Learning path for Post-Quantum Cryptography on Arm Cortex

assets/contributors.csv

@@ -120,3 +120,4 @@ Parichay Das,,parichaydas,parichaydas,,
 Johnny Nunez,NVIDIA,johnnynunez,johnnycano,,
 Raymond Lo,NVIDIA,raymondlo84,raymondlo84,,
 Kavya Sri Chennoju,Arm,kavya-chennoju,kavya-sri-chennoju,,
+Akash Malik,Arm,akashmalik19973,akash-malik-a65bab219,,

content/learning-paths/embedded-and-microcontrollers/pqc_pqm4/_index.md

@@ -0,0 +1,60 @@
+---
+title: Post-Quantum Cryptography on Arm Cortex
+
+description: Learn how to implement and test post-quantum cryptographic algorithms on ARM Cortex-M4 microcontrollers using the pqm4 library.
+
+minutes_to_complete: 120
+
+who_is_this_for: This tutorial is for software developers and cryptography enthusiasts interested in implementing and testing post-quantum cryptographic algorithms on ARM Cortex-M4 microcontrollers.
+
+learning_objectives:
+    - Understand the design goals of the pqm4 library.
+    - Set up the development environment for ARM Cortex-M4.
+    - Implement and test post-quantum cryptographic algorithms.
+    - Benchmark and profile cryptographic implementations.
+    - Integrate new cryptographic schemes into the pqm4 framework.
+
+prerequisites:
+    - ARM Cortex-M4 development board (e.g., NUCLEO-L4R5ZI, STM32F4 Discovery)
+    - Computer with Python 3.8 or higher
+    - ARM toolchain (arm-none-eabi)
+    - stlink and OpenOCD for flashing binaries
+    - QEMU 5.2 or higher for simulation
+
+author: 
+    - Akash Malik
+    - Odin Shen
+
+### Tags
+skilllevels: Advanced
+subjects: 
+    - Performance and Architecture
+    - Security
+armips:
+    - Cortex-M
+operatingsystems:
+    - Linux
+    - macOS
+tools_software_languages:
+    - C
+    - Python
+    - ARM toolchain
+    - stlink
+    - QEMU
+
+further_reading:
+    - resource:
+        title: PQCRYPTO Project
+        link: https://pqcrypto.eu.org
+        type: website
+    - resource:
+        title: PQClean GitHub Repository
+        link: https://github.com/PQClean/PQClean
+        type: repository
+
+### FIXED, DO NOT MODIFY
+# ================================================================================
+weight: 1
+layout: "learningpathall"
+learning_path_main_page: "yes"
+---

content/learning-paths/embedded-and-microcontrollers/pqc_pqm4/_next-steps.md

@@ -0,0 +1,8 @@
+---
+# ================================================================================
+#       FIXED, DO NOT MODIFY THIS FILE
+# ================================================================================
+weight: 21
+title: "Next Steps"
+layout: "learningpathall"
+---

content/learning-paths/embedded-and-microcontrollers/pqc_pqm4/adding-new-schemes.md

@@ -0,0 +1,113 @@
+---
+title: Adding New Schemes and Implementations to pqm4
+
+weight: 5
+
+### FIXED, DO NOT MODIFY
+layout: learningpathall
+---
+
+## Adding New Schemes and Implementations
+
+The pqm4 build system facilitates easy addition of new schemes and implementations provided they follow the **NIST/SUPERCOP/PQClean API**. Follow these steps to add an M4-optimized implementation of a scheme like NewHope-512-CPA-KEM:
+
+
+#### Step 1 : Download the Scheme Implementation
+
+Download the NewHope implementation from GitHub:
+```bash
+git clone https://github.com/newhopecrypto/newhope.git
+```
+Navigate to the reference implementation:
+```bash
+cd newhope/ref
+```
+This directory contains the implementation files required for integration.
+
+#### Step 2 : Create Scheme Directory
+Inside pqm4, create a directory for the scheme:
+```bash
+mkdir -p crypto_kem/newhope512cpa/m4
+```
+
+#### Step 3 : Copy Implementaion Files
+Copy required files into pqm4
+Include files : 
+* Core algorithm files(.c,.h)
+* Polynomial and NTT operations
+* CPA KEM logic (cpakem.c, cpapke.c)
+Do not Include file such as : 
+* randombytes.c
+* PQCgenKAT_kem.c
+* standalone test/benchmark files (speed.c, test.c)
+* .o files
+
+#### Step 4 : Create API File
+
+create file name **api.h**  
+
+```bash
+crypto_kem/newhope512cpa/m4/api.h
+```
+
+Define CRYPTO_SECRETKEYBYTES, CRYPTO_PUBLICKEYBYTES, and CRYPTO_CIPHERTEXTBYTES using the values from the **params.h** file in the NewHope reference implementation, and implement the required functions: **crypto_kem_keypair**, **crypto_kem_enc** , and **crypto_kem_dec**
+
+* Example of api.h file
+
+```python
+#ifndef API_H
+#define API_H
+
+#define CRYPTO_SECRETKEYBYTES 3680
+#define CRYPTO_PUBLICKEYBYTES 1824
+#define CRYPTO_CIPHERTEXTBYTES 2208
+#define CRYPTO_BYTES 32
+
+#define CRYPTO_ALGNAME "NewHope512-CCA"
+
+int crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
+int crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk);
+int crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);
+
+#endif
+```
+#### Step 5 : Handle Randomness 
+
+* Do not include your own randombytes.c 
+* pmq4 provides its own RNG implementation
+
+#### Step 6 : Build the Scheme 
+
+```bash
+make clean
+make -j4 PLATFORM=<platform
+```
+
+check binaries:
+```bash
+ls bin | grep newhope512cpa
+```
+
+#### Step 7 : Test the Implementation
+
+```bash
+python3 test.py -p <platform> --uart <serial_port> newhope512cpa
+```
+Expected output: 
+```
+SUCCESSFUL
+```
+
+### Using Optimized Cryptographic Functions
+
+- **FIPS202 (Keccak, SHA3, SHAKE)**: Use optimized Keccak code available in `mupq/common/fips202.h`.
+- **SHA-2**: Use C implementations available in `sha2.h`.
+- **AES**: Use assembly-optimized implementations available in `common/aes.h`.
+
+for our NewHope-512-CPA-KEM  Implementation we have used optimized keccak code which is in `mupq/common/fips202.h`
+
+### Contributing Implementations
+
+- For reference implementations, contribute to [PQClean](https://github.com/PQClean/PQClean).
+- For optimized C implementations, contribute to [mupq](https://github.com/mupq/mupq).
+- For Cortex-M4 optimized implementations, contribute directly to pqm4.

content/learning-paths/embedded-and-microcontrollers/pqc_pqm4/introduction.md

@@ -0,0 +1,60 @@
+---
+title: Introduction to pqm4 and Post-Quantum Cryptography
+
+weight: 2
+
+layout: learningpathall
+---
+
+### Post-Quantum Cryptography
+
+The [pqm4](https://github.com/mupq/pqm4) framework is a benchmarking and implementation suite for post-quantum cryptography (PQC) on Arm Cortex-M4 microcontrollers.  It originated from the [PQCRYPTO](https://pqcrypto.eu.org) project, funded by the European Commission, and has since evolved into a widely used platform for evaluating PQC in embedded environments.
+
+As quantum computing advances, widely used cryptographic schemes such as RSA and elliptic curve cryptography are expected to become insecure. This presents a unique challenge for embedded systems, where devices often remain deployed for 10 to 20 years and must be designed with long-term security in mind.
+
+Post-quantum cryptography is expected to play a critical role in securing a wide range of embedded applications, including secure firmware updates, device authentication, encrypted communication (e.g., IoT sensor-to-cloud), and integrity protection for edge AI models. These use cases require cryptographic mechanisms that remain secure over the lifetime of the device, even in the presence of future quantum adversaries.
+
+To address this, new PQC algorithms have been standardized by NIST, including ML-KEM for key exchange and ML-DSA for digital signatures. However, these algorithms are significantly more demanding in terms of computation, memory, and code size compared to classical cryptography — making their deployment on constrained microcontrollers non-trivial.
+
+The pqm4 framework provides a practical solution by enabling developers to evaluate PQC implementations under real embedded constraints. It offers standardized benchmarking for performance (cycle counts), memory usage (stack), and code size, along with optimized implementations tailored for the Cortex-M4 architecture. This allows developers to move beyond theoretical analysis and make informed decisions about deploying PQC in real-world embedded systems.
+
+
+### Two Public-key Primitives
+
+Two public-key primitives are particularly fundamental to modern cryptography: 
+- key encapsulation mechanisms (KEMs) and 
+- digital signature algorithms (DSAs). 
+
+KEMs allow two parties to establish a shared secret over an insecure channel - the foundation for encrypted communications in protocols like TLS. Digital signatures provide authentication and integrity, ensuring that a message genuinely comes from its claimed sender and hasn't been tampered with. Together, these primitives underpin everything from secure web browsing to firmware updates on embedded devices.
+
+Post-quantum cryptography replaces classical algorithms with new designs built on mathematical problems that remain hard even for quantum computers. Among the various primitives, KEMs and signatures are the most critical for most applications and have been the focus of NIST's standardization effort. KEMs have received particular urgency due to "harvest now, decrypt later" attacks - adversaries can record encrypted communications today and decrypt them once quantum computers become available.
+
+This makes protecting data in transit an immediate priority, even though quantum computers may still be years away. Unlike classical public-key cryptography, which relies almost entirely on integer factorization and discrete logarithms, PQC draws on a variety of foundations: Lattices, hash functions, error-correcting codes, multivariate polynomials, and more. This diversity means that different PQC schemes come with very different performance characteristics and trade-offs.
+
+In this learning path, we will focus on KEMs implementation on Cortex-M. 
+
+### Benefits of pqm4 for ARM Developers
+
+- Efficient evaluation of post-quantum cryptographic algorithms on ARM Cortex-M4 microcontrollers.
+- Accurate measurement of performance, memory usage, and execution cycles on real embedded hardware.
+- Standardized framework for testing, benchmarking, and comparing multiple cryptographic implementations.
+- Simplified integration and experimentation with new cryptographic schemes and optimizations for ARM platforms.
+
+### Design Goals
+
+The primary design goals of the pqm4 library are:
+
+- Automated functional testing and test vector generation with validation against reference implementations.
+- Comprehensive benchmarking, including speed, stack usage, and code size analysis.
+- Profiling of cryptographic primitives such as SHA-2, SHA-3, and AES.
+- Easy integration of clean and optimized implementations (e.g., from [PQClean](https://github.com/PQClean/PQClean)) and new schemes.
+
+### Scope of pqm4
+
+The pqm4 library includes schemes that are:
+
+- Standardized by NIST in FIPS203, FIPS204, or FIPS205.
+- Selected for standardization by NIST.
+- Part of the 4th round of the NIST PQC standardization process.
+- Part of the first round of additional signatures of the NIST PQC standardization process.
+- Part of the second round of the KpqC competition.