A CLI TaPaSCo runtime for Post-Quantum Cryptography PEs using libtapasco and the NIST PQC Program interface.

The PQC Software Reference Implementations require a recent GCC version (4.8.5 is not recent enough). This application was tested with GCC 10.3.0.

With stable Rust installed, running cargo build should be all (verified with Rust 1.56.1). Newer stable Rust versions should work but nightly builds are currently not possible due to a dependency of libtapasco failing to compile.

See the other repos in this group and their pipelines to download a bitstream.

Setup TaPaSCo and load the bitstream with your PEs, i.e. for testing Kyber on all levels:

tapasco-load-bitstream --reload-driver axi4mm-vc709--kyber2_enc_1_kyber2_dec_1_kyber3_enc_1_kyber3_dec_1_kyber4_enc_1_kyber4_dec_1--100.0.bit

This has been tested with Vivado 2020.2 and TaPaSCo 2021.1. If you cannot load a bitstream for the AU280, try Tapasco's develop branch that should contain fixes for the changed device name in Vivado 2020.2.

Then run the application with:

cargo run --release -- --name kyber_hls --level 1 kat

which should result in the following output:

Tests: 100, Ciphertext equals KAT: 100, Shared Secret equals KAT: 100.

This uses the verified NIST Known Answer Test Response (.rsp) files created with the reference software implementation and creates a file with the same name plus the .tapasco suffix that contains the outputs from the PEs and should be equal to the original file.

Verify this with i.e. diff which should output nothing and return 0 exit code:

$ diff PQCkemKAT_1632.rsp{,.tapasco}
$ echo $?
0

Additional details can be shown with a higher log level by setting the RUST_LOG environment variable to one of error, warn (default), info, debug and trace. The debug and trace levels are only available in debug builds (default for cargo build without --release). The individual test case results can be show with the info level:

RUST_LOG=info cargo run --release -- --name kyber_hls --level 1 kat

If the compilation fails because your GCC version is too old, install the devtools-10 with yum and source /opt/rh/devtoolset-10/enable and retry compilation with cargo build.

First make sure that you have loaded the correct bitstream successfully. Check dmesg for errors.

Then you can try the subcommands apply and verify to test a single PE where apply is the encapsulation for KEMs and sign for DSAs and verify is the decapsulation and verification respectively.

Make sure to run the application in release mode with cargo run --release ....