Add feature branch for PQ work

[nhorman]

Requesting a feature branch for ML-KEM PQ feature work: Branch name: feature/pq Issue link: #643 Completion: expected to land in 3.5 Resources: @baentsch Notes: This work is constrained to the creation of the ML-KEM algorithm, others to follow once this feature is merged

[mattcaswell]

+1 from Foundation.

Just a question - since this is restricted to ML-KEM only at this stage would a better branch name be "feature/ml-kem"?

[baentsch]

since this is restricted to ML-KEM only at this stage would a better branch name be "feature/ml-kem"

no objection from my side, even though one part of the work should be a generic Hybrid KM/KEM/SIG component (initially to be instantiated for X25519MLKEM768 & P256MLKEM768, but with conceptual support for any combination of EVP_PKEY keys and operations as per https://github.com/openssl/private/issues/647#issuecomment-2393091929

[mattcaswell]

no objection from my side, even though one part of the work should be a generic Hybrid KM/KEM/SIG component (initially to be instantiated for X25519MLKEM768 & P256MLKEM768, but with conceptual support for any combination of EVP_PKEY keys and operations as per https://github.com/openssl/private/issues/647#issuecomment-2393091929

Yes - that's fine. I don't see that as a problem. I'm just anticipating future "feature/ml-dsa" and "feasture/slh-dsa" branches (so creating "feature/pq" which only actually covers ml-kem doesn't seem quite right).

[baentsch]

so creating "feature/pq" which only actually covers ml-kem doesn't seem quite right

At least my intent is to pursue MLDSA and SLHDSA in parallel to MLKEM -- if this warrants different feature branches, then I'd suggest adding those, too. If all could be done on one (such as for cherry-picking at merge to master), also good with me.

[t8m]

We do not want to do cherry-picking selected commits when merging. This would be very much error-prone.

[baentsch]

We do not want to do cherry-picking selected commits when merging. This would be very much error-prone.

ACK. Then three feature branches.

[mattcaswell]

+1 from me for the creation of 3 feature branches:

feature/ml-kem feature/ml-dsa feature/slh-dsa

[t8m]

feature/ml-kem branch created.

@baentsch let me know when you will need the other branches.

[baentsch]

feature/ml-kem branch created.

Thanks! Is there any guidance as to what one (I?) have to do to keep this "close" to master?

let me know when you will need the other branches.

@t8m if there is no undue cost associated with creating/maintaining them (? -- see question above) I'd be glad to get them right away. The code for them is arguably easier to do than the stuff for mlkem (no hybrid for now, no C++).

[t8m]

Thanks! Is there any guidance as to what one (I?) have to do to keep this "close" to master?

Actually nothing on you to do (at least for now, until you have a committer status).

[t8m]

@t8m if there is no undue cost associated with creating/maintaining them (? -- see question above) I'd be glad to get them right away. The code for them is arguably easier to do than the stuff for mlkem (no hybrid for now, no C++).

Well, I would open these branches as soon as you have something substantial to commit there. To avoid them being unnecessarily behind the master branch.

[t-j-h]

+1 from me for the creation of 3 feature branches:

feature/ml-kem feature/ml-dsa feature/slh-dsa

+1 from corporation for those three feature branches too (that seemed to have been missed)

[mattcaswell]

I have created the feature/slh-dsa branch.

@slontis

[slontis]

Thanks..

[slontis]

Can ML-DSA also be added please.

[baentsch]

Can ML-DSA also be added please.

Any chance we can talk sometime? I also started work on this but wonder whether I'm on the right track...

[slontis]

Yep.. I was trying to get the SLH-DSA one fairly close to being done first.. The encoder/decoder part is slowing me down.

[baentsch]

Yep.. I was trying to get the SLH-DSA one fairly close to being done first.. The encoder/decoder part is slowing me down.

The encoder/decoder part took me about 6 months in oqsprovider.... :-/