Where to Find the Release
Intel® Cryptography Primitives Library
Intel® Cryptography Primitives Library 2025.3.0
What's New
-
Added support for ML-KEM scheme with key generation, encapsulation and decapsulation functionalities implemented according to FIPS 203
-
Added API for hash squeezing for extendable-output functions (XOF) from the Keccak family
-
Optimized performance for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms
-
Optimized stack memory usage for Leighton-Micali Signatures (LMS) verification algorithm
-
Added split HKDF API HKDF_Extract() and HKDF_Expand() for more granular usage of HKDF functionality
Fixed Issues
-
Fixed mbx_get_algo_info(), so its output now reflects the latest state of the library
Known Issues and Limitations
-
Crypto multi-buffer library linked with OpenSSL 3.5 and built with Intel ICX Compiler was not fully validated with Constant-time execution tests. There is no such issue for other tested configurations
-
ippsXMSSSign() and ippsXMSSKeyGen() APIs were not validated with Constant-time execution tests due to testing methodology limitations, so resistance to side-channel attacks cannot be guaranteed for these API. This limitation will be eliminated in one of the future releases by changing the testing methodology
-
ippsXMSSKeyGen(), ippsMLKEM_KeyGen() and ippsMLKEM_Encaps() by default work with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on the target CPU, a third-party PRNG should be provided to these API, see functions documentation for more details
-
Due to a bug in the CMake configuration, libraries built with MB_STANDALONE=true are incorrectly installed to lib/intel64/ instead of the correct lib/ directory. Users should be aware that the installation path may not match the expected location for standalone builds. This issue will be fixed in the next major release
Deprecation Notices
-
Code paths m7 (Intel® SSE3) and w7 (Intel® SSE2) are deprecated and will be removed from the merged build of Intel® Cryptography Primitives Library in future releases. 1cpu headers are still available for all code paths. These branches can also be built as 1cpu libraries if specified in the platform list, e.g. -DMERGED_BLD:BOOL=off -DPLATFORM_LIST=s8;e9
-
IppsLMSBufferGetSize was deprecated and will be removed in future releases. Please use ippsLMSVerifyBufferGetSize instead
Intel® Cryptography Primitives Library 2025.2.0
What's New
-
Crypto Multi buffer library was extended with Intel® AVX-IFMA implementation of ECDSA (Sign and Verify), public key generation, ECDHE over NIST p256r1 curve
-
Added support for HKDF, Hashed Message Authentication Code (HMAC)-based key derivation function as defined by RFC-5869
-
Added support for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms as defined by FIPS PUB 202
-
Added support of Key and signature generations for the eXtended Merkle Signature Scheme (XMSS) algorithm
Known Issues and Limitations
-
Resistance to side-channel attacks cannot be guaranteed for
ippsXMSSSign()andippsXMSSKeyGen() -
ippsXMSSKeyGen()API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided toippsXMSSKeyGen()API, see more details in the function's documentation -
The thread safety is not guaranteed for the following API:
ippsHashMethod_<hash>(),ippsHashMethod_<hash>_NI()andippsHashMethod_<hash>_TT(), where possible values of hash are MD5, SM3, SHA1, SHA256, SHA512, SHA384, 512_256, 512_224, SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256
Intel® Cryptography Primitives Library 2025.1.0
What's New
-
Optimized SM4 algorithm with new Intel® SM4 instructions for Intel® Core™ Ultra Processors (Series 2) and Intel® Xeon® Processors, code named ‘ClearWater Forest’
-
Optimized SHA-512 hash family algorithms with Intel® Secure Hash Algorithm 512 (Intel® SHA512) instructions for Intel® Core™ Ultra Processors (Series 2) and Intel® Xeon® Processors, code named ‘ClearWater Forest’
Fix Issues
-
Fixed an issue with invalid memory access for AES-GCM algorithm with Intel® Advanced Vector Extensions 2 (Intel® AVX2) vector extensions of Intel® AES New Instructions (Intel® AES-NI) in case of corner sizes.
-
Fixed AVX512 IFMA implementation (k1 branch) of SM2 signature and verification single-buffer algorithm. The optimized path is re-enabled.
-
Fixed SM4-XTS issue for Crypto Multi buffer library (Github #88).
Deprecation Notices
-
fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keys and fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size are deprecated.
Intel® Cryptography Primitives Library 2025.0.0
What's New
-
Intel® Integrated Performance Primitives Cryptography (Intel® IPP Cryptography) is now Intel® Cryptography Primitives Library
-
Extend Enabled Intel® Xeon® 6 Processors with Efficient-Cores (E-Cores), code named ‘SierraForest’ dispatching support for crypto_mb
-
Optimized RSA 2K, 3K, 4K multi-buffer performance for Intel® Xeon® 6 Processors with Efficient-Cores (E-Cores), code named ‘SierraForest’
-
Optimized SM3 single-buffer hashing algorithm with SM3_NI instruction for
Intel® Core™ Ultra Processors (Series 2), code named ‘Lunar Lake’ and ‘Arrow Lake’
-
Added more examples for LMS, ECDSA and AES-GCM.
Fix Issues
-
Fixed issue in ECDSA(Elliptic Curve Digital Signature Algorithm) function implemented with IFMA(Integer Fused Multiply-Add)
Known Issues and Limitations
-
This release of Intel® Cryptography Primitives Library has been built with the new secure and powerful Intel® oneAPI DPC++/C++ Compiler. As a result, we’ve noted some performance regressions in our testing, which will be addressed in the subsequent releases. If these regressions are thought to be impacting your application in a negative way or you have specific questions, please contact Intel® oneAPI Products Support.
-
For this release, constant-execution time property is not guaranteed for RSA multi-buffer algorithm executed on Intel AVX2 based CPUs.
Unsupported or Discontinued Features
-
The threading functions (ippcpGetNumThreads, ippcpGetEnabledNumThreads, ippcpSetNumThreads and ippcpGetLibVersion) were deprecated.
-
The support for architecture n8 (Intel® SSSE3) and e9 Intel® Advanced Vector Extensions (Intel® AVX) code path has been discontinued, Intel® SSE is instead.
-
Previously deprecated Hash functions and Elliptic Curves functions were removed. Please access to Intel Cryptography github.
Previous Releases
Technical Support
If you did not register your Intel® software product during installation, please do so now at the Intel® Software Development Products Registration Center. Registration entitles you to free technical support, product updates and upgrades for the duration of the support term.
For technical information about Intel® Cryptography Primitives Library, including FAQ's, tips and tricks, and other support information, please visit the Intel Cryptography github or Intel® oneAPI Products Support
For general information about Intel technical support, product updates, user forums, FAQs, tips and tricks and other support questions, please visit the support site.
Note: If your distributor provides technical support for this product, please contact them rather than Intel.
Notices and Disclaimers
Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.
No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document.
The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.