ISARA Radiate Security Solution Suite 1.4
The ISARA Radiate Security Solution Suite provides a set of cryptographic primitives that let you develop software resistant to attacks by quantum computers. These primitives include:
-
Hash algorithms:
-
BLAKE2b (256-bit and 512-bit)
-
SHA2 (Secure Hash Algorithm 2; 256-bit and 512-bit)
-
SHA3 (Secure Hash Algorithm 3; 256-bit and 512-bit)
-
-
Message authentication codes:
-
HMAC (Hash based Message Authentication Code)
-
Poly1305
-
-
Random number generators:
-
HMAC-DRBG (HMAC Deterministic Random Bit Generator)
-
SHAKE (128-bit and 256-bit)
-
-
Key derivation functions:
-
RFC-5869
-
NIST SP 800-56A Alternative 1 Concatenation
-
PBKDF2 (Password Based Key Derivation Function 2)
-
-
Digital signature schemes:
-
Dilithium
-
LMS (Leighton-Micali Signature)
-
Rainbow
-
XMSS (eXtended Merkle Signature Scheme)
-
-
Key agreement schemes:
-
ECDH (supporting NIST P256, P384, P521, and Curve25519)
-
LUKE (Lattice based Unique Key Establishment)
-
NewHope
-
SIDH (Supersingular Isogeny Diffie-Hellman)
-
-
Key encapsulation mechanisms:
-
Kyber
-
McEliece QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check)
-
NTRUPrime
-
-
Symmetric cipher:
-
ChaCha20 symmetric
-
Change Log
Changes Since 1.3
New features:
-
Digital signature scheme: XMSS
Change features:
-
Significantly faster SIDH implementation.
-
LMS implementation updated to version 8 of the IETF draft specification.
-
KDF APIs marked "Deprecated"; they’ll receive a "generic" KDF API (to allow streaming) in a future toolkit release.
Changes Since 1.2
New features:
-
Digital signature schemes: Dilithium, Rainbow
-
Hash: BLAKE2b (256-bit and 512-bit)
-
Key agreement schemes: ECDH, SIDH
-
Key encapsulation mechanisms: Kyber, McEliece QC-MDPC, NTRUPrime
-
FIPS 140 certification (Implementation Under Test as of 2017-07-07)
-
LMS now supports a tree height of 25.
-
iqr_HashRegisterCallbacks()
performs a known-answer test for BLAKE2b, SHA2, and SHA3 to make sure the specified implementation works as expected.
Changed features:
-
Tuned assembly language versions of some functions on supported processors. (ChaCha20 and SHA2-256 on x86-64 platforms.)
-
LMS now requires at least 64 bytes of digest for signing operations.
-
LMS implementation updated to version 7 of the IETF draft specification.
-
The
I
value ("identifier") in LMS parameters is now entirely internal, you don’t need to specify it when creating LMS parameter objects. -
Samples re-organized and now build with single
cmake
instead of a shell script. -
KDF APIs marked "Deprecated"; they’ll receive a "generic" KDF API (to allow streaming) in a future toolkit release.
Removed features:
-
McEliece QC-MDPC has been removed as an asymmetric encryption scheme.
-
The "BoringSSL" variant of NewHope has been removed, as it no longer exists in the wild.
-
The
iqr_LMSGetRemainingSignatureCount()
function has been removed.
Changes Since 1.1
-
NewHope’s
iqr_NewHopeGetResponderPublicKeyAndSecret
and LUKE’siqr_LUKEGetResponderPublicKeyAndSecret
now have proper camel case. -
HMAC now responds properly to error conditions.
-
LMS samples updated to support Height 15 trees.
Changes Since 1.0
-
LMS APIs marked "Deprecated" as they’ll be changing due to the latest IETF draft.
-
Hash implementations now have
initialize()
andcleanup()
methods. -
MACs (HMAC and Poly1305) now use a generic API similar to Hashes.
-
LMS IETF parameters and XDR encodings have been removed; they belong in a higher-level library. Removed
iqr_LMSCreateParamsIETF()
andiqr_LMSGetIETFTypes()
. -
iqr_LMSGetSignatureSize()
was changed toiqr_LMSGetSignatureComponentSizes()
, which is slightly different. -
iqr_LMSSign()
andiqr_LMSVerify()
APIs changed to reflect the removal of XDR encoding. -
LUKE and NewHope algorithms now have a simplified Responder API.
-
The RNG in
iqr_Context
has been removed, along with theiqr_RNGRegisterCallbacks()
function.iqr_RNGCreate()
now takes a callback structure directly. -
FreeBSD (versions 10 and 11) is now a supported platform.
-
Windows is now a supported platform.
Contents
The toolkit is organized into several directories:
-
doc
— API documentation (doc/library/index.html) and Developer’s Guide (doc/guide/guide.html). -
include
— toolkit headers. -
one or more
lib_cpu
directories — toolkit static and shared libraries optimized for the given CPU family. -
samples
— Sample programs demonstrating how to use the toolkit.
Getting Help
The latest version of the toolkit documentation is available on ISARA’s website:
-
1-877-319-8576 Toll-free (please refer to your support contract)
For information about reporting security issues, please read the SECURITY document.
Using the Toolkit
After unpacking the toolkit archive, you can start using it by adding the following command-line arguments to your compiler:
-I/path/to/isara_toolkit/include \
-L/path/to/isara_toolkit/lib_cpu \
-liqr_toolkit
where cpu is one of the available CPUs in your archive. For
example, the linux
archive includes these versions of the libraries:
-
lib_core2
- Intel Core 2 CPUs -
lib_sandybridge
- Intel Sandybridge CPUs -
lib_skylake
- Intel Skylake CPUs -
lib_x86-64
- 64-bit AMD and Intel CPUs
Note
|
If you’re linking against the shared library, you will need to link against
the math library (-lm option).
|
If you require a version of the library tuned for a specific CPU, please contact ISARA’s sales team.
Building the Samples
Note
|
Before building the samples, copy one of the CPU-specific versions of the
toolkit libraries into a lib directory. For example, to build the samples
for Intel Core 2 or better CPUs, copy the contents of lib_core2 into lib .
|
To build the samples:
cd /path/to/isara_toolkit/samples/algorithm/sample_name
cmake .
make
For more details and tool requirements, please refer to the Developer’s Guide (doc/guide/guide.html) documentation.
System Requirements
Recommended:
-
Android 7.0 (Nougat) or newer (API level 24 or higher)
-
iOS 10 or newer
-
Linux (Ubuntu 16.04 LTS or newer, Debian 9.1 or newer; 64-bit platforms)
-
macOS 10.11 or newer
-
Windows 10 (64-bit platforms)
Minimum:
-
Android 5.0 (Lollipop) or newer (API level 21 or higher)
-
iOS 8.1 or newer
-
Linux (Ubuntu 14.04 LTS or newer, Debian 8 or newer; 64-bit platforms)
-
macOS 10.10 or newer
-
Windows 7 or newer (32-bit and 64-bit platforms)
Supported CPUs by OS:
-
Android: x86, x86_64, armeabi-v7a, arm64-v8a
-
iOS: x86, x86_64, armv7, armv7s, arm64
-
Linux: x86_64, core2, sandybridge, skylake
-
macOS: x86_64, core2, sandybridge, skylake
-
Windows: x86, x86_64, core2, sandybridge, skylake
Additional CPU-specific builds can also be created on demand; please contact ISARA’s sales team.
Legal
The ISARA Radiate Security Solution Suite is licensed for use:
Copyright © 2015-2018, ISARA Corporation, All Rights Reserved.
The code and other content set out herein is not in the public domain, is considered a trade secret and is confidential to ISARA Corporation. Use, reproduction or distribution, in whole or in part, of such code or other content is strictly prohibited except by express written permission of ISARA Corporation. Please contact ISARA Corporation at info@isara.com for more information.
Sample code (and only the sample code) is covered by the Apache 2.0 license:
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.