dkostic
commented
2 months ago I can confirm that AWS-LC's ML-KEM implementation successfully passes the KATs.
To check this I did the following:
- updated AWS-LC's ML-KEM-IPD implementation to conform with FIPS 203 FINAL (adding domain separation in key generation was the only thing needed),
- converted KATs to the form AWS-LC unit tests expect (AWS-LC expects the keygen coins
(d, z)as a single valued||z; also, AWS-LC usesencaps_coinsinstead ofmsg), - built the library and run:
./crypto/crypto_test --gtest_filter="All/PerKEMTest.KAT/MLKEM*" Note: Google Test filter = All/PerKEMTest.KAT/MLKEM* [==========] Running 3 tests from 1 test suite. [----------] Global test environment set-up. [----------] 3 tests from All/PerKEMTest [ RUN ] All/PerKEMTest.KAT/MLKEM512IPD [ OK ] All/PerKEMTest.KAT/MLKEM512IPD (83 ms) [ RUN ] All/PerKEMTest.KAT/MLKEM768IPD [ OK ] All/PerKEMTest.KAT/MLKEM768IPD (108 ms) [ RUN ] All/PerKEMTest.KAT/MLKEM1024IPD [ OK ] All/PerKEMTest.KAT/MLKEM1024IPD (159 ms) [----------] 3 tests from All/PerKEMTest (350 ms total)
[----------] Global test environment tear-down [==========] 3 tests from 1 test suite ran. (350 ms total) [ PASSED ] 3 tests.
I pushed the test to my fork of AWS-LC for posterity: https://github.com/aws/aws-lc/commit/81cb0215322f3d7764c8a27b4ec7749f06917557.
Note1: this is just a quick test in my fork of AWS-LC, I'll soon push a change to update AWS-LC itself.
Note2: that the implementation in AWS-LC was originally copied from the official Kyber repository (https://github.com/pq-crystals/kyber).
kriskwiatkowski
This PR contributes candidate KAT files for FIPS 203 FINAL (MLKEM), updated for the 13th August 2024 issue of FIPS 203.
The same random inputs, seeds, and messages are used as before.
New results were produced by the AWS LibMLKEM implementation. I hope verification of these results with other implementations will follow.