Skip to content

treasonking/PQC_Project

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

23 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

PQC Crypto Module Lab

CI Quality CodeQL

C 기반 PQC λͺ¨λ“ˆ 개인 ν”„λ‘œμ νŠΈμž…λ‹ˆλ‹€.
λͺ©ν‘œλŠ” KEM + Signatureλ₯Ό 곡톡 API/CLI/ν…ŒμŠ€νŠΈ/벀치마크/λ¬Έμ„œν™”κΉŒμ§€ μ—°κ²°ν•΄μ„œ μ‹€μ œ 개발 μ—­λŸ‰μ„ λ³΄μ—¬μ£ΌλŠ” κ²ƒμž…λ‹ˆλ‹€.

Interviewer Quick View

Focus Summary
Why this architecture pqc_module(곡톡 μΈν„°νŽ˜μ΄μŠ€)와 pqc_kem/pqc_sig(μ•Œκ³ λ¦¬μ¦˜ 계측)λ₯Ό 뢄리해, CLI/ν…ŒμŠ€νŠΈ μ½”λ“œλ₯Ό μœ μ§€ν•œ 채 λ°±μ—”λ“œ(Dummy ↔ PQClean Ref)λ₯Ό ꡐ체할 수 μžˆλ„λ‘ μ„€κ³„ν–ˆμŠ΅λ‹ˆλ‹€.
Direct project value 곡톡 API, μƒνƒœ μ½”λ“œ 기반 였λ₯˜ 흐름, CLI/ν…ŒμŠ€νŠΈ/벀치마크/CI μ—°κ²°, KAT/λ³€μ‘°/μ‹€νŒ¨ 경둜 검증을 직접 μ„€κ³„ν•˜κ³  ν†΅ν•©ν–ˆμŠ΅λ‹ˆλ‹€.
Security boundary ν•™μŠ΅/μ°Έμ‘° κ΅¬ν˜„ 톡합이 λͺ©μ μ΄λ©°, side-channel λŒ€μ‘, production hardening, thread-safety, 인증(FIPS/KCMVP), 운영 킀관리(HSM/감사좔적)λŠ” ν˜„μž¬ λ²”μœ„ λ°–μž…λ‹ˆλ‹€.
Test evidence 정상 경둜(λΌμš΄λ“œνŠΈλ¦½/KAT) + μ‹€νŒ¨ 경둜(λ³€μ‘° μž…λ ₯, 길이 였λ₯˜, 빈 λ©”μ‹œμ§€, λˆ„λ½/손상 파일)λ₯Ό CIμ—μ„œ μžλ™ κ²€μ¦ν•©λ‹ˆλ‹€.

Architecture Diagram

flowchart LR
  U["User / CI"] --> CLI["pqc_cli (src/main.c)"]
  CLI --> API["pqc_module API (include/pqc_module.h)"]
  API --> KEM["pqc_kem backend selector"]
  API --> SIG["pqc_sig backend selector"]
  KEM --> DKM["Dummy ML-KEM"]
  KEM --> RKM["PQClean ML-KEM Ref"]
  SIG --> DSI["Dummy ML-DSA"]
  SIG --> RSI["PQClean ML-DSA Ref"]
  API --> T["Tests (ctest)"]
  API --> B["Benchmark (pqc_cli benchmark)"]
Loading

Benchmark Snapshot (Sample)

Latest sample (mlkem-ref + mldsa-ref, iterations=1000):

KEM keygen (ms) KEM encaps (ms) KEM decaps (ms) SIG keygen (ms) SIG sign (ms) SIG verify (ms)
0.402 0.420 0.102 0.547 1.326 0.230

μ°Έκ³ : ν™˜κ²½/컴파일 μ˜΅μ…˜μ— 따라 값은 λ‹¬λΌμ§ˆ 수 있으며, 원본 κ²°κ³ΌλŠ” bench_result.csv와 docs/benchmark.mdλ₯Ό κΈ°μ€€μœΌλ‘œ κ°±μ‹ ν•©λ‹ˆλ‹€.

Architecture Summary

이 ν”„λ‘œμ νŠΈλŠ” 곡톡 API 계측(pqc_module)κ³Ό μ•Œκ³ λ¦¬μ¦˜ 쒅속 계측(pqc_kem, pqc_sig)을 λΆ„λ¦¬ν•œ κ΅¬μ‘°μž…λ‹ˆλ‹€.
μ΄λ ‡κ²Œ λΆ„λ¦¬ν•˜λ©΄ CLI/ν…ŒμŠ€νŠΈ μ½”λ“œλ₯Ό μœ μ§€ν•œ 채 λ°±μ—”λ“œ(더미 ↔ PQClean μ°Έμ‘° κ΅¬ν˜„)λ₯Ό ꡐ체할 수 μžˆμ–΄, κ΅¬ν˜„ λ³€κ²½ λŒ€λΉ„ 검증/λ¬Έμ„œ/운영 흐름을 μ•ˆμ •μ μœΌλ‘œ μœ μ§€ν•  수 μžˆμŠ΅λ‹ˆλ‹€.

Security Scope Boundary

이 μ €μž₯μ†ŒλŠ” ν•™μŠ΅/μ°Έμ‘° κ΅¬ν˜„ 톡합 μ€‘μ‹¬μž…λ‹ˆλ‹€.
즉, side-channel μ™„ν™”, production hardening, thread-safety, 인증 λŒ€μ‘(FIPS/KCMVP), 운영 킀관리(HSM/감사좔적)λŠ” ν˜„μž¬ λ²”μœ„μ— ν¬ν•¨ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.

더미 λ°±μ—”λ“œλŠ” API/CLI/ν…ŒμŠ€νŠΈ 흐름 κ²€μ¦μš©μ΄λ©°, rand() 기반 ν…ŒμŠ€νŠΈ RNGλ₯Ό μ‚¬μš©ν•˜λ―€λ‘œ μ•”ν˜Έν•™μ  μš©λ„λ‘œ μ‚¬μš©ν•˜λ©΄ μ•ˆ λ©λ‹ˆλ‹€.

Validation Snapshot

What Current Coverage
KEM correctness roundtrip/repeat/tamper (test_kem, test_ref_kem)
Signature correctness roundtrip/tamper/length/empty message (test_sig)
KAT-style check stored ML-DSA vector verify + stored secret-key sign/verify (test_kat_mldsa)
Failure-case handling tampered ciphertext/signature, invalid lengths, empty message, missing/corrupted input files
CI/Quality Linux+Windows CI, cppcheck quality workflow

Current Scope

KEM

  • API: pqc_kem_keypair, pqc_kem_encaps, pqc_kem_decaps
  • CLI: keygen, encaps, decaps
  • μ•Œκ³ λ¦¬μ¦˜ 선택: --alg <dummy|mlkem-ref>

Signature

  • API: pqc_sig_keypair, pqc_sig_sign, pqc_sig_verify
  • CLI: sig-keygen, sign, verify
  • μ•Œκ³ λ¦¬μ¦˜ 선택: --sig-alg <dummy-dsa|mldsa-ref>

Benchmark

  • 곡식 벀치 μ—”νŠΈλ¦¬ν¬μΈνŠΈλŠ” pqc_cli benchmark ν•˜λ‚˜λ‘œ ν†΅μΌλ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€.
  • bench/parse_results.pyλŠ” 벀치 κ²°κ³Ό(TXT/CSV) μš”μ•½ νŒŒμ„œμž…λ‹ˆλ‹€.

Implementation Status

Area Dummy PQClean Ref Notes
ML-KEM-768 Yes Yes (mlkem-ref) KEM keygen/encaps/decaps κ΅¬ν˜„
ML-DSA-65 Yes Yes (mldsa-ref) Signature keygen/sign/verify κ΅¬ν˜„
CLI Yes Yes KEM/Signature/Benchmark 톡합
Tests Yes Yes λ‹¨μœ„/μŒμ„±/KAT 포함
CI Yes Yes Linux + Windows(MSYS2 MinGW)

Build Matrix (CMake Conditional)

Condition KEM Backend Signature Backend
third_party/mlkem_pqclean + common 쑴재, third_party/mldsa_pqclean 쑴재 Dummy + ML-KEM Ref Dummy + ML-DSA Ref
ML-KEM 경둜 미쑴재 Dummy only (ML-DSA 쑰건에 따름)
ML-DSA 경둜 미쑴재 (ML-KEM 쑰건에 따름) Dummy only

μ°Έκ³ :

  • KEM Ref ν™œμ„± ν”Œλž˜κ·Έ: PQC_ENABLE_MLKEM_REF
  • Signature Ref ν™œμ„± ν”Œλž˜κ·Έ: PQC_ENABLE_MLDSA_REF

Directory

pqc-crypto-module-lab/
  β”œβ”€ CMakeLists.txt
  β”œβ”€ README.md
  β”œβ”€ docs/
  β”‚   β”œβ”€ architecture.md
  β”‚   β”œβ”€ benchmark.md
  β”‚   β”œβ”€ security.md
  β”‚   β”œβ”€ cli.md
  β”‚   β”œβ”€ troubleshooting.md
  β”‚   └─ portfolio-summary.md
  β”œβ”€ include/
  β”‚   └─ pqc_module.h
  β”œβ”€ src/
  β”‚   β”œβ”€ main.c
  β”‚   β”œβ”€ pqc_module.c
  β”‚   β”œβ”€ pqc_kem.c
  β”‚   β”œβ”€ pqc_sig.c
  β”‚   β”œβ”€ pqc_kem_backend.h
  β”‚   β”œβ”€ pqc_sig_backend.h
  β”‚   └─ pqc_utils.c
  β”œβ”€ tests/
  β”‚   β”œβ”€ test_kem.c
  β”‚   β”œβ”€ test_ref_kem.c
  β”‚   β”œβ”€ test_sig.c
  β”‚   β”œβ”€ test_negative.c
  β”‚   β”œβ”€ test_kat_mldsa.c
  β”‚   └─ data/
  β”‚       β”œβ”€ bad.ct
  β”‚       β”œβ”€ bad.sec
  β”‚       β”œβ”€ kat_mldsa_msg.txt
  β”‚       β”œβ”€ kat_mldsa_pub.key
  β”‚       β”œβ”€ kat_mldsa_sec.key
  β”‚       └─ kat_mldsa.sig
  β”œβ”€ bench/
  β”‚   └─ parse_results.py
  β”œβ”€ third_party/
  β”‚   β”œβ”€ mlkem_pqclean/
  β”‚   β”œβ”€ mldsa_pqclean/
  β”‚   └─ README.md
  β”œβ”€ scripts/
  β”‚   β”œβ”€ build_linux.sh
  β”‚   β”œβ”€ build_windows.bat
  β”‚   β”œβ”€ run_all.sh
  β”‚   └─ run_all_windows.bat
  └─ .github/workflows/
      β”œβ”€ ci.yml
      β”œβ”€ quality.yml
      └─ codeql.yml

Build

cmake -S . -B build
cmake --build build

Warning policy:

  • GCC/Clang builds enable -Wall -Wextra -Wpedantic.
  • MSVC builds enable /W4.
  • Third-party reference code is kept vendored and documented separately; project code should stay warning-clean under the enabled policy.

Windows μ˜ˆμ‹œ:

set CMAKE_EXE=C:\path\to\cmake.exe
set CC=C:\path\to\gcc.exe
set TOOLCHAIN_BIN=C:\path\to\w64devkit\bin
scripts\build_windows.bat

Run

./build/pqc_cli info --alg mlkem-ref --sig-alg mldsa-ref
./build/pqc_cli keygen --alg mlkem-ref --pub kem_pub.key --sec kem_sec.key
./build/pqc_cli sig-keygen --sig-alg mldsa-ref --pub sig_pub.key --sec sig_sec.key
./build/pqc_cli sign --sig-alg mldsa-ref --sec sig_sec.key --msg message.txt --sig message.sig
./build/pqc_cli verify --sig-alg mldsa-ref --pub sig_pub.key --msg message.txt --sig message.sig
./build/pqc_cli benchmark --alg mlkem-ref --sig-alg mldsa-ref --iterations 1000 --out bench_result.csv

Tests

ctest --test-dir build --output-on-failure

ν…ŒμŠ€νŠΈ λ²”μœ„ μš”μ•½:

  • KEM roundtrip/repeat/tamper
  • Signature roundtrip/tamper/empty message/length error
  • CLI 파일 였λ₯˜ μΌ€μ΄μŠ€
  • ML-DSA KAT(μ €μž₯된 벑터 verify + μ €μž₯된 secret key sign/verify)

Test Evidence (Current)

Test Purpose
test_kem KEM 정상/반볡/λ³€μ‘° ciphertext μ‹€νŒ¨
test_ref_kem ML-KEM μ°Έμ‘° λ°±μ—”λ“œ roundtrip
test_sig μ„œλͺ… 정상/λ³€μ‘°/길이 였λ₯˜/빈 λ©”μ‹œμ§€
test_kat_mldsa μ €μž₯된 ML-DSA 벑터 verify, μ €μž₯된 secret key sign/verify, λ³€μ‘° signature/public key μ‹€νŒ¨
test_negative μ•Œκ³ λ¦¬μ¦˜/μž…λ ₯ 였λ₯˜ 처리
cli_missing_input_file CLI μž…λ ₯ 파일 λˆ„λ½ μ‹€νŒ¨
cli_corrupted_key_file CLI 손상 ν‚€ 파일 μ‹€νŒ¨
quality.yml cppcheck 기반 정적 점검 μžλ™ν™”

Verification Notes

  • ν”„λ‘œμ νŠΈλŠ” PQClean μ°Έμ‘° κ΅¬ν˜„μ„ 톡합해 λ™μž‘ν•©λ‹ˆλ‹€.
  • KAT μ„±κ²©μ˜ 검증은 ν˜„μž¬ μ €μž₯된 ML-DSA κ³΅κ°œν‚€/λΉ„λ°€ν‚€/λ©”μ‹œμ§€/μ„œλͺ… 벑터λ₯Ό μ‚¬μš©ν•©λ‹ˆλ‹€.
  • μžλ™ν™” λ²”μœ„: μ €μž₯된 μ„œλͺ… verify, μ €μž₯된 secret key 기반 signβ†’verify, λ³€μ‘° signature/public key μ‹€νŒ¨ 확인.
  • 아직 NIST/PQClean 곡식 벑터 전체λ₯Ό μžλ™ λ°˜λ³΅ν•˜λŠ” μƒνƒœλŠ” μ•„λ‹™λ‹ˆλ‹€.
  • ν–₯ν›„ κ°œμ„ : NIST/PQClean 곡식 벑터 기반 μžλ™ KAT ν™•μž₯.

Security Notes (Honest)

  • 민감 데이터(λΉ„λ°€ν‚€/κ³΅μœ λΉ„λ°€/μ„œλͺ… λ‚΄λΆ€κ°’) 원문을 λ‘œκ·Έμ— 좜λ ₯ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.
  • 민감 λ²„νΌλŠ” secure_memzero둜 μ •λ¦¬ν•©λ‹ˆλ‹€.
  • 더미 μ•Œκ³ λ¦¬μ¦˜μ€ rand() 기반 ν…ŒμŠ€νŠΈ RNGλ₯Ό μ‚¬μš©ν•˜λ―€λ‘œ production μ‚¬μš© κΈˆμ§€μž…λ‹ˆλ‹€.
  • ν™œμ„± μ•Œκ³ λ¦¬μ¦˜ 선택은 ν”„λ‘œμ„ΈμŠ€ μ „μ—­ μƒνƒœλ₯Ό μ‚¬μš©ν•˜λ―€λ‘œ thread-safe APIκ°€ μ•„λ‹™λ‹ˆλ‹€.
  • constant-time/side-channel μ™„μ „ λŒ€μ‘μ€ ν˜„μž¬ λ²”μœ„ λ°–μž…λ‹ˆλ‹€.
  • 이 μ €μž₯μ†ŒλŠ” ν•™μŠ΅/포트폴리였 λͺ©μ μ΄λ©° μƒμš© 배포 μˆ˜μ€€μ˜ 보증을 μ œκ³΅ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.

CI

GitHub Actions (.github/workflows/ci.yml):

  • Ubuntu: configure/build/test + smoke benchmark
  • Windows(MSYS2 MinGW): configure/build/test + smoke benchmark
  • 두 ν™˜κ²½ λͺ¨λ‘ benchmark CSV νŒŒμ‹± ν›„ bench_summary.txt 생성
  • benchmark μ‚°μΆœλ¬Ό(bench_result.csv, bench_summary.txt) μ•„ν‹°νŒ©νŠΈ μ—…λ‘œλ“œ

정적 점검 (.github/workflows/quality.yml):

  • cppcheck μ‹€ν–‰ (warning/style/performance/portability)

λ³΄μ•ˆ 점검 (.github/workflows/codeql.yml):

  • CodeQL C/C++ 뢄석 (push/PR + μ£Όκ°„ μŠ€μΌ€μ€„)

Portfolio Metadata (Recommended)

GitHub About에 μ•„λž˜ 값을 ꢌμž₯ν•©λ‹ˆλ‹€.

  • Description:
    • C-based PQC crypto module lab integrating ML-KEM-768 and ML-DSA-65 with unified API, CLI, tests, benchmarks, and CI.
  • Topics:
    • pqc, ml-kem, ml-dsa, cryptography, c, cmake, pqclean

About

C-based PQC crypto module lab integrating ML-KEM-768 and ML-DSA-65 with unified API, CLI, tests, benchmarks, and CI.

Topics

Resources

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors