2023-08-09
After a flurry of updates since our last Tech Update, BC 1.76 is now available. The post-quantum algorithms LMS/HSS, SPHINCS+ are now directly supported by the core Bouncy Castle provider. In addition, the logging in TLS/DTLS now includes connection-specific unique identifiers as well as cipher suite details, and DTLS now supports connection IDs according to RFC 9146. The PGP API now supports PGP V6 EC/EdEC keys as well as PGP V5 and PGP V6 AEAD encryption modes. Work has been done on reducing provider thread contention by using the JCA Service classes, improving overall provider efficiency. Bug fixes included dealing with a buffering issue with Ascon and problematic clone constructors for Parallel Hash.
Some concerns have been raised about how the BC provider jar has grown with the PQC effort. To address these, the deprecated SIKE algorithm and its property tables have now been removed, and the property tables for Picnic have been compressed. This has resulted in a reduction of around 25% in the provider’s previous size for BC 1.73.
BC Java LTS 2.73.3: an updated BC Java LTS version has also been released. The LTS updates include non-PQC-related updates from BC release 1.74, 1.75 and 1.76, and adds support for ARM CPUs on the Linux and Darwin operating systems to complement the existing Intel support. The ongoing PQC project is not included due to the ongoing standardization work by NIST that has not been finalized yet.
Read more and download: