ChangeLog
  • 2021-08-27
    v1.4
    Release notes
    Algorithms
    • McEliece KEM was introduced

    Client API
    • New API for algorithm context duplication was introduced

    Documentation
    • Package installation instructions on Unix-like systems were simplified

    Bugfixes
    • Internal API docs were removed from the documentation
    • Crash of common example was fixed and fatal error handling usage was clarified
  • 2020-11-25
    v1.3
    Release notes
    Algorithms
    • SABER KEM experimental implementation introduced
    • Falcon DSA experimental implementation introduced
  • 2020-07-27
    v1.2
    Release notes
    Enhancements
    • Debian9 (stretch) is now supported
  • 2020-05-15
    v1.1
    Release notes
    Documentation
    • Package installation instructions on Unix-like systems were simplified
    • Configuration API documentation was clarified
  • 2020-03-11
    v1.0
    Release notes
    Client API
    • Sphincs+ OpenSSL ENGINE removed from the PQLR package.

    Documentation
    • Update install instructions, metadata, and documentation location in the Windows package.
  • 2020-01-21
    v0.19
    Release notes
    Bugfix
    • PQLR could be used in third-party CMake project out of box.
  • 2019-12-27
    v0.18
    Release notes
    Security
    • Entropy source usage was streamlined to avoid potential errors.

    Documentation
    • Publish benchmarking methodology.
  • 2019-12-02
    v0.17
    Release notes
    Security
    • Fixed potential timing attack vector in newhope_initiator_finalize.
  • 2019-11-11
    v0.16
    Release notes
    Client API
    • Each enumeration contains _LAST field to improve enumerations handling.

    Perfomance
    • Benchmark results were refined.

    Bugfix
    • SPHINCS+ engine package structure was changed to be operable out of box.

    Documentation
    • QA whitepaper was created.
    • Package version added to documentation in the package.
    • SPHINCS+ engine installation instructions were introduced.
  • 2019-10-23
    v0.15
    Release notes
    Client API
    • Entropy source can be no longer set by user; the library will use /dev/urandom (on Linux) or CryptoAPI (on Windows).
    • Public PQLR and algorithm instantiation functions return NULL if out of memory.
    • OpenSSL with NewHope KEM and SPHINCS+ engine support in TLS was introduced.

    Algorithms
    • An implementation of XMSS^MT signing scheme was introduced.

    Package
    • OpenSSL source package with NewHope algorithm is available.
  • 2019-10-01
    v0.14
    Release notes
    Client API
    • stunnel supports "SOCKS5 direct" pre-routing mode.
    • TLS connection could be established within SPHINCS+ and release version of OpenSSL.

    Bugfix
    • Crash on TLS connection closing fixed.

    Security
    • Clarified correctness of DRBG algorithms: system sources of the entropy are only used to initialize internal random generators.
    • NewHope integrity checks were improved.

    Platforms
    • OpenSSL fork is available for Windows.

    Package
    • OpenSSL engine moved to PQLR package.
  • 2019-09-09
    v0.13
    Release notes
    Client API
    • Introduce XMSS cache.
    • Clarify the purpose of random generators.
    • SPHINCS+ now can be used as digital signature algorithm through OpenSSL EVP interface.
    • Add optional SPHINCS+ OpenSSL engine to package.

    Performance
    • XMSS cache gives a huge impact on the performance of the sign method after the cache is initialized.
    Cached vs not_cached performance:
    - 0.01s vs 3.29s with sha256_h10 parameter set.
    - 0.02s vs 5920.65s with gost256_h20 parameter set.

    If the cache is enabled, cache initialization is performed on the first call of generate_keys or sign methods. The cache life cycle is the same as PQLR context life cycle. Cache size is determined by XMSS Merkle tree height (parameter h). With height 10 cache size is around 84 KB, with height 20 cache size is around 84 MB.

    Security
    • Securely erase buffers with sensitive data.

    Documentation
    • Update Doxygen documentation style.
  • 2019-08-19
    v0.12
    Release notes
    Client API
    Sphincs+ OpenSSL engine usage example was introduced.

    Performance
    XMSS secret key length was reduced to 132 bytes for all parameter sets.
    `newhope_initiator_prepare` 28% speedup.
    `newhope_responder` 29% speedup.

    Security
    Initial CERT compliance code base check.
  • 2019-07-30
    v0.11
    Release notes
    Client API
    `NEWHOPE_NUM_KEYBYTES` constant was converted to `newhope_get_keybytes_num()` getter.

    Algorithms
    Obsolete SPHINCS implementation was completely removed from code base.

    Bugfix
    Redundant quotes signs were removed from diagnostic messages.
  • 2019-07-08
    v0.10
    Release notes
    Platforms
    Dirty NewHope KEM integration in OpenSSL 1_1_1 and TLS 1.3.
    Unit and integration smoke tests passing on android armv7a.

    Security
    Possible crypto stream exhausting in `newhope_initiator_prepare` was fixed.

    Performance
    `newhope_responder` execution on reference hardware time was decreased on 1us.
    `newhope_initiator_prepare` execution on reference hardware time was decreased on 20us for security reasons.

    Package
    More information about package configuration in its name.
    Package contains meta-information with extended description of configuration.
  • 2019-06-27
    v0.9
    Release notes
    Client API
    Naive XMSS signature scheme implementation.
    Examples of PQLR common API usage.

    Platforms
    Initial android armv7a support.

    Documentation
    Fix misspellings.
    Fix errors in code examples.

    Package
    OpenSSL is no longer required.
    More information about package configuration in its name
    Changelog in package.
  • 2019-03-01
    v0.8
    Release notes
    Client API
    Algorithm configuration interfaces generalization.
    Hide implementation detail.
    Make interface more stable and sustainable for implementation details changes.

    Security
    Make NewHope more resistant to timing attacks.
    Research that SPHINCS+ is sustainable for timing attacks by design.

    Platforms
    Initial win32/64 support.

    Documentation
    Fix misspellings.
    Fix errors in code examples.

    Performance
    15% speedup of NewHope algorithm stages.
  • 2019-01-22
    v0.7
    Release notes
    Dependencies
    OpenSSL version changed to 1.1.x.
  • 2019-01-22
    v0.6
    Release notes
    Client API
    API generalization.

    Algorithms
    McEliece KEM prototype implemented.
  • 2019-01-11
    v0.5
    Release notes
    Client API
    Update algorithm context with random generator config.

    Algorithms
    Fix NewHope reference differences.

    Platforms
    Port to MSVC.
    Support for 32 and 64 bit systems.
  • 2018-10-26
    v0.4
    Release notes
    Client API
    Support for single-library configuration.
    Update CMake files in examples.
  • 2018-10-18
    v0.3
    Release notes
    Algorithms
    GOST Streebog optimizations.
  • 2018-10-17
    v0.2
    Release notes
    Algorithms
    Minor SPHINCS+ optimizations.
  • 2018-10-15
    v0.1
    Release notes
    Algorithms
    NewHope key distribution initial implementation.
    SPHINCS+ signature scheme initial implementation.