Stories with Tag standardization

• NIST selects HQC as fifth algorithm for post-quantum encryption

  permalink

  Posted: 2025-03-11 14:44:44

  Verbose tl;dr

  NIST has chosen HQC (Hamming Quasi-Cyclic) as the fifth and final public-key encryption algorithm to standardize for post-quantum cryptography. HQC, based on code-based cryptography, offers small public key and ciphertext sizes, making it suitable for resource-constrained environments. This selection concludes NIST's multi-year effort to standardize quantum-resistant algorithms, adding HQC alongside the previously announced CRYSTALS-Kyber for general encryption, CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. These algorithms are designed to withstand attacks from both classical and quantum computers, ensuring long-term security in a future with widespread quantum computing capabilities.

  The National Institute of Standards and Technology (NIST) has announced the selection of a fifth and final public-key encryption algorithm to be standardized as part of its ongoing effort to prepare for the era of quantum computing. This newly chosen algorithm, called HQC (Hamming Quasi-Cyclic), will join four others previously selected in July 2022—CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+—in providing robust cryptographic defenses against the potential threat posed by future quantum computers capable of breaking current encryption standards.

  HQC, developed by a multinational team of researchers, is a code-based cryptosystem that relies on the hardness of decoding random linear codes. It stands out for its comparatively small public key and ciphertext sizes, which are deemed advantageous for constrained environments with limited resources. This makes it particularly suitable for applications in devices with restricted memory or bandwidth, such as embedded systems or Internet of Things (IoT) devices.

  The selection of HQC rounds out NIST's post-quantum cryptography standardization project, covering both public-key encryption and digital signatures. CRYSTALS-Kyber, also chosen for public-key encryption, offers strong security and performance characteristics. The other three algorithms address digital signatures: CRYSTALS-Dilithium as the primary algorithm, FALCON for applications requiring smaller signatures, and SPHINCS+ as a backup based on different mathematical principles to diversify security in case unexpected vulnerabilities are discovered in the other algorithms.

  NIST emphasizes the importance of transitioning to these post-quantum cryptography algorithms as soon as practicable. While large-scale quantum computers capable of breaking current encryption are not yet a reality, the standardization process is a proactive measure to ensure a smooth and timely migration to quantum-resistant cryptography. NIST is developing draft standards for all five selected algorithms, with public comment periods planned. The final standards are expected to be published in 2027. This lengthy lead time is intended to give organizations ample opportunity to assess their cryptographic needs, select appropriate algorithms, and implement and test the new standards before any potential threat from quantum computers materializes. NIST encourages organizations to begin preparing for the transition now, including inventorying their cryptographic systems and developing migration plans.

  • NIST
  • Post-quantum cryptography
  • PQC
  • Encryption
  • HQC
  • Cryptography
  • Cybersecurity
  • Quantum Computing
  • Algorithm
  • standardization

  Summary of Comments ( 80 )
  https://news.ycombinator.com/item?id=43332944

  Verbose tl;dr

  HN commenters discuss NIST's selection of HQC, expressing surprise and skepticism. Several highlight HQC's vulnerability to side-channel attacks and question its suitability despite its speed advantages. Some suggest SPHINCS+ as a more robust, albeit slower, alternative. Others note the practical implications of the selection, including the need for hybrid approaches and the potential impact on existing systems. The relatively small key and ciphertext sizes of HQC are also mentioned as positive attributes. A few commenters delve into the technical details of HQC and its underlying mathematical principles. Overall, the sentiment leans towards cautious interest in HQC, acknowledging its strengths while emphasizing its vulnerabilities.

  The Hacker News post titled "NIST selects HQC as fifth algorithm for post-quantum encryption" has generated a moderate number of comments discussing various aspects of the announcement. Several compelling threads of conversation emerge.

  One key area of discussion revolves around the surprise selection of HQC, a code-based cryptosystem, given its perceived vulnerabilities to side-channel attacks. Commenters express concern about the practicality and security of deploying HQC in real-world scenarios where side-channel attacks are a significant threat. Some question NIST's decision-making process and wonder if the selection criteria adequately weighed these security concerns. Comparisons are made to other code-based systems, and the potential implications for the broader post-quantum cryptography landscape are debated.

  Another significant topic is the performance characteristics of HQC, particularly its relatively large public key size. Commenters discuss the challenges of managing and transmitting such large keys, especially in resource-constrained environments. The potential impact on network bandwidth and storage requirements is also considered. Some commenters speculate on the feasibility of optimizing HQC implementations to mitigate these performance limitations.

  The standardization process itself is also subject to scrutiny. Commenters discuss the complexities of evaluating and selecting post-quantum cryptographic algorithms, highlighting the inherent trade-offs between security, performance, and implementation complexity. The long-term implications of standardization are considered, with some expressing concerns about the potential for future vulnerabilities and the need for ongoing research and development in this area.

  Finally, some comments delve into the technical details of HQC, explaining its underlying principles and comparing it to other post-quantum cryptographic approaches. These comments provide valuable insights for those seeking a deeper understanding of the algorithm and its place within the broader field of post-quantum cryptography. There's also a discussion of the ongoing nature of security research, with some commenters emphasizing the need for continued vigilance and adaptation in the face of evolving threats.

• An effect system proposal for C2y

  permalink

  Posted: 2025-01-18 19:00:26

  Verbose tl;dr

  This proposal introduces an effect system to C2x, aiming to enhance code modularity, optimization, and correctness by explicitly declaring and checking the side effects of functions. It defines a set of effect keywords, like reads and writes, to annotate function parameters and return values, indicating how they are accessed. These annotations are part of the function's type and are checked by the compiler, ensuring that declared effects match the function's actual behavior. The proposal also includes a mechanism for polymorphism over effects, enabling more flexible code reuse and separate compilation without sacrificing effect safety. This mechanism allows for abstracting over effects, so that functions can be written generically to operate on data structures with varying levels of mutability.

  This document, titled "An Effect System Proposal for C2y," proposes an extension to the C2y programming language (a hypothetical successor to C2x, itself a successor to C17/C11, aiming to modernize C) by introducing an effect system. This system aims to provide a more structured and reliable way to manage side effects within C programs, enhancing code clarity, maintainability, and potentially enabling compiler optimizations.

  The core of the proposal revolves around explicitly declaring the potential side effects of functions using effect specifications. These specifications, integrated into function declarations, enumerate the possible side effects a function might have. Examples of such effects include allocating memory, accessing files, throwing exceptions, and modifying global state. A distinct "pure" effect specification designates functions with no observable side effects beyond their return value.

  The effect system operates based on a set of pre-defined effect keywords, allowing for granular control over side effect categorization. For instance, separate effects might differentiate between reading and writing to files, enabling finer-grained analysis. The proposal introduces new syntax for declaring these effects within function signatures, using a dedicated keyword (like effects) followed by a parenthesized, comma-separated list of effect specifiers.

  The proposal outlines how effect specifications interact with function calls. A function's declared effects must encompass all possible side effects that could occur during its execution, including those of any functions it calls. The compiler verifies these effect specifications, ensuring that no undeclared side effects are present. This static checking prevents accidental or undocumented side effects, leading to more robust and predictable code.

  Beyond basic effect declarations, the proposal delves into more advanced features, such as effect polymorphism. This mechanism allows functions to operate on data with different effect specifications, promoting code reuse without compromising the strictness of the effect system. It introduces the concept of effect variables within function declarations, which act as placeholders for specific effects that are determined at the call site.

  The document further explores the implications of effect systems for existing C features. It addresses how effects interact with function pointers, suggesting the inclusion of effect specifications within function pointer types. It also discusses the handling of effects within variadic functions and macros, recognizing the challenges these present and outlining potential solutions.

  Finally, the proposal considers the interaction between effects and exception handling. It proposes a connection between thrown exceptions and the effect system, allowing exceptions to be declared as potential side effects and enabling more comprehensive error management within the framework of the effect system. This integration ensures that exceptions are treated as part of the overall side effect analysis, further contributing to the reliability and predictability of the code. The document concludes by suggesting areas for future research and development, such as integration with concurrency features and the exploration of more sophisticated effect analysis techniques.

  • C
  • C2y
  • C2x
  • programming language
  • effect systems
  • type systems
  • static analysis
  • language design
  • proposal
  • WG14
  • ISO
  • standardization
  • Functional Programming
  • side effects
  • algebraic effects

  Summary of Comments ( 6 )
  https://news.ycombinator.com/item?id=42750517

  Verbose tl;dr

  The Hacker News comments on the C2y effect system proposal express a mix of skepticism and cautious interest. Several commenters question the practicality and performance implications of implementing such a system in C, citing the language's existing complexity and the potential for significant overhead. Concerns are raised about the learning curve for developers and the possibility of introducing subtle bugs. Some find the proposal intriguing from a research perspective but doubt its widespread adoption. A few express interest in exploring the potential benefits of improved code analysis and error detection, particularly for concurrency and memory management, though acknowledge the challenges involved. Overall, the consensus leans towards viewing the proposal as an interesting academic exercise with limited real-world applicability in its current form.

  The Hacker News post "An effect system proposal for C2y" links to a 2023 draft of N3317, a proposal for adding an effect system to a future version of the C programming language (then tentatively called C2y, now C2x). The discussion on Hacker News is relatively brief, consisting of only a few comments, and doesn't delve very deep into the technical details of the proposal.

  One commenter expresses skepticism about the proposal's practicality, wondering whether the added complexity of an effect system would outweigh its benefits for typical C programming tasks. They question whether the kind of guaranteed safety that effect systems provide is truly necessary or desirable in the C ecosystem, where performance and low-level control are often prioritized. This commenter explicitly states they would not want to use an effects system in C, even if it were fully baked and easy to use. They view effects systems as more suited to functional languages, and fundamentally at odds with the design ethos and intended use cases of C.

  Another commenter focuses on the evolution of C standards, noting the long period between revisions and the challenges in introducing significant changes to a language with such a large and established codebase. They also point out that alternative languages or extensions already offer some form of effect systems or related features, implying that developers needing such features might prefer those options rather than waiting for a potentially complex and slow-to-be-adopted change in the C standard itself. They mention Zig as a modern C-like language and Rust as two examples with stricter, more sophisticated type and safety features.

  Finally, one commenter briefly remarks on the proposal's age (dating back to 2023), suggesting that its status and likelihood of incorporation into a future C standard are uncertain. This comment highlights the long process of standardization and the possibility that the proposal might be superseded by other developments in the meantime.