v1.0.0-beta

We are pleased to announce the v1.0.0-beta release of mldsa-native. This release is not yet considered stable - there are numerous improvements we would like to make before reaching that milestone, including the completion of HOL Light correctness proofs for at least one full backend. For details on the current state of the project, refer to the README and the set of changes below. Starting with this release, we intend to make more regular releases, targeting a new release every 2-3 months. As a result, individual releases may not correspond to the completion of a well-defined set of features.

What's Changed

• sys.h: Detect little endian when compiling with MSVC by @mkannwischer in #704
• Align common.h with mlkem-native by @mkannwischer in #702
• ACVP: Update to v1.1.0.41 by @mkannwischer in #705
• Examples: Add monolithic_build_native by @mkannwischer in #709
• Examples: Add monolithic_build_multilevel_native by @mkannwischer in #711
• Hoist domain separation logic into helper function by @hanno-becker in #710
• HOL-Light: ML-DSA NTT Platform independent code by @jakemas in #695
• Replace FIPS202_NAMESPACE with MLD_NAMESPACE by @willieyz in #717
• CI: Enable examples in compiler tests by @mkannwischer in #727
• Use consistent syntax for macro definitions and invocations by @hanno-becker in #726
• Add missing zeroization to crypto_sign_verify_internal by @mkannwischer in #731
• Add Runtime dispatch based on custom CPU capabilities function by @willieyz in #607
• SLOTHY: Superoptimize AArch64 NTT by @mkannwischer in #715
• Port: porting check-namespace from mlkem-native by @willieyz in #718
• CI: Port ec2_compatibilitytests by @willieyz in #665
• CI: Align build_kat functional tests with mlkem-native by @mkannwischer in #728
• CBMC: Allow specification of per-proof timeouts by @hanno-becker in #734
• CBMC: Replace object_whole with memory_slice in non-top-level contracts by @mkannwischer in #730
• CI: Switch from pqcp-arm64 to Github Arm runners by @mkannwischer in #749
• Add crypto_sign_pk_from_sk to top-level API by @jakemas in #714
• Strengthen preconditions on polyveck_add() and polyvecl_add() by @rod-chapman in #724
• Port: Copyright linting extension by @willieyz in #744
• Switch mld_polymat to struct wrapper by @hanno-becker in #741
• SLOTHY: Superoptimize AArch64 INTT by @mkannwischer in #748
• Example: Add custom_backend by @willieyz in #699
• Examples: multilevel build by @willieyz in #746
• Examples: multilevel_build_native by @willieyz in #747
• config.h: Align mldsa-native and mlkem-native config.h by @willieyz in #745
• Port: Hoist default C backend into separate functions by @willieyz in #735
• ASM: Add marker for non-executable stack by @hanno-becker in #769
• Port: Use a single configuration file for internal and external headers by @mkannwischer in #782
• Avoid overread in polyz_unpack (AArch64 + x86_64) by @mkannwischer in #784
• CBMC: Add proofs for native backend functions by @willieyz in #768
• Inline ntt.c by @willieyz in #787
• Backend unit tests by @willieyz in #777
• Port: Speed up make by @willieyz in #788
• Namespace all macros by @willieyz in #786
• decompose: Remove separate input argument by @mkannwischer in #798
• Port: Minor autogen and CI improvements by @willieyz in #794
• CI: Fix markdown-link-check and fix various broken links by @mkannwischer in #808
• tests: Allow specification of parameter set via -kl switch by @hanno-becker in #809
• HOL-Light: Speed up NTT proof by @mkannwischer in #811
• Make allocation of large structures/buffers configurable by @hanno-becker in #801
• x86_64 Backend: Remove <immintrin.h> dependency from arith_native_x86_64.h by @willieyz in #805
• BUILDING.md: add build instructions by @L-series in #780
• refactor: align the tests scripts with mlkem-native by @willieyz in #797
• x86_64: Autogenerate the entire constant array qdata for NTT/INTT by @mkannwischer in #812
• autogen: Port check_asm_* by @willieyz in #813
• Add test for failing dynamic allocation by @hanno-becker in #810
• Remove broken symlink auto.mk and check for broken symlinks in CI by @mkannwischer in #771
• sign stack usage: Re-use y/h buffer by @mkannwischer in #818
• CBMC: Prove x86_64 NTT adheres to native API contract in api.h by @willieyz in #806
• CI: Do not use npx in lint-markdown-link by @mkannwischer in #823
• Introduce mld_polymat_get_row() helper function by @hanno-becker in #742
• Make value barrier volatile by @hanno-becker in #772
• Namespace STACK_SIZE by @willieyz in #796
• Dependencies update by @willieyz in #832
• CI: Enable gcc15 tests on MacOS by @mkannwischer in #834
• Align mld_ct_memcmp with mlkem-native by @hanno-becker in #837
• verify: Switch to constant-time memcmp by @hanno-becker in #838
• CI: Benchmark stack consumption with MLD_CONFIG_REDUCE_RAM by @mkannwischer in #836
• Replace (near-)copies of notrandombytes.[ch] by symlinks by @hanno-becker in #839
• pk_from_sk: Add validation of s1 and s2 by @mkannwischer in #841
• CBMC: Prove mld_polymat_permute_bitrev_to_custom on top of native API by @willieyz in #820
• CBMC: Increase OBJECT_BITS for polyvecl_pointwise_acc_montgomery_c by @mkannwischer in #848
• API: add failure mode support for randombytes() by @L-series in #689
• Port: Move configuration files and configs.yml into tests/configs/ by @willieyz in #843
• Port: move basic test source into test/src/ by @willieyz in #844
• Port: move acvp test source and data into test/acvp/ by @willieyz in #845
• Port: move benchmarking sources to test/bench/ by @willieyz in #846
• AArch64: Align return type of rejection sampling functions by @mkannwischer in #860
• Consolidate MLD_CONFIG_CUSTOM_ZEROIZE with mlkem-native by @willieyz in #852
• sign stack usage: compute z incrementally by @mkannwischer in #825
• CI: Move container tests to mldsa-native AWS account by @mkannwischer in #862
• mldsa_native.h: Introduce MLD_TOTAL_ALLOC constants by @mkannwischer in #850
• autogen: fix print issue with narrow terminals by @l-...

v1.0.0-alpha

mldsa-native v1.0.0-alpha

mldsa-native is a C90 library that allows developers to support the ML-DSA / FIPS 204 post-quantum cryptography standard with minimal performance and maintenance cost.

Why mldsa-native?

Minimal Dependencies: mldsa-native is written in portable C90 with minimal and configurable dependencies on the standard library.

Maintainability and Safety: Memory safety, type safety and absence of various classes of timing leakage are automatically checked on every change, using a combination of static model checking (using CBMC) and dynamic instrumentation (using valgrind). This reduces review and maintenance burden and accelerates safe code delivery.

Architecture Support: Native backends are added under a unified interface, minimizing duplicated code and reasoning. mldsa-native comes with backends for AArch64 and x86-64.

Governance: mldsa-native is supported by the Linux Foundation and Post-Quantum Cryptography Alliance.

See the README for more details.

Status

This is a production ready alpha release. External APIs are expected but not guaranteed to be stable. Feedback welcome! If you have any questions, please reach out to us or open an issue on https://github.com/pq-code-package/mldsa-native.

Development plan

• Assurance: Prove functional correctness of x86_64 and AArch64 assembly backends using HOL-Light and s2n-bignum verification infrastructure.

• Performance: Super-optimize AArch64 backend using SLOTHY; further improve performance of x86_64 backend.

• Maintainability: Improve requirements traceability by documenting relation between source and FIPS 204 standard.