite.
[----------] Global test environment set-up.
[----------] 3 tests from All/PerKEMTest
[ RUN      ] All/PerKEMTest.KAT/MLKEM512IPD
[       OK ] All/PerKEMTest.KAT/MLKEM512IPD (83 ms)
[ RUN      ] All/PerKEMTest.KAT/MLKEM768IPD
[       OK ] All/PerKEMTest.KAT/MLKEM768IPD (108 ms)
[ RUN      ] All/PerKEMTest.KAT/MLKEM1024IPD
[       OK ] All/PerKEMTest.KAT/MLKEM1024IPD (159 ms)
[----------] 3 tests from All/PerKEMTest (350 ms total)

[----------] Global test environment tear-down
[==========] 3 tests from 1 test suite ran. (350 ms total)
[  PASSED  ] 3 tests.

I pushed the test to my fork of AWS-LC for posterity: aws/aws-lc@81cb021.

Note1: this is just a quick test in my fork of AWS-LC, I'll soon push a change to update AWS-LC itself.

Note2: that the implementation in AWS-LC was originally copied from the official Kyber repository (https://github.com/pq-crystals/kyber).

dkostic added a commit to dkostic/aws-lc that referenced this pull request Aug 16, 2024
@dkostic
ML-KEM-ipd to ML-KEM
ec81149 
Added domain separation in keygen and new KATs.
The KATs were sourced from post-quantum-cryptography/KAT#15.
@dkostic dkostic mentioned this pull request Aug 16, 2024
Closed
dkostic added a commit to dkostic/aws-lc that referenced this pull request Aug 23, 2024
@dkostic
ML-KEM-ipd to ML-KEM
5866cbf 
Added domain separation in keygen and new KATs.
The KATs were sourced from post-quantum-cryptography/KAT#15.
@dkostic dkostic mentioned this pull request Aug 23, 2024
Merged
dkostic added a commit to aws/aws-lc that referenced this pull request Aug 23, 2024
@dkostic
ML-KEM-IPD to ML-KEM as defined in FIPS 203 (#1796)
51890da 
In this PR we made a small change that transitions the ML-KEM
implementation from the Initial Public Draft (IPD) to the final ML-KEM
as defined in FIPS 203:
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf.
The only change needed was the domain separation in key generation.
This required updated KATs as well. The new KATs were obtained from:
post-quantum-cryptography/KAT#15,
and converted to the form AWS-LC expects.

In as subsequent PR we'll rename all functions/folders/identifiers
to drop the "ipd" suffix.

p.s. Python script used for KATs conversion:
```
import sys

if len(sys.argv) != 2:
    print("Usage: python convert.py <filename>")
    sys.exit(1)
filename = sys.argv[1]

# PARSE THE INPUT FILE
all_groups = []
try:
    with open(filename, 'r') as file:
        group = {}
        for line in file:
            key = line.strip().split(" ")[0]
            value = line.strip().split(" ")[2]
            if key == "count":
                if (len(group) != 0):
                    all_groups.append(group)
                group = {}
            group[key] = value
except FileNotFoundError:
    print(f"Error: The file '{filename}' was not found.")

try:
    with open(filename + "_out.txt", 'w') as file:
        for group in all_groups:
            file.write("\n")
            file.write("count = " + group["count"] + "\n")
            file.write("keypair_coins = " + group["d"] + group["z"] + "\n")
            file.write("pk = " + group["pk"] + "\n")
            file.write("sk = " + group["sk"] + "\n")
            file.write("encap_coins = " + group["msg"] + "\n")
            file.write("ct = " + group["ct"] + "\n")
            file.write("ss = " + group["ss"] + "\n")

except FileNotFoundError:
    print(f"Error: The file '{filename}' was not found.")
```
@kriskwiatkowski
Copy link
Copy Markdown
Member

kriskwiatkowski commented Aug 25, 2024

@rod-chapman I can confirm it works on one of my implementations. I've one more to update and check.
PS: sorry for late response, I just came back from Holidays.

@kriskwiatkowski kriskwiatkowski merged commit aa3eb43 into post-quantum-cryptography:main Aug 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rod-chapman @dkostic @kriskwiatkowski