From 16b1a323152dd90addc7aae98797077cfa171e20 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Fri, 13 Sep 2024 22:17:16 +0200 Subject: [PATCH] Bump version string; update release and security notes. Signed-off-by: Pravek Sharma --- CMakeLists.txt | 2 +- RELEASE.md | 14 +++++++------- SECURITY.md | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6973fbc5c..19b3cbc3f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_C_VISIBILITY_PRESET hidden) -set(OQS_VERSION_TEXT "0.10.2-dev") +set(OQS_VERSION_TEXT "0.11.0-rc1") set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}") set(OQS_MINIMAL_GCC_VERSION "7.1.0") set(CMAKE_EXPORT_COMPILE_COMMANDS ON) diff --git a/RELEASE.md b/RELEASE.md index 6d022bb3b..7201e1c61 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -liboqs version 0.10.0 +liboqs version 0.11.0-rc1 ===================== About @@ -28,20 +28,20 @@ liboqs can also be used in the following programming languages via language-spec Release notes ============= -This is version 0.10.0 of liboqs. It was released on March 20, 2024. +This is release candidate 1 of version 0.11.0 of liboqs. It was released on September 13, 2024. -This release adds support for ML-KEM (previously known as CRYSTALS-Kyber) and ML-DSA (previously known as CRYSTALS-Dilithium), based on the initial public drafts of [FIPS 203](https://csrc.nist.gov/pubs/fips/203/ipd) and [FIPS 204](https://csrc.nist.gov/pubs/fips/204/ipd), respectively. OQS continues to support the NIST Round 3 versions of Kyber and Dilithium for interoperability purposes. This release additionally updates HQC to the NIST Round 4 version and adds support for fixed-length Falcon signatures. +This release updates ML-KEM implementations to their [final FIP 203](https://csrc.nist.gov/pubs/fips/203/final) versions (OQS continues to support NIST Round 3 version of Kyber for interoperability purposes). Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1](https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures) along with stateful hash-based signature schemes [XMSS](https://datatracker.ietf.org/doc/html/rfc8391) and [LMS](https://datatracker.ietf.org/doc/html/rfc8554). Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). What's New ---------- -This release continues from the 0.9.2 release of liboqs. +This release continues from the 0.10.1 release of liboqs. ### Key encapsulation mechanisms -- BIKE: Updated portable C implementation to include constant-time fixes from upstream. -- HQC: Updated to NIST Round 4 version. -- ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024. +- Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from [libjade](https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2). +- ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version. +- Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer. ### Digital signature schemes diff --git a/SECURITY.md b/SECURITY.md index 27f816db3..ae4c0e983 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,12 +4,12 @@ We only support the most recent release. -Using any code prior to 0.9.2 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.9.2). +Using any code prior to 0.10.1 is strongly discouraged due to a [known security vulnerability in Kyber](https://github.com/open-quantum-safe/liboqs/releases/tag/0.10.1). | Version | Supported | | ------- | ------------------ | -| 0.10.0 | :white_check_mark: | -| < 0.10 | :x: | +| 0.11.0 | :white_check_mark: | +| < 0.11 | :x: | ## Reporting a Vulnerability Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).