Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sign: Adding SLH-DSA signature #512

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

sign: Adding SLH-DSA signature #512

wants to merge 14 commits into from

Conversation

armfazh
Copy link
Contributor

@armfazh armfazh commented Sep 11, 2024
edited
Loading

This implementation supports the twelve parameter sets approved at FIPS 205

Test vectors match the ones at ACVP-Server version 1.1.0.38. These test vectors target both internal and external functions.

Pure and Prehash-based signatures are supported.

Implementation makes a good effort to avoid heap allocations that usually add a significant overhead.

@armfazh armfazh self-assigned this Sep 11, 2024
@armfazh
Copy link
Contributor Author

armfazh commented Sep 11, 2024

there is a timeout happening on the ARM build because tests are running in parallel, but it doesn't seems to be related to a failure in the code.

rozbb
rozbb reviewed Sep 23, 2024
View reviewed changes
Copy link

@rozbb rozbb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Almost all my comments are nitpicky bc I didn't have anything else to talk about :)

sign/slhdsa/wotsp.go Outdated Show resolved Hide resolved
sign/slhdsa/wotsp.go Show resolved Hide resolved
sign/slhdsa/wotsp.go Show resolved Hide resolved
sign/slhdsa/wotsp.go Outdated Show resolved Hide resolved
sign/slhdsa/wotsp.go Show resolved Hide resolved
sign/slhdsa/wotsp_test.go Show resolved Hide resolved
sign/slhdsa/xmss.go
}

// See FIPS 205 -- Section 6.1 -- Algorithm 9 -- Iterative version.
func (s *statePriv) xmssNodeIter(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar thing. I had trouble following along with this algorithm, since it differs so much from the paper. Also why is i a parameter at all if it's not a recursive algorithm?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Internally, the index of each node is used as part of the hash parameters. So, i denotes the first index of a sub-tree.

sign/slhdsa/xmss.go Show resolved Hide resolved
sign/slhdsa/internal.go Outdated
defer s.Clear()

s.forsSign(sig.forsSig, md, addr)
pkFors := s.forsPkFromSig(md, sig.forsSig, addr)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to compute pkFors as a side effect of forsSign? Can save a few hashes if so. Similarly might be able to do this in the htSign function

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried to coalesce these functions, but didn't found any savings on the number of hashes.

@armfazh armfazh force-pushed the adding_slhdsa branch 3 times, most recently from 12020e3 to 32046e4 Compare October 10, 2024 10:07
@armfazh
Copy link
Contributor Author

armfazh commented Nov 13, 2024

ACVP test vectors updated to v1.1.0.37

bwesterb
bwesterb reviewed Dec 9, 2024
View reviewed changes
sign/schemes/schemes.go Outdated Show resolved Hide resolved
bwesterb
bwesterb reviewed Dec 9, 2024
View reviewed changes
sign/slhdsa/address.go
addressSizeNonCompressed = 32
)

type address struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be more efficient with respect to allocations to use [32]byte as address type.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried that but didn't see any postive effect on allocs.

bwesterb
bwesterb reviewed Dec 9, 2024
View reviewed changes
sign/slhdsa/hypertree.go Outdated Show resolved Hide resolved
bwesterb
bwesterb reviewed Dec 9, 2024
View reviewed changes
sign/slhdsa/message.go Outdated Show resolved Hide resolved
@bwesterb bwesterb self-requested a review December 9, 2024 13:29
@armfazh armfazh mentioned this pull request Feb 2, 2025
Open
@armfazh armfazh added new feature New functionality or module and removed on-hold labels Feb 2, 2025
@armfazh armfazh requested a review from bwesterb February 2, 2025 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rozbb rozbb rozbb left review comments

@cjpatton cjpatton Awaiting requested review from cjpatton

@lukevalenta lukevalenta Awaiting requested review from lukevalenta

@bwesterb bwesterb Awaiting requested review from bwesterb

Assignees

@armfazh armfazh

Labels
new feature New functionality or module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@armfazh @bwesterb @rozbb