Add MQOM to liboqs#2385
Merged
Merged
Conversation
rben-dev
requested review from
alexrow,
baentsch,
bhess,
brian-jarvis-aws and
dstebila
as code owners
Member
Author
|
@xuganyu96: as discussed in closed PR #2361, reopening a new PR for a clean import. |
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
- memopt variant of the algorithm allowed using PR open-quantum-safe#2367 - common files for all variants are factorized using PR open-quantum-safe#2382 [extended tests] Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com>
xuganyu96
previously approved these changes
Mar 19, 2026
Contributor
xuganyu96
left a comment
xuganyu96
left a comment
There was a problem hiding this comment.
@bhess I see that this pull request also contains diff's from your pull request. Since your code change is specifically made to unblock MQOM integration, would you be okay with merging all changes in this single pull request rather than two separate pull requests?
@rben-dev Thank you for the contribution!
bhess
previously approved these changes
Mar 19, 2026
Member
bhess
left a comment
bhess
left a comment
There was a problem hiding this comment.
LGTM
@bhess I see that this pull request also contains diff's from your pull request. Since your code change is specifically made to unblock MQOM integration, would you be okay with merging all changes in this single pull request rather than two separate pull requests?
Sure, happy to go with whatever is easiest.
Member
Author
|
Thanks for the reviews @xuganyu96 @bhess, and thanks for all the PRs helping this integration @bhess! |
Member
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
bhess
approved these changes
Apr 7, 2026
Member
bhess
left a comment
bhess
left a comment
There was a problem hiding this comment.
Re-approving after resolving CBOM conflict.
Nelonn
pushed a commit
to Nelonn/liboqs
that referenced
this pull request
Apr 8, 2026
* Add common dependencies with include_only Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Remove incorrect debug print in copy_from_upstream Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Add readme for copy_from_upstream Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Import MQOM: - memopt variant of the algorithm allowed using PR open-quantum-safe#2367 - common files for all variants are factorized using PR open-quantum-safe#2382 [extended tests] Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> --------- Signed-off-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com>
2 tasks
dstebila
added a commit
that referenced
this pull request
Apr 14, 2026
* fix: build on windows clang Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Update CMakeLists.txt Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Update CMakeLists.txt Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Pin Wycheproof test vectors to last good commit (#2393) This is a temporary solution for unblocking CI pipeline; a more permanent fix is needed to incorporate new test cases Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * sntrup761: replace PQClean code with public domain OpenSSH code (#2356) * sntrup761: replace PQClean code with public domain OpenSSH code Signed-off-by: Billy Brumley <bbb@iki.fi> * Update top-level LICENSE file Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca> * [src/kem/ntruprime/sntrup761_openssh] use macro for explicit_bzero Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime/sntrup761_openssh] assign values to volatiles to make stricter android ld.lld happy Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime/sntrup761_openssh] drop attributes for MSVC Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime/sntrup761_openssh] alloca for stack allocated variable length arrays Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime/sntrup761_openssh] MSVC doesn't like variable length arrays on the stack; script to modify upstream source Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime/sntrup761_openssh] sntrup761.sh: resulting changes Signed-off-by: Billy Brumley <bbb@iki.fi> * [docs/algorithms/kem] YAML doc update for sntrup761 Signed-off-by: Billy Brumley <bbb@iki.fi> * doc: copy_from_upstream.py changes for sntrup761 from OpenSSH Signed-off-by: Billy Brumley <bbb@iki.fi> * [.github] CODEOWNERS: sntrup761, sign up for /src/kem/ntruprime Signed-off-by: Billy Brumley <bbb@iki.fi> * [docs/algorithms/kem] sntrup761 from upstream OpenSSH has no runtime featurization Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime] add OPENSSH prefix and use it Signed-off-by: Billy Brumley <bbb@iki.fi> * [docs/algorithms/kem] sntrup761: markdown fix, are implementations chosen based on runtime CPU feature detection Signed-off-by: Billy Brumley <bbb@iki.fi> * [src/kem/ntruprime/sntrup761_openssh] sntrup761: use __builtin_alloca intrinsic as a fallback for alloca in non-MSVC cases Signed-off-by: Billy Brumley <bbb@iki.fi> * [extended tests] sntrup761: add CT exception for rejection sampling Signed-off-by: Billy Brumley <bbb@iki.fi> --------- Signed-off-by: Billy Brumley <bbb@iki.fi> Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca> Signed-off-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Add MQOM to liboqs (#2385) * Add common dependencies with include_only Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Remove incorrect debug print in copy_from_upstream Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Add readme for copy_from_upstream Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Import MQOM: - memopt variant of the algorithm allowed using PR #2367 - common files for all variants are factorized using PR #2382 [extended tests] Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> --------- Signed-off-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Update mlkem-native to v1.1.0 (#2376) * Update mlkem-native to v1.1.0 [full tests] [extended tests] Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu> * ML-KEM: Remove constant-time passes whitelist [full tests] [extended tests] This commit removes the constant time passes which for ML-KEM that is used to suppress the false positives of the constant-time tests. This is no longer needed with mlkem-native as mlkem-native does explicit declassifications for public data that is being branched on. Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu> --------- Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu> Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Fix mismatched macros in LMS variants (#2379) Signed-off-by: Abhi S <saxena_abhinav@icloud.com> Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> * Bump the pip group across 2 directories with 1 update (#2389) Bumps the pip group with 1 update in the /.github/workflows directory: [requests](https://github.com/psf/requests). Bumps the pip group with 1 update in the /scripts/copy_from_upstream directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.32.4 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.4...v2.33.0) Updates `requests` from 2.32.4 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.4...v2.33.0) --- updated-dependencies: - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> --------- Signed-off-by: Nelonn <42481486+Nelonn@users.noreply.github.com> Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> Signed-off-by: Billy Brumley <bbb@iki.fi> Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca> Signed-off-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu> Signed-off-by: Abhi S <saxena_abhinav@icloud.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Bruce <g66xu@uwaterloo.ca> Co-authored-by: Billy Brumley <bbb@iki.fi> Co-authored-by: Douglas Stebila <dstebila@uwaterloo.ca> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Douglas Stebila <dstebila@users.noreply.github.com> Co-authored-by: Ryad Benadjila <ryadbenadjila@gmail.com> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> Co-authored-by: Abhi S <150999537+abhi-dev-engg@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
will-bates11
pushed a commit
to will-bates11/liboqs
that referenced
this pull request
Apr 14, 2026
* Add common dependencies with include_only Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Remove incorrect debug print in copy_from_upstream Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Add readme for copy_from_upstream Signed-off-by: Basil Hess <bhe@zurich.ibm.com> * Import MQOM: - memopt variant of the algorithm allowed using PR open-quantum-safe#2367 - common files for all variants are factorized using PR open-quantum-safe#2382 [extended tests] Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> --------- Signed-off-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Ryad Benadjila <ryadbenadjila@gmail.com> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Signed-off-by: Will Bates <william.bates11@outlook.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
NOTE: This PR is a clean reopening of closed PR #2361. Please refer to it for the details of the conversation and the related PRs (adding the memopt variants in liboqs, fixing Zephyr build, adding a way to import common files with
copy_from_upstream).This PR adds the MQOM signature scheme. MQOM is part of on-ramp Round 2 NIST candidates, In order to avoid too many variants that would overload the library, we only provide implementations for GF(16) MQOM fast and short (with 3 or 5 rounds), as this is the best choice for a speed and signature size balance.
Three implementation profiles are integrated to
liboqs:AVX2: this makes use of AVX2 and AES-NI extensions, suited for modern amd64 platforms.default: this is a portable implementation suitable for most desktop-like platforms (e.g. arm64 Mac M1, etc.)memopt: this is a portable implementation with memory optimizations that are more suitable for platforms with stringent memory constraints (e.g. embedded platforms or targets with small stacks, etc.)Here are some notable elements for this MQOM integration:
liboqsAPI for this.liboqsAPI for this. However, for security levels 3 and 5 Rijndael-256-256 is used, and hence we had to provide local implementations for this (see in the rijndael/ folder upstream).AVX2anddefaultimplementations:--max-stackframe=20480000tovalgrindas discussed in issue Maximum stack usage for valgrind "leak test" #2360 : without this the CI tests fail with false positives. The strategy for this fix can be of course discussed. The fix is part of the PR.Many elements of this PR have been produces with the
copy_from_upstream.pyautomation (thanks for this).Thanks in advance for considering the inclusion of MQOM in the library, as we believe this can be useful for exploring on-ramp candidates. Please do not hesitate if anything is wrong or missing!