v1.0.1

• fix: Kyber keygen - add LC_KYBER_K to initial hash (change is only relevant when storing keys as seed and for interoperability)

• fix: Dilithium keygen - add dimensions K and L (change is only relevant when storing keys as seed and for interoperability)

• small performance improvements for hasher apps

v1.0.0

• enhancement: add Doxygen support - it is automatically compiled if Doxygen is present

• enhancement: add Dilithium-ED25519 stream mode operation (i.e. init/update/final)

• due to the Dilithium-ED25519 stream mode support, the Dilithium-ED25519 now used ED25519ph signature algorithm mode

• Dilithium API change: the stream mode uses struct lc_dilithium_ctx instead of lc_hash_ctx to reflect the newly added Dilithium-ED25519 API - the lc_dilithium_ctx can be allocated on the stack or heap using LC_DILITHIUM_CTX_ON_STACK or lc_dilithium_ctx_alloc

• enhancement: add Dilithium-ED25519 as Linux kernel akcipher algorithm

• enhancement: make Kyber-X25519 as Linux kernel kpp algorithm consistent with the standalone Kyber kpp implementation and add a tester

• seeded_rng: when using the ESDM as entropy source, use DRBG without prediction resistance. When having heavy respawning of applications, using the PR DRBG will strain the entropy source significantly.

• Dilithium: add edge case tests as referenced by https://github.com/usnistgov/ACVP/pull/1525.patch and https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/G8Zf0hC-uu0/m/Kb3qNJb0AwAJ

v0.11.0

• security fix: fix possible leak of message in Kyber

• Kyber: reduce memory footprint, use common lc_memcmp_secure API

• Ascon-Keccak: include the tag length into the IV and thus implicitly authenticate the tag length (thanks to Markku-Juhani Saarinen to suggest this)

• Kyber: change standard API such that caller can select Kyber type

• Dilithium: change standard API such that caller can select Dilithium type

• security: addition of Timecop and instrumentation of tests to find side-channels

• enhancement: add Linux kernel crypto API support for Ascon / Ascon-Keccak

• fix: performance of seeded RNG by setting reseed threshold to 1MB

• fix: Linux kernel warning on return thunk

• enhancement: add ASM ARMv7 and ARMv8 implementation for X25519

• enhancement: add Ascon support for XDRBG

• enhancement: performance increase for XDRBG256

• enhancement: add ED25519ph to support Dilithium hybrid init/update/final handling

v0.10.1

• enhancement: Linux kernel - Kyber: allow parallel compilation of all Kyber types including all optimizations

• enhancement: Linux kernel - Dilithium: allow parallel compilation of all Dilithium types including all optimizations

• add additional hardening compiler flags stipulated by openssf.org

v0.10.0

• enhancement: add Sponge APIs

• enhancement: add Ascon Keccak 512 and 256

• update AEAD: add lc_aead_enc|dec_init and change all AEAD algo's tag calculation to now perform MAC(AAD || ciphertext) instead of MAC(ciphertext || AAD) - this brings it in line with all AEAD algorithms

• enhancement: add Ascon AEAD 128 and 128b

• rename API lc_shake to lc_xof

• enhancement: add Ascon Hash 128 and 128a

• enhancement: add Ascon XOF and XOFa

• enhancement: add Ascon 128/128a hasher apps

• large data tests can now execute on small systems by using smaller memory sizes

• remove riscv64 hash assembler directory: it is a duplicate of the riscv32 assembler code

• Kyber 768: Add AVX2, ARMv8, ARMv7 support

• Dilithium 65: Add AVX2, ARMv8, ARMv7 support

• Enable compilation of Kyber 1024, Kyber-768 and Kyber-512 at the same time (APIs starting with lc_kyber_768/lc_kex_768 refer to Kyber-768, APIs starting with lc_kyber_512/lc_kex_512 refer to Kyber-512, all others refer to Kyber-1024)

• Enable compilation of Dilithium 87, Dilithium-65 and Dilithium-44 at the same time (APIs starting with lc_dilithium_65 refer to Dilithium-768, APIs starting with lc_dilithium_44 refer to Dilithium-44, all others refer to Dilithium-87)

• enhancement: Windows is now supported as target platform using the MINGW compiler with full acceleration support

• Dilithium: update SampleInBall implementation following https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/y8ul-ZcVWI4 - implementation is fully checked against NIST ACVP Demo server

v0.9.2

• fix: update "reduce memory footprint of Keccak state" to handle big-endian systems

• enhancement: Seed the lc_seeded_rng with (random.c || Jitter RNG)

v0.9.1

• fix: move XOR-256 memory definitions to lc_memory_support.h as otherwise compilation of external applications and libraries fail due to missing xor256.h

v0.9.0

• enhancement: X/ED25519: enable 128 bit mode on Intel for both, kernel and user space

• add Rust binding support

• enhancement: reduce memory footprint of Keccak state

• enhancement: add cSHAKE re-init support

• fix: KMAC-AEAD / cSHAKE-AEAD - ensure proper re-initialization

• enhancement: add RISC-V 64 bit Keccak - currently disabled due to a bug

• enhancement: compile Dilithium ARMv8 support in Linux kernel (excluding the SIMD Keccak operation)

• fix: fix ARM-CE detection logic

• fix: potential Kyber side channel

• fix: KMAC min MAC size is 32 bits

• enhancement: use accelerated XOR for KMAC/cSHAKE AEAD

• fix: enable poly_compress_avx for Linux kernel compilation when GCC >= 13 is present

• enhancement: add interface code to register leancrypto with Linux kernel crypto API

v0.8.0

• enhancement: add applications

• enhancement: add Dilithium ARMv8 support (including SHAKE 2x ARMv8 support)

• enhancement: add Dilithium ARMv7 support

• enhancement: add Kyber ARMv7 support

• reduce memory footprint of Dilithium and Kyber

• enhancement: Add Kyber-X25519 KEM, KEX, and IES

• enhancement: Add Dilithium-ED25519

• hardening: use -fzero-call-used-regs=used-gpr if available to counter ROP
  attacks

• fix: Add fork-detection for seeded_rng

• update XDRBG256 implementation based on latest draft

v0.7.0

• enhancement: add XDRBG256 - the SHAKE256-based DRNG discussed for SP800-90A
  inclusion (almost idential to cSHAKE/KMAC DRNG specified with leancrypto)

• enhancement: add SymKMAC AEAD algorithm - it uses 100 bytes less context than
  SymHMAC (it is less than 1024 bytes now), uses accelerated Keccak for KDF and
  authentication but is otherwise identical to SymHMAC

• Kyber: switch responder and initiator definitions

• enhancement: add ESDM seed source to seed lc_seeded_rng

• editorial: reformat code using clang-format and provided configuration file

• Dilithium: Update implementation to match FIPS 204 (draft from Aug 24, 2023)

• Kyber: Update implementation to match FIPS 203 (draft from Aug 24, 2023)

• enhancement: Dilithium and Kyber security strengths are selectable via Meson options

• Kyber KEM: Update shared secret KDF (as the KDF is now removed from FIPS 203,
  it can be adjusted to be more performant and consistent with SP800-108)

• Kyber KEX: Updated shared secret KDF to use SP800-108 compliant KMAC KDF

• enhancement: Add input parameter validatino to Kyber as specified in FIPS 203

• enhancement: consolidate all testing requiring an RNG to use selftest_rng

Full Changelog: v0.6.0...v0.7.0