-rw-r--r-- 1952 libmceliece-20230612/doc/people.md raw
libmceliece is based on the official Classic McEliece software, which
was written by Tung Chou. See the following papers for the major
algorithms used for speed inside that software:
* Daniel J. Bernstein, Tung Chou, Peter Schwabe. "McBits: fast
constant-time code-based cryptography." CHES 2013.
[https://tungchou.github.io/papers/mcbits.pdf](https://tungchou.github.io/papers/mcbits.pdf)
* Tung Chou. "McBits revisited." CHES 2017.
[https://tungchou.github.io/papers/mcbits_revisited.pdf](https://tungchou.github.io/papers/mcbits_revisited.pdf)
The official Classic McEliece software includes `ref`, `vec`, `sse`, and
`avx` implementations; libmceliece includes only `vec` and `avx`.
The following components of libmceliece are from Daniel J. Bernstein:
* Small [changes](download.html#changelog)
for namespacing, portability, etc.
* Software to compute control bits (also used in the official software).
See the following paper: Daniel J. Bernstein. "Verified fast formulas
for control bits for permutation networks." 2020.
[https://cr.yp.to/papers.html#controlbits](https://cr.yp.to/papers.html#controlbits)
* `crypto_sort/int32`. See [https://sorting.cr.yp.to](https://sorting.cr.yp.to).
* Infrastructure to build a library with automatic run-time selection of
implementations based on the run-time CPU and a database of
benchmarks. This infrastructure was introduced in
[`lib25519`](https://lib25519.cr.yp.to), with some extensions and
adaptations in libmceliece.
* Various software for tests and benchmarks. This is based on
public-domain code in the SUPERCOP benchmarking framework.
The underlying `crypto_xof/shake256` software currently includes two
SHAKE256 implementations. The `tweet` implementation is based on
[https://twitter.com/tweetfips202](https://twitter.com/tweetfips202)
by Daniel J. Bernstein, Peter Schwabe, and Gilles Van Assche. The
`unrollround` implementation is from Daniel J. Bernstein.