Reworks the README

CITATION.cff

@@ -0,0 +1,27 @@
+cff-version: 1.2.0
+message: "If you use this software, please cite it as below."
+repository-code: "https://github.com/google/OpenSK"
+license: "Apache-2.0"
+preferred-citation:
+ type: article
+ authors:
+ - family-names: "Ghinea"
+ given-names: "Diana"
+ - family-names: "Kaczmarczyck"
+ given-names: "Fabian"
+ - family-names: "Pullman"
+ given-names: "Jennifer"
+ - family-names: "Cretin"
+ given-names: "Julien"
+ - family-names: "Kölbl"
+ given-names: "Stefan"
+ - family-names: "Invernizzi"
+ given-names: "Luca"
+ - family-names: "Bursztein"
+ given-names: "Elie"
+ - family-names: "Picod"
+ given-names: "Jean-Michel"
+ title: "Hybrid Post-Quantum Signatures in Hardware Security Keys"
+ journal: "4th ACNS Workshop on Secure Cryptographic Implementation"
+ year: 2023
+ month: 6

README.md

@@ -6,47 +6,59 @@
 ![Cargo format](https://github.com/google/OpenSK/workflows/Cargo%20format/badge.svg?branch=develop)
 [![Coverage Status](https://coveralls.io/repos/github/google/OpenSK/badge.svg?branch=develop)](https://coveralls.io/github/google/OpenSK?branch=develop)
 
+*News:*
+
+- 2023-08-24: [PQC paper reference](#Research)
+
 ## OpenSK
 
 This repository contains a Rust implementation of a
-[FIDO2](https://fidoalliance.org/fido2/) authenticator.
-We developed OpenSK as a [Tock OS](https://tockos.org) application.
+[FIDO2](https://fidoalliance.org/fido2/) security key.
+Security keys are external devices that can be used for signing in on websites.
+You can see OpenSK in action in this
+[video on YouTube](https://www.youtube.com/watch?v=klEozvpw0xg)!
 
 We intend to bring a full open source experience to security keys, from
 application to operating system. You can even 3D print your own open source
 enclosure!
-You can see OpenSK in action in this
-[video on YouTube](https://www.youtube.com/watch?v=klEozvpw0xg)!
 
-You are viewing the branch for developers. New features are developed here
-before they are stabilized. If you instead want to use the FIDO certified
-firmware, please go back to the
-[stable branch](https://github.com/google/OpenSK).
+<img src="docs/img/enclosure.jpg" alt="OpenSK Enclosure" width="200"/>
+
+You can run OpenSK as a [Tock OS](https://tockos.org) application, or use the
+library to bring OpenSK to your own hardware.
+
+You are viewing the branch for developers. New features are developed here.
+Go to the default branch for a more stable version of OpenSK.
 
 ### FIDO2
 
-The develop branch implements the
-[CTAP2.1 specification](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html).
-This branch is not FIDO certified. The implementation is backwards compatible
-to CTAP2.0. Additionally, OpenSK supports U2F, and non-discoverable credentials
-created with either protocol are compatible with the other.
+OpenSK's version that implemented CTAP 2.0 was certified by the FIDO Alliance.
+
+The develop branch tracks the latest release version of the
+[CTAP specification](https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html).
+This branch is not FIDO certified.
+OpenSK supports U2F, and non-discoverable credentials created with either
+protocol are compatible with the other.
 
 ### :warning: Disclaimer
 
 This project is **proof-of-concept and a research platform**. It is **NOT**
-meant for a daily usage. It comes with a few limitations:
-
-* This branch is under development, and therefore less rigorously tested than the stable branch.
-* The cryptography implementations are not resistent against side-channel attacks.
+meant for a daily usage. This branch is under development, and therefore less
+rigorously tested than the numbered branches.
 
 We're still in the process of integrating the
 [ARM&reg; CryptoCell-310](https://developer.arm.com/ip-products/security-ip/cryptocell-300-family)
 embedded in the
 [Nordic nRF52840 chip](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fps_nrf52840%2Fcryptocell.html)
-to enable hardware-accelerated cryptography. Our placeholder implementations of required
-cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust are research-quality
-code. They haven't been reviewed and don't provide constant-time guarantees.
-
+to enable hardware-accelerated cryptography.
+In the meantime, there are 2 options for cryptography implementations:
+
+* Our own placeholder implementation. The code is research quality and doesn't
+ provide constant-time guarantees.
+* The [RustCrypto](https://github.com/RustCrypto) interface. Deploy with
+ `--rust-crypto`. Note that our own ECC implementation is faster and has
+ smaller binary size, so not all boards support RustCrypto yet.
+
 ## Hardware
 
 You will need one the following supported boards:
@@ -75,6 +87,28 @@ Please check our [Troubleshooting and Debugging](docs/debugging.md) section if y
 have problems with the installation process or during development. To find out what
 else you can do with your OpenSK, see [Customization](docs/customization.md).
 
+## Research
+
+We implemented post-quantum cryptography on OpenSK. The code is released under
+the [hybrid-pqc tag](https://github.com/google/OpenSK/releases/tag/hybrid-pqc).
+Our [paper](https://eprint.iacr.org/2022/1225) was published in the ACNS
+Secure Cryptographic Implementation workshop 2023 and won the best paper award.
+
+<details>
+<summary>Bibtex reference</summary>
+
+```
+@InProceedings{Ghinea2023hybrid,
+ author= {Diana Ghinea and Fabian Kaczmarczyck and Jennifer Pullman and Julien Cretin and Rafael Misoczki and Stefan Kölbl and Luca Invernizzi and Elie Bursztein and Jean-Michel Picod},
+ title= {{Hybrid Post-Quantum Signatures in Hardware Security Keys}},
+ booktitle= {{4th ACNS Workshop on Secure Cryptographic Implementation, Kyoto, Japan}},
+ month= {June},
+ year= {2023},
+}
+```
+
+</details>
+
 ## Contributing
 
 See [Contributing.md](docs/contributing.md).