Link Search Menu Expand Document
Open Quantum Safe

Picnic

  • Algorithm type: Digital signature scheme.
  • Main cryptographic assumption: hash function security (ROM/QROM), key recovery attacks on the lowMC block cipher.
  • Principal submitters: Greg Zaverucha, Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Jonathan Katz, Xiao Wang, Vladmir Kolesnikov.
  • Authors’ website: https://microsoft.github.io/Picnic/
  • Specification version: 3.0.17.
  • Primary Source:
    • Source: https://github.com/IAIK/Picnic
    • Implementation license (SPDX-Identifier): MIT

Test limitation

This algorithm is not tested under Windows using the “msys2” tool chain (due to https://github.com/open-quantum-safe/liboqs/issues/1218).

Parameter set summary

Parameter set Security model Claimed NIST Level Public key size (bytes) Secret key size (bytes) Signature size (bytes)
picnic_L1_FS EUF-CMA 1 33 49 34036
picnic_L1_UR EUF-CMA 1 33 49 53965
picnic_L1_full EUF-CMA 1 35 52 32065
picnic_L3_FS EUF-CMA 3 49 73 76776
picnic_L3_UR EUF-CMA 3 49 73 121849
picnic_L3_full EUF-CMA 3 49 73 71183
picnic_L5_FS EUF-CMA 5 65 97 132860
picnic_L5_UR EUF-CMA 5 65 97 209510
picnic_L5_full EUF-CMA 5 65 97 126290
picnic3_L1 EUF-CMA 1 35 52 14612
picnic3_L3 EUF-CMA 3 49 73 35028
picnic3_L5 EUF-CMA 5 65 97 61028

picnic_L1_FS implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?‡
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.

picnic_L1_UR implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L1_full implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L3_FS implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L3_UR implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L3_full implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L5_FS implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L5_UR implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic_L5_full implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic3_L1 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic3_L3 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

picnic3_L5 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source master All All None True True False
Primary Source master x86_64 Linux AVX2,SSE2 True True False
Primary Source master x86_64 Darwin,Windows SSE2 True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

Explanation of Terms

  • Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.






Copyright © 2017-2022 The Open Quantum Safe Project.
This site uses Just the Docs, a documentation theme for Jekyll. Background image by Rick Doble.