ISARA Radiate Security Solution Suite Signature Edition 1.5
The ISARA Radiate Security Solution Suite provides a set of cryptographic primitives that let you develop software resistant to attacks by quantum computers. These primitives include:
-
Hash algorithms:
-
BLAKE2b (256 bit and 512 bit)
-
SHA2 (Secure Hash Algorithm 2; 256 bit, 384 bit and 512 bit)
-
SHA3 (Secure Hash Algorithm 3; 256 bit and 512 bit)
-
-
Message authentication codes:
-
HMAC (Hash based Message Authentication Code)
-
Poly1305
-
-
Random number generators:
-
HMAC-DRBG (HMAC Deterministic Random Bit Generator)
-
SHAKE (128 bit and 256 bit)
-
-
Digital signature schemes:
-
Dilithium
-
HSS (Hierarchical Signature Scheme)
-
Rainbow
-
XMSS (eXtended Merkle Signature Scheme)
-
-
Symmetric cipher:
-
ChaCha20 symmetric
-
Change Log
This is the first release of the Signature Edition.
Changes Since 1.4
New features:
-
HSS and XMSS now support the BDS tree strategy, resulting is significantly smaller private keys and a separate state at the cost of more processing time during
Sign()
operations. There’s also a verify-only strategy for efficiently verifying signatures. -
HSS and XMSS now support detaching subsets of the private key’s state; this lets you split the range of one-time signatures. Refer to the Developer’s Guide for details.
-
Rainbow now supports six variants.
-
The library now supports a watchdog callback for long-running operations.
-
Library version information is now exposed in
iqr_version.h
, and a function has been added to verify that your library matches the headers you’re using. Theversion
sample demonstrates this. -
Hash: SHA2-384
Changed features:
-
The signature scheme formerly known as LMS is now HSS, and is compatible with the IETF draft. Currently only one level of hyper-tree is supported.
-
HSS implementation updated to version 13 of the IETF draft specification.
-
XMSS is now compatible with the IETF RFC.
-
HSS and XMSS now manage their own state rather than requiring the user to manage an index. This state needs to be stored safely after every
Sign()
operation (or everyDetach()
operation if you’re splitting state). -
Rainbow key generation is now significantly faster.
-
Several algorithms have been updated to be compatible with the NIST competition submissions: Dilithium, Rainbow
Contents
The toolkit is organized into several directories:
-
doc
— API documentation (doc/library/index.html) and Developer’s Guide (doc/guide/guide.html). -
include
— toolkit headers. -
one or more
lib_cpu
directories — toolkit static and shared libraries optimized for the given CPU family. -
samples
— Sample programs demonstrating how to use the toolkit.
Getting Help
The latest version of the toolkit documentation is available on ISARA’s website:
-
ISARA Radiate Security Solution Suite Signature Edition 1.5 API documentation
-
ISARA Radiate Security Solution Suite Signature Edition 1.5 Developer’s Guide
-
1-877-319-8576 Toll-free (please refer to your support contract)
For information about reporting security issues, please read the SECURITY document.
Using the Toolkit
After unpacking the toolkit archive, you can start using it by adding the following command-line arguments to your compiler:
-I/path/to/isara_toolkit/include \
-L/path/to/isara_toolkit/lib_cpu \
-liqr_toolkit_signature
where cpu is one of the available CPUs in your archive. For
example, the linux
archive includes these versions of the libraries:
-
lib_core2
- Intel Core 2 CPUs -
lib_sandybridge
- Intel Sandybridge CPUs -
lib_skylake
- Intel Skylake CPUs -
lib_x86-64
- 64 bit AMD and Intel CPUs
Note
|
If you’re linking against the shared library, you will need to link against
the math library (-lm option).
|
If you require a version of the library tuned for a specific CPU, please contact ISARA’s sales team.
Building the Samples
Note
|
Before building the samples, copy one of the CPU-specific versions of the
toolkit libraries into a lib directory. For example, to build the samples
for Intel Core 2 or better CPUs, copy the contents of lib_core2 into lib .
|
To build the samples:
cd /path/to/isara_toolkit/samples/algorithm/sample_name
cmake .
make
For more details and tool requirements, please refer to the Developer’s Guide (doc/guide/guide.html) documentation.
Note
|
Don’t build the samples on macOS using gcc 8, they will crash before main()
due to a problem with -fstack-protector-all . Use clang to produce Mac
binaries.
|
System Requirements
Recommended:
-
Android 7.0 (Nougat) or newer (API level 24 or higher)
-
iOS 10 or newer
-
Linux (Ubuntu 16.04 LTS or newer, CentOS 7 or newer; 64 bit platforms)
-
macOS 10.11 or newer
-
Windows 10 (64 bit platforms)
Minimum:
-
Android 6.0 (Marshmallow) or newer (API level 23 or higher)
-
iOS 8.1 or newer
-
Linux (Ubuntu 14.04 LTS or newer, Debian 8 or newer; 64 bit platforms)
-
macOS 10.10 or newer
-
Windows 7 or newer (32 bit and 64 bit platforms)
Supported CPUs by OS:
-
Android: x86, x86_64, armeabi-v7a, arm64-v8a
-
iOS: x86, x86_64, armv7, armv7s, arm64
-
Linux: x86_64, core2, sandybridge, skylake, 32 bit powerpc
-
macOS: x86_64, core2, sandybridge, skylake
-
Windows: x86_64, core2, sandybridge, skylake
Additional CPU-specific builds can also be created on demand; please contact ISARA’s sales team.
Legal
The ISARA Radiate Security Solution Suite is licensed for use:
Copyright © 2015-2018, ISARA Corporation, All Rights Reserved.
The code and other content set out herein is not in the public domain, is considered a trade secret and is confidential to ISARA Corporation. Use, reproduction or distribution, in whole or in part, of such code or other content is strictly prohibited except by express written permission of ISARA Corporation. Please contact ISARA Corporation at info@isara.com for more information.
Sample code (and only the sample code) is covered by the Apache 2.0 license:
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.