Журнал обновлений
2020-03-11
v1.0
Release notes
Client API
• Sphincs+ OpenSSL ENGINE removed from the PQLR package.

Documentation
• Update install instructions, metadata, and documentation location in the Windows package.
2020-01-21
v0.19
Release notes
Bugfix
• PQLR could be used in third-party CMake project out of box.
2019-12-27
v0.18
Release notes
Security
• Entropy source usage was streamlined to avoid potential errors.

Documentation
• Publish benchmarking methodology.
2019-12-02
v0.17
Release notes
Security
• Fixed potential timing attack vector in newhope_initiator_finalize.
2019-11-11
v0.16
Release notes
Client API
• Each enumeration contains _LAST field to improve enumerations handling.

Perfomance
• Benchmark results were refined.

Bugfix
• SPHINCS+ engine package structure was changed to be operable out of box.

Documentation
• QA whitepaper was created.
• Package version added to documentation in the package.
• SPHINCS+ engine installation instructions were introduced.
2019-10-23
v0.15
Release notes
Client API
• Entropy source can be no longer set by user; the library will use /dev/urandom (on Linux) or CryptoAPI (on Windows).
• Public PQLR and algorithm instantiation functions return NULL if out of memory.
• OpenSSL with NewHope KEM and SPHINCS+ engine support in TLS was introduced.

Algorithms
• An implementation of XMSS^MT signing scheme was introduced.

Package
• OpenSSL source package with NewHope algorithm is available.
2019-10-01
v0.14
Release notes
Client API
• stunnel supports "SOCKS5 direct" pre-routing mode.
• TLS connection could be established within SPHINCS+ and release version of OpenSSL.

Bugfix
• Crash on TLS connection closing fixed.

Security
• Clarified correctness of DRBG algorithms: system sources of the entropy are only used to initialize internal random generators.
• NewHope integrity checks were improved.

Platforms
• OpenSSL fork is available for Windows.

Package
• OpenSSL engine moved to PQLR package.
2019-09-09
v0.13
Release notes
Client API
• Introduce XMSS cache.
• Clarify the purpose of random generators.
• SPHINCS+ now can be used as digital signature algorithm through OpenSSL EVP interface.
• Add optional SPHINCS+ OpenSSL engine to package.

Performance
• XMSS cache gives a huge impact on the performance of the sign method after the cache is initialized.
Cached vs not_cached performance:
- 0.01s vs 3.29s with sha256_h10 parameter set.
- 0.02s vs 5920.65s with gost256_h20 parameter set.

If the cache is enabled, cache initialization is performed on the first call of generate_keys or sign methods. The cache life cycle is the same as PQLR context life cycle. Cache size is determined by XMSS Merkle tree height (parameter h). With height 10 cache size is around 84 KB, with height 20 cache size is around 84 MB.

Security
• Securely erase buffers with sensitive data.

Documentation
• Update Doxygen documentation style.
2019-08-19
v0.12
Release notes
Client API
Sphincs+ OpenSSL engine usage example was introduced.

Performance
XMSS secret key length was reduced to 132 bytes for all parameter sets.
`newhope_initiator_prepare` 28% speedup.
`newhope_responder` 29% speedup.

Security
Initial CERT compliance code base check.
2019-07-30
v0.11
Release notes
Client API
`NEWHOPE_NUM_KEYBYTES` constant was converted to `newhope_get_keybytes_num()` getter.

Algorithms
Obsolete SPHINCS implementation was completely removed from code base.

Bugfix
Redundant quotes signs were removed from diagnostic messages.
2019-07-08
v0.10
Release notes
Platforms
Dirty NewHope KEM integration in OpenSSL 1_1_1 and TLS 1.3.
Unit and integration smoke tests passing on android armv7a.

Security
Possible crypto stream exhausting in `newhope_initiator_prepare` was fixed.

Performance
`newhope_responder` execution on reference hardware time was decreased on 1us.
`newhope_initiator_prepare` execution on reference hardware time was decreased on 20us for security reasons.

Package
More information about package configuration in its name.
Package contains meta-information with extended description of configuration.
2019-06-27
v0.9
Release notes
Client API
Naive XMSS signature scheme implementation.
Examples of PQLR common API usage.

Platforms
Initial android armv7a support.

Documentation
Fix misspellings.
Fix errors in code examples.

Package
OpenSSL is no longer required.
More information about package configuration in its name
Changelog in package.
2019-03-01
v0.8
Release notes
Client API
Algorithm configuration interfaces generalization.
Hide implementation detail.
Make interface more stable and sustainable for implementation details changes.

Security
Make NewHope more resistant to timing attacks.
Research that SPHINCS+ is sustainable for timing attacks by design.

Platforms
Initial win32/64 support.

Documentation
Fix misspellings.
Fix errors in code examples.

Performance
15% speedup of NewHope algorithm stages.
2019-01-22
v0.7
Release notes
Dependencies
OpenSSL version changed to 1.1.x.
2019-01-22
v0.6
Release notes
Client API
API generalization.

Algorithms
McEliece KEM prototype implemented.
2019-01-11
v0.5
Release notes
Client API
Update algorithm context with random generator config.

Algorithms
Fix NewHope reference differences.

Platforms
Port to MSVC.
Support for 32 and 64 bit systems.
2018-10-26
v0.4
Release notes
Client API
Support for single-library configuration.
Update CMake files in examples.
2018-10-18
v0.3
Release notes
Algorithms
GOST Streebog optimizations.
2018-10-17
v0.2
Release notes
Algorithms
Minor SPHINCS+ optimizations.
2018-10-15
v0.1
Release notes
Algorithms
NewHope key distribution initial implementation.
SPHINCS+ signature scheme initial implementation.