Most of the primitives (mathematical functions)
libpqcrypto are new.
For quantitative and qualitative security analysis,
see the individual submission packages,
and watch NIST's
There could be security problems in
even if all the proposed primitives achieve their security goals.
Most of the software in
libpqcrypto is new
and has not been audited.
- There could be software bugs that result in the software computing different functions from the proposals, and these differences could destroy security.
- The command-line tools have additional code (input, output, KEM-DEM hybrids, etc.)~and have not been audited.
- Some of the software has data-dependent branches and data-dependent array indices, presumably leaking secrets through timings.
New projects in high-assurance cryptographic software
are working towards engineering a new generation of software
with formally verified guarantees
of constant-time behavior and full functional correctness.
Future updates to
libpqcrypto will take advantage of this.
Version: This is version 2018.03.14 of the "Warnings" web page.