CIRCL v1.6.1

• Fixes some point checks on the FourQ curve.
• Hybrid KEM fails on low-order points.

What's Changed

• kem/hybrid: ensure X25519 hybrids fails with low order points by @Lekensteyn in #541
• .github: Use native ARM64 builders instead of QEMU by @Lekensteyn in #542
• Fixes several errors on twisted Edwards curves. by @armfazh in #545
• Release v1.6.1 by @armfazh in #546

Full Changelog: v1.6.0...v1.6.1

CIRCL v1.6.0

New!

• Prio3 Verifiable Distributed Aggregation Function (draft-irtf-cfrg-vdaf).
• X-Wing: general-purpose hybrid post-quantum KEM (draft-connolly-cfrg-xwing-kem)

What's Changed

• Add OIDs to ML-DSA by @bwesterb in #519
• Adds Prio3 a set of verifiable distributed aggregation functions. by @armfazh in #522
• Run semgrep cronjob only in upstream repository. by @armfazh in #526
• X-Wing PQ/T hybrid by @bwesterb in #471
• ckem: move crypto/elliptic to crypto/ecdh by @MingLLuo in #529
• hpke: Update HPKE code to use ecdh stdlib package. by @armfazh in #530
• prio3: Adds polynomial multiplication using NTT by @armfazh in #532
• Add Prio3 in readme. by @armfazh in #527

New Contributors

• @MingLLuo made their first contribution in #529

Full Changelog: v1.5.0...v1.6.0

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed

• kem: add X25519MLKEM768 TLS hybrid KEM by @bwesterb in #510
• Create semgrep.yml by @hrushikeshdeshpande in #514
• repo: Some fixes reported by CodeQL by @armfazh in #515
• Add ML-DSA (FIPS204) by @bwesterb in #480
• sign/mldsa: Add test for ML-DSA signature verification. by @armfazh in #517
• Release v1.5.0 by @armfazh in #518

New Contributors

• @hrushikeshdeshpande made their first contribution in #514

Full Changelog: v1.4.0...v1.5.0

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

• eddilithium3: fix typos by @bwesterb in #503
• Add ML-KEM (FIPS 203). by @bwesterb in #470
• Add ML-KEM decapsulation key check. by @bwesterb in #507
• Preparing for release v1.4.0 by @armfazh in #508

Full Changelog: v1.3.9...v1.4.0

CIRCL v1.3.9

Changes:

• Fix bug on BLS12381 decoding elements.

Commit History

• dilithium: fix typo by @bwesterb in #498
• bls12381: Detects invalid prefix in G1 and G2 serialized elements by @armfazh in #500
• Preparing CIRCL release v1.3.9 by @armfazh in #501

Full Changelog: v1.3.8...v1.3.9

CIRCL v1.3.8

New

• BLS Signatures on top of BLS12-381.
• Adopt faster squaring in pairings.
• BlindRSA compliant with RFC9474.
• (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

• Update on cpabe/tkn20 ciphertexts, read more at https://github.com/cloudflare/circl/wiki/tkn20-Ciphertext-Format-(v1.3.8)

What's Changed

• Implement Granger-Scott faster squaring in the cyclotomic subgroup. by @armfazh in #449
• Updates avo and CIRCL's own dependency. by @armfazh in #474
• Updating documentation for OPRF package. by @armfazh in #475
• group: removes order method from group interface by @armfazh in #356
• zk/dleq: Adding DLEQ proofs for Qn, the subgroup of squares in (Z/nZ)* by @armfazh in #451
• Reduce x/crypto and x/sys versions to match Go 1.21 by @Lekensteyn in #476
• Bump GitHub Actions versions and use Go 1.22 and 1.21 by @Lekensteyn in #477
• Adding rule for constant values by @armfazh in #478
• Add BLS signatures over BLS12-381 by @armfazh in #446
• group: Implements Shamir and Feldman secret sharing. by @armfazh in #348
• blindrsa: add support for all variants of RFC9474 by @armfazh in #479
• Explicitly installs Go with version before CodeQL analysis. by @armfazh in #481
• Bumps golangci-lint action by @armfazh in #485
• ecc/bls12381: Ensures pairing operations don't overwrite their input by @armfazh in #494
• Align to the purego build tag, removing noasm build tag by @mattyclarkson in #492
• cpabe: Serializing ciphertext with 32-bit prefixes. by @armfazh in #490

New Contributors

• @mattyclarkson made their first contribution in #492

Full Changelog: v1.3.7...v1.3.8

CIRCL v1.3.7

What's Changed

• build(deps): bump golang.org/x/crypto from 0.3.1-0.20221117191849-2c476679df9a to 0.17.0 by @dependabot in #467
• kyber: remove division by q in ciphertext compression by @bwesterb in #468
• Releasing CIRCL v1.3.7 by @armfazh in #469

New Contributors

• @dependabot made their first contribution in #467

Full Changelog: v1.3.6...v1.3.7

CIRCL v1.3.6

What's Changed

• internal: add TurboShake{128,256} by @bwesterb in #430
• Kangaroo12 draft -10 by @bwesterb in #431
• Add K12 as XOF by @bwesterb in #437
• xof/k12: Fix a typo in the package documentation by @cjpatton in #438
• Set CIRCL version for generated assembler code. by @armfazh in #440
• Add tkn20 benchmarks by @tanyav2 in #442
• Add partially blind RSA implementation by @chris-wood in #445
• Update doc.go by @nadimkobeissi in #447
• tss/rsa: key generation for threshold RSA (safe primes) by @armfazh in #450
• Bumping Go version for CI jobs. by @armfazh in #457
• Spelling by @jsoref in #456
• blindrsa: updating blindrsa to be compliant with RFC9474 by @armfazh in #464
• Releasing CIRCL v1.3.6 by @armfazh in #465

New Contributors

• @nadimkobeissi made their first contribution in #447
• @jsoref made their first contribution in #456

Full Changelog: v1.3.3...v1.3.6

New Features

• ASCON light-weight authenticated encryption.
• Hybrid KEM for HPKE based on Kyber and X25519.
• CIRCL can be compiled both as static and dynamic linking modes.

Security

• Fixes error-handling on rand readers.

What's Changed

• Use untyped consts for Kyber params by @tmthrgd in #398
• zk/dl: adds prefixed labels and updates nomenclature. by @armfazh in #396
• Bumping Go version. by @armfazh in #399
• kem: add P-256 + Kyber768Draft00 hybrid by @bwesterb in #402
• ckem: pass xof to elliptic.GenerateKey directly by @bwesterb in #403
• Adding Ascon, an AEAD lightweight cipher. by @armfazh in #400
• Add Ascon-80pq to cipher\ascon by @dhcgn in #404
• ascon: update formulas and check for API compatibility by @armfazh in #406
• all: enables dynamic linking, removes R15 is clobbered by @armfazh in #407
• ascon: Removes table of constants. by @armfazh in #408
• tkn20: prevent panics on key gen errors by @tmthrgd in #409
• expander,tkn20: remove superfluous Reset calls by @tmthrgd in #410
• Updating stdlib crypto library. by @armfazh in #413
• Reduce x/crypto and x/sys versions to match Go 1.20 by @Lekensteyn in #414
• Make ascon cipher go routine safe by @enj in #416
• tkn20,kyber,x25519,x448: plug constant-time leaks by @tmthrgd in #411
• Check for crypto/rand errors and ReadFull io.Readers by @bwesterb in #417
• Fix encapsulation seed size by @chris-wood in #419
• Add X25519Kyber768Draft00 experimental HPKE KEM by @chris-wood in #421
• hpke: Adding NonceSize function to AEAD. by @armfazh in #424
• hpke: Address always nil parameter. by @armfazh in #425
• hpke: update and move xyber768d00 test vectors by @bwesterb in #426
• hpke: fix encapsulation seed in test for xyber by @bwesterb in #428
• Remove scalar sha3 amd64 assembly by @bwesterb in #429
• Add HPKE benchmarks by @chris-wood in #434

New Contributors

• @tmthrgd made their first contribution in #398
• @dhcgn made their first contribution in #404
• @Lekensteyn made their first contribution in #414
• @enj made their first contribution in #416

Full Changelog: v1.3.2...v1.3.3

What's Changed

• oprf: Updating test vectors for VOPRF rc-rfc. by @armfazh in #388
• abe: Make golden files for cpabe. by @armfazh in #392
• abe: Improve test clarity by @tanyav2 in #393
• tkn20: change seed size for MAC key from 128->448 bits in accordance … by @tanyav2 in #394
• tss/rsa: Fixes RSA signature size. by @armfazh in #395
• Releasing v1.3.2 by @armfazh in #397

Full Changelog: v1.3.1...v1.3.2