SNOVA

  • Algorithm type: Digital signature scheme.
  • Main cryptographic assumption: multivariable quadratic equations, oil and vinegar.
  • Principal submitters: Lih-Chung Wang, Chun-Yen Chou, Jintai Ding, Yen-Liang Kuan, Jan Adriaan Leegwater, Ming-Siou Li, Bo-Shu Tseng, Po-En Tseng, Chia-Chun Wang.
  • Authors’ website: https://snova.pqclab.org/
  • Specification version: Round 2.
  • Primary Source:
    • Source: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
    • Implementation license (SPDX-Identifier): MIT

Parameter set summary

Parameter set Parameter set alias Security model Claimed NIST Level Public key size (bytes) Secret key size (bytes) Signature size (bytes)
SNOVA_24_5_4 NA EUF-CMA 1 1016 48 248
SNOVA_24_5_4_SHAKE NA EUF-CMA 1 1016 48 248
SNOVA_24_5_4_esk NA EUF-CMA 1 1016 36848 248
SNOVA_24_5_4_SHAKE_esk NA EUF-CMA 1 1016 36848 248
SNOVA_37_17_2 NA EUF-CMA 1 9842 48 124
SNOVA_25_8_3 NA EUF-CMA 1 2320 48 165
SNOVA_56_25_2 NA EUF-CMA 3 31266 48 178
SNOVA_49_11_3 NA EUF-CMA 3 6006 48 286
SNOVA_37_8_4 NA EUF-CMA 3 4112 48 376
SNOVA_24_5_5 NA EUF-CMA 3 1579 48 379
SNOVA_60_10_4 NA EUF-CMA 5 8016 48 576
SNOVA_29_6_5 NA EUF-CMA 5 2716 48 454

SNOVA_24_5_4 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?‡
Primary Source opt All All None True True False
Primary Source avx2 x86_64 Linux AVX2 True True False
Primary Source neon ARM64_V8 Darwin,Linux None True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

‡For an explanation of what this denotes, consult the Explanation of Terms section at the end of this file.

SNOVA_24_5_4_SHAKE implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True False
Primary Source avx2 x86_64 Linux AVX2 True True False
Primary Source neon ARM64_V8 Darwin,Linux None True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_24_5_4_esk implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True False
Primary Source avx2 x86_64 Linux AVX2 True True False
Primary Source neon ARM64_V8 Darwin,Linux None True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_24_5_4_SHAKE_esk implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True False
Primary Source avx2 x86_64 Linux AVX2 True True False
Primary Source neon ARM64_V8 Darwin,Linux None True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_37_17_2 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_25_8_3 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True False
Primary Source avx2 x86_64 Linux AVX2 True True False
Primary Source neon ARM64_V8 Darwin,Linux None True True False

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_56_25_2 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_49_11_3 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_37_8_4 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_24_5_5 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_60_10_4 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

SNOVA_29_6_5 implementation characteristics

Implementation source Identifier in upstream Supported architecture(s) Supported operating system(s) CPU extension(s) used No branching-on-secrets claimed? No branching-on-secrets checked by valgrind? Large stack usage?
Primary Source opt All All None True True True
Primary Source avx2 x86_64 Linux AVX2 True True True
Primary Source neon ARM64_V8 Darwin,Linux None True True True

Are implementations chosen based on runtime CPU feature detection? Yes.

Explanation of Terms

  • Large Stack Usage: Implementations identified as having such may cause failures when running in threads or in constrained environments.

Copyright © Open Quantum Safe a Series of LF Projects, LLC.
For website terms of use, trademark policy, and other project policies, please see https://lfprojects.org.
This site uses Just the Docs, a documentation theme for Jekyll. Background image by Rick Doble.