Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support deterministic key generation #447

Open
knightcode opened this issue Jul 3, 2024 · 12 comments
Open

Support deterministic key generation #447

knightcode opened this issue Jul 3, 2024 · 12 comments
Assignees
@SWilson4
Labels
enhancement New feature or request

Comments

@knightcode
Copy link

Is it possible to pass an EVP_RAND instance to be used in the key generation calls? Could it potentially be possible?
@knightcode knightcode added the question No code change required label Jul 3, 2024
@dstebila
Copy link
Member

dstebila commented Jul 3, 2024

Is your goal to do deterministic key generation? Or do you want to ensure that oqs-provider is using a particular RNG?

@knightcode
Copy link
Author

I can imagine both needs, but mine is the former (deterministic key gen). I would like to achieve it in a thread-safe, localized way that doesn't have a chance of bleeding into other operations.

@dstebila
Copy link
Member

dstebila commented Jul 4, 2024

I can imagine both needs, but mine is the former (deterministic key gen). I would like to achieve it in a thread-safe, localized way that doesn't have a chance of bleeding into other operations.

We don't yet have a thread-safe way of deterministic key gen or encapsulation in liboqs, and thus can't do it in oqs-provider either. There's an issue tracking that functionality; there was someone working on it, but I think that work has stalled over the summer.

@knightcode
Copy link
Author

Looks like stalled last year. I could maybe pick it up if I get some time from my company, but I'd need some direction.

@SWilson4
Copy link
Member

SWilson4 commented Jul 9, 2024

Looks like stalled last year. I could maybe pick it up if I get some time from my company, but I'd need some direction.

Hi @knightcode, we do have somebody actively working on it. As Douglas wrote, development has slowed down recently due to the developer's other commitments, but the feature is on the horizon.

@baentsch
Copy link
Member

@SWilson4 would it be sensible then to assign this issue to this person so everyone immediately sees this issue as being worked on?

@SWilson4 SWilson4 changed the title Can we use an EVP_RAND instance? Support deterministic key generation Jul 15, 2024
@SWilson4
Copy link
Member

@SWilson4 would it be sensible then to assign this issue to this person so everyone immediately sees this issue as being worked on?

Good call---I tried just now, but the developer (@Eddy-M-K) isn't actually part of any of our GitHub teams, so I don't believe I can assign him issues. I assigned the liboqs issue to myself as I'm overseeing the work. I don't actually know the required steps/effort to lift the future deterministic keygen functionality from liboqs into the provider, but for now I've assigned this one to myself as well to reflect that it is at least in the pipeline pending ongoing work. I also took the liberty of renaming this issue to reflect the discussion after the initial question.

@SWilson4 SWilson4 self-assigned this Jul 15, 2024
@SWilson4 SWilson4 added enhancement New feature or request and removed question No code change required labels Jul 15, 2024
@baentsch
Copy link
Member

I don't actually know the required steps/effort to lift the future deterministic keygen functionality from liboqs into the provider

Well, that depends a bit on the API that liboqs will make available for that. When in draft PR status, let's discuss if you didn't already find a good spot to add it yourself (most likely in the init routines of the provider).

@baentsch
Copy link
Member

Second thought: Would this have to be part of oqsprovider setup at all? The way I read the discussion it seems to be more sensible to make this a feature of liboqs which oqsprovider then simply "inherits" (if/when activated). What's your current design for activating this @SWilson4 ?

@SWilson4
Copy link
Member

Second thought: Would this have to be part of oqsprovider setup at all? The way I read the discussion it seems to be more sensible to make this a feature of liboqs which oqsprovider then simply "inherits" (if/when activated). What's your current design for activating this @SWilson4 ?

A draft PR exposing ML-KEM's derandomized API is now up in liboqs. How about we discuss the best way to bring this into the provider (if at all) over there?

@baentsch
Copy link
Member

baentsch commented Aug 8, 2024

How about we discuss the best way to bring this into the provider (if at all) over there?

Good with me. But I'm not seeing any replies to my questions there. Vacation time or bad questions? FWIW, I'll be "on the road" myself again next week and probably not responding then. If we ought to best talk in person, please suggest time and place the week of Aug 19, @SWilson4 .

@SWilson4
Copy link
Member

SWilson4 commented Aug 8, 2024

How about we discuss the best way to bring this into the provider (if at all) over there?

Good with me. But I'm not seeing any replies to my questions there. Vacation time or bad questions? FWIW, I'll be "on the road" myself again next week and probably not responding then. If we ought to best talk in person, please suggest time and place the week of Aug 19, @SWilson4 .

Final exams and vacation time for the Waterloo undergrad student who contributed the PR and a lack of coordination on my part. I'll get back to you over there shortly!

@baentsch baentsch mentioned this issue Aug 9, 2024
Draft
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SWilson4 SWilson4

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@knightcode @dstebila @SWilson4 @baentsch