Initial addition of sqisign.

.CMake/alg_support.cmake

@@ -222,8 +222,14 @@ cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_37_8_4 "" ON "OQS_ENABLE_SIG_S
 cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_24_5_5 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
 cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_60_10_4 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
 cmake_dependent_option(OQS_ENABLE_SIG_snova_SNOVA_29_6_5 "" ON "OQS_ENABLE_SIG_SNOVA" OFF)
+
+option(OQS_ENABLE_SIG_SQISIGN "Enable sqisign algorithm family" ON)
+cmake_dependent_option(OQS_ENABLE_SIG_sqisign_lvl1 "" ON "OQS_ENABLE_SIG_SQISIGN" OFF)
+cmake_dependent_option(OQS_ENABLE_SIG_sqisign_lvl3 "" ON "OQS_ENABLE_SIG_SQISIGN" OFF)
+cmake_dependent_option(OQS_ENABLE_SIG_sqisign_lvl5 "" ON "OQS_ENABLE_SIG_SQISIGN" OFF)
 ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_END
 
+
 ##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_START
 if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
 
@@ -1010,6 +1016,25 @@ if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS AND OQS_USE_ARM_NEO
 endif()
 endif()
 
+
+if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
+if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
+    cmake_dependent_option(OQS_ENABLE_SIG_sqisign_lvl1_broadwell "" ON "OQS_ENABLE_SIG_sqisign_lvl1" OFF)
+endif()
+endif()
+
+if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
+if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
+    cmake_dependent_option(OQS_ENABLE_SIG_sqisign_lvl3_broadwell "" ON "OQS_ENABLE_SIG_sqisign_lvl3" OFF)
+endif()
+endif()
+
+if(CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
+if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS))
+    cmake_dependent_option(OQS_ENABLE_SIG_sqisign_lvl5_broadwell "" ON "OQS_ENABLE_SIG_sqisign_lvl5" OFF)
+endif()
+endif()
+
 ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_END
 
 ##### OQS_COPY_FROM_LIBJADE_FRAGMENT_ADD_ENABLE_BY_ALG_CONDITIONAL_START

CMakeLists.txt

@@ -28,6 +28,7 @@ option(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE "Permit compilation on an an unsuppor
 option(OQS_STRICT_WARNINGS "Enable all compiler warnings." OFF)
 option(OQS_EMBEDDED_BUILD "Compile liboqs for an Embedded environment without a full standard library." OFF)
 option(OQS_USE_CUPQC "Utilize cuPQC as the backend for supported PQC algorithms." OFF)
+option(OQS_USE_GMP "Utilize GMP for supported PQC algorithms." ON)
 
 # Libfuzzer isn't supported on gcc
 if('${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
@@ -150,6 +151,38 @@ if(${OQS_USE_CUPQC})
     endif()
     find_package(cuPQC 0.2.0 REQUIRED)
 endif()
+if(${OQS_USE_GMP})
+  message(STATUS "Using system GMP")
+
+  find_library(GMP gmp REQUIRED)
+  find_path(GMP_INCLUDE gmp.h)
+
+  add_library(GMP SHARED IMPORTED)
+  set_target_properties(GMP PROPERTIES
+    IMPORTED_LOCATION ${GMP}
+    INTERFACE_INCLUDE_DIRECTORIES ${GMP_INCLUDE}
+  )
+
+  if(CMAKE_SIZEOF_VOID_P MATCHES "4")
+      add_compile_definitions(RADIX_32)
+      add_compile_definitions(GMP_LIMB_BITS=32)
+  else()
+      add_compile_definitions(RADIX_64)
+      include(CheckCSourceCompiles)
+      check_c_source_compiles("
+        int main() {
+         __uint128_t x = 0;
+        (void)x;
+        return 0;
+        }
+        " HAVE_UINT128_T)
+      if (HAVE_UINT128_T)
+        add_compile_definitions(HAVE_UINT128)
+      endif()
+      add_compile_definitions(GMP_LIMB_BITS=64)
+  endif()
+
+endif()
 
 if (NOT ((CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") AND (ARCH_X86_64 STREQUAL "ON")) AND (OQS_LIBJADE_BUILD STREQUAL "ON"))
     message(FATAL_ERROR "Building liboqs with libjade implementations from libjade is only supported on Linux and Darwin on x86_64.")
@@ -270,6 +303,9 @@ endif()
 if(OQS_ENABLE_SIG_SNOVA)
     set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/snova/sig_snova.h)
 endif()
+if(OQS_ENABLE_SIG_SQISIGN)
+    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sqisign/sig_sqisign.h)
+endif()
 ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
 if(OQS_ENABLE_SIG_STFL_XMSS)
     set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)

README.md

@@ -76,6 +76,7 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
 - **SNOVA**: SNOVA\_24\_5\_4, SNOVA\_24\_5\_4\_SHAKE, SNOVA\_24\_5\_4\_esk, SNOVA\_24\_5\_4\_SHAKE\_esk, SNOVA\_37\_17\_2†, SNOVA\_25\_8\_3, SNOVA\_56\_25\_2†, SNOVA\_49\_11\_3†, SNOVA\_37\_8\_4†, SNOVA\_24\_5\_5†, SNOVA\_60\_10\_4†, SNOVA\_29\_6\_5†
 - **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple
 - **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
+- **SQIsign**: SQIsign-lvl1, SQIsign-lvl3, SQIsign-lvl5
 - **UOV**: OV-Is, OV-Ip, OV-III, OV-V, OV-Is-pkc, OV-Ip-pkc, OV-III-pkc, OV-V-pkc, OV-Is-pkc-skc, OV-Ip-pkc-skc, OV-III-pkc-skc, OV-V-pkc-skc
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->
 - **XMSS**: XMSS-SHA2_10_256, XMSS-SHA2_16_256, XMSS-SHA2_20_256, XMSS-SHAKE_10_256, XMSS-SHAKE_16_256, XMSS-SHAKE_20_256, XMSS-SHA2_10_512, XMSS-SHA2_16_512, XMSS-SHA2_20_512, XMSS-SHAKE_10_512, XMSS-SHAKE_16_512, XMSS-SHAKE_20_512, XMSS-SHA2_10_192, XMSS-SHA2_16_192, XMSS-SHA2_20_192, XMSS-SHAKE256_10_192, XMSS-SHAKE256_16_192, XMSS-SHAKE256_20_192, SHAKE256_10_256, SHAKE256_16_256, SHAKE256_20_256, XMSSMT-SHA2_20/2_256, XMSSMT-SHA2_20/4_256, XMSSMT-SHA2_40/2_256, XMSSMT-SHA2_40/4_256, XMSSMT-SHA2_40/8_256, XMSSMT-SHA2_60/3_256, XMSSMT-SHA2_60/6_256, XMSSMT-SHA2_60/12_256, XMSSMT-SHAKE_20/2_256, XMSSMT-SHAKE_20/4_256, XMSSMT-SHAKE_40/2_256, XMSSMT-SHAKE_40/4_256, XMSSMT-SHAKE_40/8_256, XMSSMT-SHAKE_60/3_256, XMSSMT-SHAKE_60/6_256, XMSSMT-SHAKE_60/12_256 

docs/algorithms/sig/sqisign.md

@@ -0,0 +1,52 @@
+# SQIsign
+
+- **Algorithm type**: Digital signature scheme.
+- **Main cryptographic assumption**: Computing the endomorphism ring of a supersingular elliptic curve..
+- **Principal submitters**: Marius A. Aardal, Gora Adj, Diego F. Aranha, Andrea Basso, Isaac Andrés Canales Martínez, Jorge Chávez-Saab, Maria Corte-Real Santos, Pierrick Dartois, Luca De Feo, Max Duparc, Jonathan Komada Eriksen, Tako Boris Fouotsa, Décio Luiz Gazzoni Filho, Basil Hess, David Kohel, Antonin Leroux, Patrick Longa, Luciano Maino, Michael Meyer, Kohei Nakagawa, Hiroshi Onuki, Lorenz Panny, Sikhar Patranabis, Christophe Petit, Giacomo Pope, Krijn Reijnders, Damien Robert, Francisco Rodríguez Henríquez, Sina Schaeffler, Benjamin Wesolowski.
+- **Authors' website**: https://sqisign.org/
+- **Specification version**: Round 2.
+- **Primary Source**<a name="primary-source"></a>:
+  - **Source**: https://github.com/bhess/the-sqisign/commit/39b09acd532c69e3fb1206b4502572479288df92
+  - **Implementation license (SPDX-Identifier)**: Apache-2.0
+
+
+## Parameter set summary
+
+|  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
+|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
+|  SQIsign-lvl1   | NA                    | EUF-CMA          |                    1 |                        65 |                       353 |                      148 |
+|  SQIsign-lvl3   | NA                    | EUF-CMA          |                    3 |                        97 |                       529 |                      224 |
+|  SQIsign-lvl5   | NA                    | EUF-CMA          |                    5 |                       129 |                       701 |                      292 |
+
+## SQIsign-lvl1 implementation characteristics
+
+|       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
+|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
+| [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                 |
+| [Primary Source](#primary-source) | broadwell                | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | False                 |
+
+Are implementations chosen based on runtime CPU feature detection? **Yes**.
+
+ ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
+
+## SQIsign-lvl3 implementation characteristics
+
+|       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
+|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+| [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | broadwell                | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | False                |
+
+Are implementations chosen based on runtime CPU feature detection? **Yes**.
+
+## SQIsign-lvl5 implementation characteristics
+
+|       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
+|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+| [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | broadwell                | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | False                |
+
+Are implementations chosen based on runtime CPU feature detection? **Yes**.
+
+## Explanation of Terms
+
+- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

docs/algorithms/sig/sqisign.yml

@@ -0,0 +1,131 @@
+name: SQIsign
+type: signature
+principal-submitters:
+- Marius A. Aardal
+- Gora Adj
+- Diego F. Aranha
+- Andrea Basso
+- Isaac Andrés Canales Martínez
+- Jorge Chávez-Saab
+- Maria Corte-Real Santos
+- Pierrick Dartois
+- Luca De Feo
+- Max Duparc
+- Jonathan Komada Eriksen
+- Tako Boris Fouotsa
+- Décio Luiz Gazzoni Filho
+- Basil Hess
+- David Kohel
+- Antonin Leroux
+- Patrick Longa
+- Luciano Maino
+- Michael Meyer
+- Kohei Nakagawa
+- Hiroshi Onuki
+- Lorenz Panny
+- Sikhar Patranabis
+- Christophe Petit
+- Giacomo Pope
+- Krijn Reijnders
+- Damien Robert
+- Francisco Rodríguez Henríquez
+- Sina Schaeffler
+- Benjamin Wesolowski
+crypto-assumption: Computing the endomorphism ring of a supersingular elliptic curve.
+website: https://sqisign.org/
+nist-round: 2
+spec-version: Round 2
+primary-upstream:
+  source: https://github.com/bhess/the-sqisign/commit/39b09acd532c69e3fb1206b4502572479288df92
+  spdx-license-identifier: Apache-2.0
+parameter-sets:
+- name: SQIsign-lvl1
+  oqs_alg: OQS_SIG_alg_sqisign_lvl1
+  claimed-nist-level: 1
+  claimed-security: EUF-CMA
+  length-public-key: 65
+  length-secret-key: 353
+  length-signature: 148
+  implementations-switch-on-runtime-cpu-features: true
+  implementations:
+  - upstream: primary-upstream
+    upstream-id: ref
+    supported-platforms: all
+    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-checked-by-valgrind: true
+    large-stack-usage: false
+  - upstream: primary-upstream
+    upstream-id: broadwell
+    supported-platforms:
+    - architecture: x86_64
+      operating_systems:
+      - Darwin
+      - Linux
+      required_flags:
+      - avx2
+    common-crypto:
+    - SHA3: liboqs
+    - AES: liboqs
+    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-checked-by-valgrind: true
+    large-stack-usage: false
+- name: SQIsign-lvl3
+  oqs_alg: OQS_SIG_alg_sqisign_lvl3
+  claimed-nist-level: 3
+  claimed-security: EUF-CMA
+  length-public-key: 97
+  length-secret-key: 529
+  length-signature: 224
+  implementations-switch-on-runtime-cpu-features: true
+  implementations:
+  - upstream: primary-upstream
+    upstream-id: ref
+    supported-platforms: all
+    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-checked-by-valgrind: true
+    large-stack-usage: false
+  - upstream: primary-upstream
+    upstream-id: broadwell
+    supported-platforms:
+    - architecture: x86_64
+      operating_systems:
+      - Darwin
+      - Linux
+      required_flags:
+      - avx2
+    common-crypto:
+    - SHA3: liboqs
+    - AES: liboqs
+    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-checked-by-valgrind: true
+    large-stack-usage: false
+- name: SQIsign-lvl5
+  oqs_alg: OQS_SIG_alg_sqisign_lvl5
+  claimed-nist-level: 5
+  claimed-security: EUF-CMA
+  length-public-key: 129
+  length-secret-key: 701
+  length-signature: 292
+  implementations-switch-on-runtime-cpu-features: true
+  implementations:
+  - upstream: primary-upstream
+    upstream-id: ref
+    supported-platforms: all
+    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-checked-by-valgrind: true
+    large-stack-usage: false
+  - upstream: primary-upstream
+    upstream-id: broadwell
+    supported-platforms:
+    - architecture: x86_64
+      operating_systems:
+      - Darwin
+      - Linux
+      required_flags:
+      - avx2
+    common-crypto:
+    - SHA3: liboqs
+    - AES: liboqs
+    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-checked-by-valgrind: true
+    large-stack-usage: false