See the build status for each component here
PQClean, in short, is an effort to collect clean implementations of the post-quantum schemes that are in the NIST post-quantum project. The goal of PQClean is to provide standalone implementations that
What PQClean is not aiming for is
As a first main target, we are collecting C implementations that fulfill the requirements listed below. We also accept optimised implementations, but still requiring high-quality, tested code.
Please also review our guidelines for contributors if you are interested in adding a scheme to PQClean.
For a summary of the lessons learnt while working on PQClean, please refer to:
Matthias J. Kannwischer, Peter Schwabe, Douglas Stebila, and Thom Wiggers. “Improving Software Quality in Cryptography Standardization Projects.” In: Security Standardization Research – EuroS&P Workshops 2022. 2022.
Find the paper at https://eprint.iacr.org/2022/337
Please cite this work when referring to PQClean:
@inproceedings{SSR:KSSW22,
author = {Matthias J. Kannwischer and
Peter Schwabe and
Douglas Stebila and
Thom Wiggers},
title = {Improving Software Quality in Cryptography Standardization Projects},
booktitle = {{IEEE} European Symposium on Security and Privacy, EuroS{&}P 2022 - Workshops, Genoa, Italy, June 6-10, 2022},
pages = {19--30},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
year = {2022},
url = {https://eprint.iacr.org/2022/337},
doi = {10.1109/EuroSPW55150.2022.00010},
}
Please note that many of the implementations included in PQClean originate from original research projects themselves, and their authors will appreciate getting cited as well.
The checking of items on this list is still being developed. Checked items should be working.
api.h
cannot include external files-Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes
with gcc
and clang
#if
/#ifdef
s only for header encapsulationconst
arguments are labeled as const
fips202.c
, sha2.c
, aes.c
, randombytes.c
0
on successnmake
)PQCLEAN_SCHEMENAME_
LICENSE
file (see below)META.yml
file giving details about version of the algorithm, designers
META.yml
.stdint.h
types (optional, recommended)size_t
(optional, recommended)for (size_t i=...
) (optional, recommended)For the following schemes we have implementations of one or more of their parameter sets. For all of these schemes we have clean C code, but for some we also have optimised code.
Finalists:
Alternate candidates:
To-be standards:
Alternate candidates:
Implementations previously available in PQClean and dropped in Round 3 of the NIST standardization effort are available in the round2
tag.
Implementations previously available in PQClean and dropped in Round 4 of the NIST standardization effort are available in the round3
tag.
PQClean is essentially using the same API as required for the NIST reference implementations, which is also used by SUPERCOP and by libpqcrypto. The only differences to that API are the following:
size_t
instead of unsigned long long
; andint PQCLEAN_SCHEME_IMPL_crypto_sign_signature(
uint8_t *sig, size_t *siglen,
const uint8_t *m, size_t mlen,
const uint8_t *sk);
int PQCLEAN_SCHEME_IMPL_crypto_sign_verify(
const uint8_t *sig, size_t siglen,
const uint8_t *m, size_t mlen,
const uint8_t *pk);
As noted above, PQClean is not meant to be built as a single library: it is a collection of source code that can be easily integrated into other libraries. The PQClean repository includes various test programs which do build various files, but you should not use the resulting binaries.
List of required dependencies: gcc or clang, make, python3, python-yaml library, valgrind, astyle (>= 3.0)
.
Each implementation directory in PQClean (e.g., crypto_kem/kyber768_clean) can be extracted for use in your own project. You will need to:
common/randombytes.h
(a cryptographic random number generator), and possibly common/sha2.h
(the SHA-2 hash function family), common/aes.h
(AES implementations), common/fips202.h
(the SHA-3 hash function family) and common/sp800-185.h
(the cSHAKE family).
It is possible to use the implementations from the common/
folder, but note that they may not be the most performant implementations and may do unnecessary things (like heap allocations) for our testing purposes.Regarding #2, adding the files to your project's build system, each implementation in PQClean is accompanied by example two makefiles that show how one could build the files for that implementation:
Makefile
which can be used with GNU Make, BSD Make, and possibly others.Makefile.Microsoft_nmake
which can be used with Visual Studio's nmake.The following projects consume implementations from PQClean and provide their own wrappers around the implementations. Their integration strategies may serve as examples for your own projects.
Each subdirectory containing implementations contains a LICENSE
file stating under what license that specific implementation is released.
The files in common
contain licensing information at the top of the file (and are currently either public domain or MIT).
All other code in this repository is released under the conditions of CC0.
See https://github.com/PQClean/PQClean/wiki/Test-framework for details about the PQClean test framework.
While we run extensive automatic testing on Github Actions ((emulated) Linux builds, MacOS and Windows builds) and Travis CI (Aarch64 builds), and most tests can also be run locally. To do this, make sure the following is installed:
pytest
for python 3.We also recommend installing pytest-xdist
to allow running tests in parallel.
You will also need to make sure the submodules are initialized by running:
git submodule update --init
Run the Python-based tests by going into the test
directory and running pytest -v
or (recommended) pytest -n=auto
for parallel testing.
You may also run python3
where
is any of the files starting with test_
in the test/
folder.