Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add lms to RustCrypto/signatures #801

Merged
merged 5 commits into from
Mar 6, 2024

Conversation

incertia
Copy link
Contributor

This adds the lms directory to RustCrypto/signatures under the crate name lms-signature. The authors of the original RFC seem quite happy using the phrase so this keeps the naming in the signatures repository consistent. Hopefully I ported the Github workflow without any issues.

There are two notable limitations to our implementation:

  1. We rely on generic_array::GenericArray from the older digest-0.10.7 instead of using the hybrid_array::Array approach from the upcoming digest-0.11 ecosystem.
  2. We lack a way of compressing Merkle tree data so we just store the entire tree which causes H15, H20, and H25 variants of LMS to not work due to storage limitations.

This PR also does not modify the main README in any way. I have also refrained from committing any changes to Cargo.lock.

.github/workflows/lms.yml Outdated Show resolved Hide resolved
lms/Cargo.toml Outdated Show resolved Hide resolved
lms/Cargo.toml Outdated Show resolved Hide resolved
lms/lms/lib.rs Outdated Show resolved Hide resolved
lms/lms/lms/private.rs Outdated Show resolved Hide resolved
lms/.gitignore Outdated Show resolved Hide resolved
lms/CHANGELOG.md Outdated Show resolved Hide resolved
lms/Cargo.toml Outdated Show resolved Hide resolved
Comment on lines 209 to 235
#[test]
fn test_pk_tree_kat1() {
let seed = hex!("558b8966c48ae9cb898b423c83443aae014a72f1b1ab5cc85cf1d892903b5439");
let id = hex!("d08fabd4a2091ff0a8cb4ed834e74534");
let expected_k = hex!("32a58885cd9ba0431235466bff9651c6c92124404d45fa53cf161c28f1ad5a8e");

let lms_priv = SigningKey::<LmsSha256M32H10<LmsOtsSha256N32W4>>::new_from_seed(id, seed);
let lms_pub = lms_priv.public();
assert_eq!(lms_pub.k(), expected_k);
assert_eq!(lms_pub.id(), &id);
}

#[test]
fn test_pk_tree_kat2() {
let seed = hex!("a1c4696e2608035a886100d05cd99945eb3370731884a8235e2fb3d4d71f2547");
let id = hex!("215f83b7ccb9acbcd08db97b0d04dc2b");
let expected_k = hex!("a1cd035833e0e90059603f26e07ad2aad152338e7a5e5984bcd5f7bb4eba40b7");

let lms_priv = SigningKey::<LmsSha256M32H5<LmsOtsSha256N32W8>>::new_from_seed(id, seed);
let lms_pub = lms_priv.public();
assert_eq!(lms_pub.k(), expected_k);
assert_eq!(lms_pub.id(), &id);
}

#[test]
fn test_kat_2() {
let expected_signature = [
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you provide some information on the provenance of these KATs?

It appears to be RFC8554 Appendix F but I'm noticing test_pk_tree_kat1 appears to be "Test Case 2".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lms/src/lms/public.rs Outdated Show resolved Hide resolved
lms/src/lms/signature.rs Outdated Show resolved Hide resolved
lms/src/ots/error.rs Outdated Show resolved Hide resolved
@tjade273
Copy link
Contributor

@tarcieri do you have opinions on large in-file KAT buffers like this?

Debating whether we should

  1. Leave as-is
  2. Break large KATs out to a separate directory
  3. Just include a hash of the actual expected result and compare against that

There will be a couple more large KATs eventually once HSS is implemented, and if we want to support the larger merkle tree sizes then they will start getting really big.

@tarcieri
Copy link
Member

tarcieri commented Mar 5, 2024

@tjade273 we generally just check them in, but for very large ones omit them from the resulting .crate, e.g.:

https://github.com/RustCrypto/MACs/blob/43cc597/cmac/Cargo.toml#L14

.github/workflows/lms.yml Outdated Show resolved Hide resolved
@tarcieri
Copy link
Member

tarcieri commented Mar 5, 2024

utACK, let me know if you'd like to make any additional changes or otherwise we can get this merged

@incertia
Copy link
Contributor Author

incertia commented Mar 6, 2024

We can probably get this merged.

@tarcieri tarcieri merged commit 3e4e1aa into RustCrypto:master Mar 6, 2024
40 checks passed
@tarcieri tarcieri mentioned this pull request Mar 19, 2024
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants