qTESLA is a software library written in the C language that contains efficient and compact implementations of the lattice-based digital signature scheme qTESLA [1].
qTESLA is a family of provably-secure signature schemes based on the hardness of the decisional ring learning with errors (R-LWE) problem that is conjectured to be secure against quantum computer attacks.
Concretely, the qTESLA library includes the following provably-secure qTESLA schemes:
- qTESLA-p-I: matching the post-quantum security of AES128.
- qTESLA-p-III: matching the post-quantum security of AES192.
The library was developed by Microsoft Research using as basis the qTESLA implementation
developed by the qTESLA team and submitted to NIST's Post-Quantum Cryptography Standardization process [2].
Available implementations:
Portable implementation for provably-secure qTESLA
: portable implementation of provably-secure qTESLA for 32-bit and 64-bit platforms.AVX2-optimized implementation for provably-secure qTESLA
: optimized implementation of provably-secure qTESLA for x64 platforms using AVX2 instructions.
Each of the implementation folders above contains:
- KAT folder: known answer tests for 32-bit and 64-platforms.
- random folder: randombytes function using the system random number generator.
- sha3 folder: implementation of SHAKE and cSHAKE.
- tests folder: test files for KATs, functionality and benchmarking.
- Visual Studio folder (portable implementation): Visual Studio 2015 files for compilation in Windows.
- Makefile: Makefile for compilation using the GNU GCC or clang compilers on Linux.
- README.md: readme file for each implementation.
- Source and header files.
Other files:
- Supports two security levels matching the post-quantum security of AES128 and AES192.
- Protected against timing and cache-timing attacks through regular, constant-time implementation of all operations on secret key material.
- Protected against some simple but powerful fault attacks; see [1] for more details.
- Support for Windows OS using Microsoft Visual Studio and Linux OS using GNU GCC and clang.
- Includes portable-C implementations with support for a wide range of platforms including x64, x86 and ARM.
- Includes AVX2-optimized implementations for x64 platforms running Linux.
- The hash of the public key is included during the signature computation to protect against Key Duplication (KS) attacks; see [1] for more details.
qTESLA v1.0 is supported on a wide range of platforms including x64, x86 and ARM devices running Windows or Linux OS. We have tested the library with Microsoft Visual Studio 2015, GNU GCC v7.2, and clang v3.8. See instructions below to choose an implementation option and compile on one of the supported platforms.
Choose one of the available implementations and follow the instructions in the corresponding README.md file.
This software is licensed under the MIT License; see License
for details.
It includes some third party modules that are licensed differently. In particular:
sha3/fips202.c
: public domainsha3/fips202x4.c
: public domainsha3/keccak4x
: all files in this folder are public domain (CC0), exceptingsha3/keccak4x/brg_endian.h
which is copyrighted by Brian Gladman and comes with a BSD 3-clause license.tests/ds_benchmark.h
: public domaintests/PQCgenKAT_sign.c
: copyrighted by Lawrence E. Basshamtests/PQCtestKAT_sign.c
: copyrighted by Lawrence E. Basshamtests/rng.c
: copyrighted by Lawrence E. Bassham
[1] Erdem Alkim, Paulo S. L. M. Barreto, Nina Bindel, Juliane Kramer, Patrick Longa, and Jefferson E. Ricardini. The lattice-based digital signature scheme qTESLA. Applied Cryptography and Network Security – ACNS 2020 (to appear), 2020.
The preprint version is available here
.
[2] Nina Bindel, Sedat Akleylek, Erdem Alkim, Paulo S. L. M. Barreto, Johannes Buchmann, Edward Eaton, Gus Gutoski, Juliane Kramer, Patrick Longa, Harun Polat, Jefferson E. Ricardini, and Gustavo Zanon. Submission to NIST's post-quantum standardization project: lattice-based digital signature scheme qTESLA. https://qtesla.org/
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.