OpenSK
This is an OpenSK fork that allows signing with a PQC Hybrid scheme. If you are looking for the original documentation, please check the develop branch of its GitHub page.
Hardware
You will need a Nordic nRF52840-DK development kit.
Installation
To install OpenSK,
- follow the general setup steps,
- then continue with the instructions for your specific hardware: Nordic nRF52840-DK
PQC Experiments
Modes
The Dilithium mode is set at compile time. If you want to perform experiments for different modes,
you will need to recompile. The mode is a feature, defined in
third_party/dilithium/Cargo.toml. By default, it is set to
default = [ "dilithium5", "optimize_stack" ]. You can change the default mode by either changing
the number 5 to 2 or 3. Or you remove the feature for stack optimizations, e.g.
default = [ "dilithium2" ].
Note that some benchmarks will not run in all modes without stack optimizations. You can try to play with the stack size in these cases. As an example, stack painting for speed mode Dilithium2 works if you apply the following changes:
APP_HEAP_SIZE = 16384indeploy.pylibtock_core::stack_size! {0x1A000}inexamples/measure_stack.rsSTACK_SIZE = 106496;innrf52840_layout.ld- Change the app break from
70 * 1024to104 * 1024inpatches/tock/07-app-break-fix.patch.
For your convenience, you can also simply try:
git apply increase_stack.patch
Compiler flags
To trade binary size for speed, you can play with [profile.release] in Cargo.toml.
For example, try a different compiler optimization level:
opt-level = 3
Debug output
Only the CTAP commands tests are measured end to end on the host. All other experiments are measured on the embedded device itself and output over RTT. You can either use a client to print results by running the following commands in different terminals:
JLinkExe -device nrf52 -if swd -speed 1000 -autoconnect 1
JLinkRTTClient
Or you directly output all messages to a file:
JLinkRTTLogger -device NRF52840_XXAA -if swd -speed 1000 -RTTchannel 0
Perform Experiments
The paper contains the following experiments:
Crypto benchmarks
Deploy the crypto_bench example and read the debug output with one of the methods above:
./deploy.py --board=nrf52840dk_opensk --crypto_bench
CTAP benchmarks
To measure the speed of FIDO commands, run:
python benchmarks.py --runs=2000
Aggregate results will be printed, and the raw data is written to make_durations.txt and
get_durations.txt.
Stack painting
Deploy the measure_stack example and read the debug output with one of the methods above:
./deploy.py --board=nrf52840dk_opensk --measure_stack
x86 benchmarks
You don't need your embedded hardware for those, run:
cd third_party/dilithium/
cargo bench --features std