Skip to content

Fix Keccak dispatch race and cross-backend split #2426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dstebila wants to merge 40 commits into
base: gyx-hqc-20250822
Choose a base branch
from
Open

Fix Keccak dispatch race and cross-backend split #2426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
b891c1d
Switched HQC upstream to xuganyu96/pqc-hqc for testing
xuganyu96 Mar 12, 2026
b8f5c11
replace default impl key in doc data sheet
xuganyu96 Mar 13, 2026
b7040d6
[skip ci] copy_from_upstream can run but missing KATs and HQC-192/256
xuganyu96 Mar 13, 2026
1e4dedb
[skip ci] HQC-192 and HQC-256 can be copied
xuganyu96 Apr 1, 2026
7dd6737
Sample kem_seed with OQS_randombytes instead of in-house PRNG
xuganyu96 Apr 2, 2026
f45787a
[skip ci] Can pass some correctness tests but not all
xuganyu96 Apr 2, 2026
378c164
Fixed HQC PRNG domain; renamed HQC-128/192/256 to HQC-1/3/5
xuganyu96 Apr 3, 2026
6a530a6
Namespacing not working yet
xuganyu96 Apr 6, 2026
51e8e70
Partial fix for namespacing
xuganyu96 Apr 7, 2026
67cdaa6
Fixed namespacing for HQC
xuganyu96 Apr 7, 2026
49c8d88
Still some pollution
xuganyu96 Apr 7, 2026
2205d60
Revert namespace fix
xuganyu96 Apr 7, 2026
9dd3b3b
Convenience script for building and testing HQC integration
xuganyu96 Apr 7, 2026
a025dbc
Applied namespace; KAT hash is incorrect
xuganyu96 Apr 8, 2026
8c91d54
Revert OQS_fprintBstr to prevent interference with KAT checksum
xuganyu96 Apr 13, 2026
984cd29
[extended tests] Fixed kat and kat_all checksums
xuganyu96 Apr 13, 2026
42e3452
Namespace crypto_memset, set shake256_prng_ctx static
xuganyu96 Apr 13, 2026
ee4ad55
[extended tests] empty commits to trigger extended tests
xuganyu96 Apr 13, 2026
80e4e11
[full tests] Document branching-on-secret suppressions
xuganyu96 Apr 14, 2026
2c706c5
[full tests] [extended tests] Cleaned up documentation
xuganyu96 Apr 14, 2026
9476794
HQC branching-on-secret is not valgrind-validated [full tests] [exten…
xuganyu96 Apr 14, 2026
9d35576
Move convenience script to ignored .env file
xuganyu96 Apr 15, 2026
1b0d8fa
[skip ci] Fix memory leak in XOF and hash_<g|h|i|j>
xuganyu96 Apr 15, 2026
fe31007
Switch HQC PRNG backend to OQS_randombytes with macro [full tests] [e…
xuganyu96 Apr 15, 2026
947b907
Print kat_kem output if checksums don't match
xuganyu96 Apr 16, 2026
2f78e95
[skip ci] debug keygen on Windows
xuganyu96 Apr 16, 2026
8e33b18
[skip ci] Does 1UL really mean 32-bit on Windows x86?
xuganyu96 Apr 16, 2026
5d8ced9
[skip ci] disable debug_keygen
xuganyu96 Apr 16, 2026
40e55c7
Force 64-bit type on BITMASK [extended tests] [full tests]
xuganyu96 Apr 16, 2026
1e3abde
Check pull request readiness again [extended tests]
xuganyu96 Apr 20, 2026
49641cb
[skip ci] Additional constant-time test suppression
xuganyu96 Apr 21, 2026
dced8ac
[full tests] [extended tests] debug logging
xuganyu96 Apr 22, 2026
a39afe9
[full tests] [extended tests] astyle formatting
xuganyu96 Apr 22, 2026
5f0fdfc
[extended tests] Switch from personal fork to official repo
xuganyu96 Apr 22, 2026
955e000
[extended tests] Replace incremental SHA3-512 API
xuganyu96 Apr 23, 2026
d3f462d
Revert "[extended tests] Replace incremental SHA3-512 API"
dstebila May 13, 2026
6c93505
Fix Keccak dispatch race and cross-backend split
dstebila May 13, 2026
d3cd5c6
Make callbacks pointer const to satisfy -Wcast-qual
dstebila May 13, 2026
3927935
Make callbacks pointer const
dstebila May 13, 2026
7a70751
Fix off-by-N in AVX512VL sha3_absorb at rate boundary
dstebila May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .CMake/alg_support.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,10 +159,10 @@ cmake_dependent_option(OQS_ENABLE_KEM_classic_mceliece_6960119f "" ON "OQS_ENABL
cmake_dependent_option(OQS_ENABLE_KEM_classic_mceliece_8192128 "" ON "OQS_ENABLE_KEM_CLASSIC_MCELIECE" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_classic_mceliece_8192128f "" ON "OQS_ENABLE_KEM_CLASSIC_MCELIECE" OFF)

option(OQS_ENABLE_KEM_HQC "Enable hqc algorithm family" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_128 "" ON "OQS_ENABLE_KEM_HQC" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_192 "" ON "OQS_ENABLE_KEM_HQC" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_256 "" ON "OQS_ENABLE_KEM_HQC" OFF)
option(OQS_ENABLE_KEM_HQC "Enable hqc algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_1 "" ON "OQS_ENABLE_KEM_HQC" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_3 "" ON "OQS_ENABLE_KEM_HQC" OFF)
cmake_dependent_option(OQS_ENABLE_KEM_hqc_5 "" ON "OQS_ENABLE_KEM_HQC" OFF)

option(OQS_ENABLE_KEM_KYBER "Enable kyber algorithm family" ON)
cmake_dependent_option(OQS_ENABLE_KEM_kyber_512 "" ON "OQS_ENABLE_KEM_KYBER" OFF)
Expand Down
5 changes: 5 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,11 @@ if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "RelWithDebInf
else()
set(OQS_DEBUG_BUILD OFF)
endif()
if(CMAKE_BUILD_TYPE STREQUAL "Debug")
set(OQS_DEBUGLOGGING ON)
else()
set(OQS_DEBUGLOGGING OFF)
endif()

option(OQS_SPEED_USE_ARM_PMU "Use ARM Performance Monitor Unit during benchmarking" OFF)

Expand Down
1 change: 1 addition & 0 deletions CONFIGURE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ Can be set to the following values:
- `Debug`: This compiles code with `-g` (GCC/Clang default `-O0`) and produces debugging information.
- The [USE_COVERAGE](#USE_COVERAGE) option can also be specified to enable code coverage testing.
- When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer.
- Debug build will automatically enable `OQS_DEBUGLOGGING`
- `MinSizeRel`: This compiles code with `-Os -DNDEBUG` flags for reducing code size
- `RelWithDebInfo`: This compiles code with `-O2 -g -DNDEBUG` flags
- `Release`: This compiles code with `-O3 -DNDEBUG` flags. In the rare case where a user needs to override compilation flags under `CMAKE_BUILD_TYPE=Release`, use `CMAKE_C_FLAGS_RELEASE` (or `CMAKE_C_FLAGS` to append flags to every configuration).
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
| BIKE | Not selected by [NIST](https://bikesuite.org/files/v5.1/BIKE_Spec.2022.10.10.1.pdf) | [`awslabs/bike-kem`](https://github.com/awslabs/bike-kem) |
| Classic McEliece | Under [ISO](https://classic.mceliece.org/iso.html) consideration | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
| FrodoKEM | Under [ISO](https://frodokem.org/) consideration | [`microsoft/PQCrypto-LWEKE@a2f9dec`](https://github.com/microsoft/PQCrypto-LWEKE/commit/a2f9dec8917ccc3464b3378d46b140fa7353320d) |
| HQC | Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf) for upcoming standardization | [`PQClean/PQClean@1eacfda`](https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181) |
| HQC | Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf) for upcoming standardization | [`pqc-hqc/hqc@161cd4f`](https://gitlab.com/pqc-hqc/hqc/commit/161cd4fdf6b4a5198cf40b3a1243f9f27f13e03d) |
| Kyber | Selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/Kyber-Round3.zip) as basis for ML-KEM (FIPS 203) | [`pq-crystals/kyber@441c051`](https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc) |
| ML-KEM | Standardized by [NIST](https://csrc.nist.gov/pubs/fips/203/final) | [`pq-code-package/mlkem-native@d2cae2b`](https://github.com/pq-code-package/mlkem-native/commit/d2cae2be522a67bfae26100fdb520576f1b2ef90) |
| NTRU | Not selected by [NIST](https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-3/submissions/NTRU-Round3.zip), under standardization consideration by [NTT](https://info.isl.ntt.co.jp/crypt/ntru/index.html) | [`PQClean/PQClean@4c9e5a3`](https://github.com/PQClean/PQClean/commit/4c9e5a3aa715cc8d1d0e377e4e6e682ebd7602d6) |
Expand Down
29 changes: 15 additions & 14 deletions docs/algorithms/kem/hqc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,47 +2,48 @@

- **Algorithm type**: Key encapsulation mechanism.
- **Main cryptographic assumption**: Syndrome decoding of structure codes (Hamming Quasi-Cyclic).
- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Arnaud Dion, Philippe Gaborit, Jérôme Lacan, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor.
- **Principal submitters**: Philippe Gaborit.
- **Auxiliary submitters**: Carlos Aguilar-Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Edoardo Persichetti, Gilles Zémor, Jurjen Bos, Arnaud Dion, Jérôme Lacan, Jean-Marc Robert, Pascal Véron, Paulo L. Barreto, Santosh Ghosh, Shay Gueron, Tim Güneysu, Rafael Misoczki, Jan Richter-Brokmann, Nicolas Sendrier, Jean-Pierre Tillich, Valentin Vasseur.
- **Authors' website**: https://pqc-hqc.org/
- **Specification version**: 2023-04-30.
- **Specification version**: 2025-08-22.
- **Primary Source**<a name="primary-source"></a>:
- **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
- **Source**: https://gitlab.com/pqc-hqc/hqc/commit/161cd4fdf6b4a5198cf40b3a1243f9f27f13e03d with copy_from_upstream patches
- **Implementation license (SPDX-Identifier)**: Public domain
- **Ancestors of primary source**:
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc, which takes it from:
- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
- https://gitlab.com/pqc-hqc, which takes it from:
- submission 2025-08-22 at https://pqc-hqc.org/implementation.html

## Parameter set summary

| Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Ciphertext size (bytes) | Shared secret size (bytes) | Keypair seed size (bytes) | Encapsulation seed size (bytes) |
|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|:----------------------------------|
| HQC-128 | NA | IND-CCA2 | 1 | 2249 | 2305 | 4433 | 64 | NA | NA |
| HQC-192 | NA | IND-CCA2 | 3 | 4522 | 4586 | 8978 | 64 | NA | NA |
| HQC-256 | NA | IND-CCA2 | 5 | 7245 | 7317 | 14421 | 64 | NA | NA |
| HQC-1 | NA | IND-CCA2 | 1 | 2241 | 2321 | 4433 | 32 | NA | NA |
| HQC-3 | NA | IND-CCA2 | 3 | 4514 | 4602 | 8978 | 32 | NA | NA |
| HQC-5 | NA | IND-CCA2 | 5 | 7237 | 7333 | 14421 | 32 | NA | NA |

## HQC-128 implementation characteristics
## HQC-1 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | ref | All | All | None | True | False | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.

## HQC-192 implementation characteristics
## HQC-3 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | ref | All | All | None | True | False | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

## HQC-256 implementation characteristics
## HQC-5 implementation characteristics

| Implementation source | Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| [Primary Source](#primary-source) | clean | All | All | None | True | True | False |
| [Primary Source](#primary-source) | ref | All | All | None | True | False | False |

Are implementations chosen based on runtime CPU feature detection? **Yes**.

Expand Down
83 changes: 47 additions & 36 deletions docs/algorithms/kem/hqc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,85 +1,96 @@
name: HQC
type: kem
principal-submitters:
- Carlos Aguilar Melchor
- Nicolas Aragon
- Slim Bettaieb
- Loïc Bidoux
- Olivier Blazy
- Jurjen Bos
- Jean-Christophe Deneuville
- Arnaud Dion
- Philippe Gaborit
- Jérôme Lacan
- Edoardo Persichetti
- Jean-Marc Robert
- Pascal Véron
- Gilles Zémor
crypto-assumption: Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
website: https://pqc-hqc.org/
nist-round: 4
standardization-status: Selected by [NIST](https://pqc-hqc.org/doc/hqc_specifications_2025_08_22.pdf)
for upcoming standardization
spec-version: 2023-04-30
spec-version: 2025-08-22
upstream-ancestors:
- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc
- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
- https://gitlab.com/pqc-hqc
- submission 2025-08-22 at https://pqc-hqc.org/implementation.html
parameter-sets:
- name: HQC-128
- name: HQC-1
claimed-nist-level: 1
claimed-security: IND-CCA2
length-public-key: 2249
length-public-key: 2241
length-ciphertext: 4433
length-secret-key: 2305
length-shared-secret: 64
length-secret-key: 2321
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
- upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
upstream: primary-upstream
default: true
- name: HQC-192
- name: HQC-3
claimed-nist-level: 3
claimed-security: IND-CCA2
length-ciphertext: 8978
length-public-key: 4522
length-secret-key: 4586
length-shared-secret: 64
length-public-key: 4514
length-secret-key: 4602
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
- upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
upstream: primary-upstream
default: true
- name: HQC-256
- name: HQC-5
claimed-nist-level: 5
claimed-security: IND-CCA2
length-ciphertext: 14421
length-public-key: 7245
length-secret-key: 7317
length-shared-secret: 64
length-public-key: 7237
length-secret-key: 7333
length-shared-secret: 32
implementations-switch-on-runtime-cpu-features: true
implementations:
- upstream-id: clean
- upstream-id: ref
supported-platforms: all
common-crypto:
- SHA3: liboqs
no-secret-dependent-branching-claimed: true
no-secret-dependent-branching-checked-by-valgrind: true
no-secret-dependent-branching-checked-by-valgrind: false
large-stack-usage: false
upstream: primary-upstream
default: true
primary-upstream:
spdx-license-identifier: Public domain
source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
default-upstream-id: clean
source: https://gitlab.com/pqc-hqc/hqc/commit/161cd4fdf6b4a5198cf40b3a1243f9f27f13e03d
with copy_from_upstream patches
default-upstream-id: ref
auxiliary-submitters:
- Carlos Aguilar-Melchor
- Nicolas Aragon
- Slim Bettaieb
- Loïc Bidoux
- Olivier Blazy
- Jean-Christophe Deneuville
- Edoardo Persichetti
- Gilles Zémor
- Jurjen Bos
- Arnaud Dion
- Jérôme Lacan
- Jean-Marc Robert
- Pascal Véron
- Paulo L. Barreto
- Santosh Ghosh
- Shay Gueron
- Tim Güneysu
- Rafael Misoczki
- Jan Richter-Brokmann
- Nicolas Sendrier
- Jean-Pierre Tillich
- Valentin Vasseur
Loading
Loading