Use other providers' functionality #631
Comments
|
If I'm understanding correctly, the problem seems to stem from the fact that oqs-provider is kind of doing two things: providing implementations of PQ algorithms to OpenSSL at the algorithm level, and also providing implementations of PQ and hybrid constructions above the algorithm level (e.g., as TLS key exchange groups, as composite signatures, etc.). For that second purpose, the point is for people to be able to reuse the code oqs-provider has created for PQ & hybrid constructions above the algorithm level with PQ algoritms provided by other providers. Have I understood correctly? |
|
(Conceptually) Yes and (code wise) No: There is no clean separation between (functionalities making available to EVP and TLS) pure PQC algs and hybrid/composite ones. The only "true, separate" layer is the OQS API of liboqs. |
Triggered by the discussion here this is to suggest adding a feature to allow
oqsproviderto utilize other providers' PQC implementation(s) to deliver its hybrid/composite functionality.Advantage: Use of (non-)functional properties of other providers for specific PQC algorithms, e.g., FIPS certification.
Disadvantage: Breaks dependence from
liboqs-- a more logical way (retaining current design) would be to utilize the OpenSSL integration inliboqsto integrate externally provided PQC algs (as already discussed for SLH-DSA).The text was updated successfully, but these errors were encountered: