Support "External Mu" ML-DSA #423
Conversation
WillChilds-Klein
force-pushed
the
mldsa-ext-mu
branch
4 times, most recently
from
1c05fbf to
a50657b
Compare
| @@ -231,6 +231,7 @@ private void addSignatures() { | |||
|
|
|||
| if (shouldRegisterMLDSA) { | |||
| addService("Signature", "ML-DSA", "EvpSignatureRaw$MLDSA"); | |||
| addService("Signature", "ML-DSA-Ext-Mu", "EvpSignatureRaw$MLDSAExtMu"); | |||
There was a problem hiding this comment.
There's currently no JCA-standard name for this (yet?), so we have some latitude in choosing the algorithm name. I'm not sold on ML-DSA-Ext-Mu, open to suggestions from reviewers.
There was a problem hiding this comment.
In draft-ietf-lamps-dilithium-certificates we use ExternalMu-ML-DSA. In ACVP ML-DSA JSON Specification it is just referred to as externalmu.
Notably, theres no hyphen between external and mu in both.
We chose ExternalMu-ML-DSA in the IETF to hint at consistency with NISTs notion of prefixing the mode name distinction: i.e.,HashML-DSA.
As such ML-DSA-ExtMu, ML-DSA-ExternalMu are good options. If you like ML-DSA-Ext-Mu, ML-DSA-External-Mu with the extra hyphen, that's also fine!
WillChilds-Klein
changed the title
WillChilds-Klein
force-pushed
the
mldsa-ext-mu
branch
from
a50657b to
e126cbf
Compare
| import java.security.PublicKey; | ||
|
|
||
| /** Public utility methods */ | ||
| public class PublicUtils { |
There was a problem hiding this comment.
Is the intent here to begin developing/exposing ACCP exclusive utility classes? The only use is within test code. Is there an intended customer for this interface (let's continue this convo off of Github)? I am a little concerned about how specific this is to ML-DSA and how we might pigeon-hole ourselves with this class/package hierarchy if we decide to add a lot more utility functions in the future. The potential for a 1000+ line monster class is here.
There was a problem hiding this comment.
There has been some interest from internal teams to use this in testing, but we can hold off on exposing it until there's a clearly articulated need. I've moved the mu helper function to TestUtil.
WillChilds-Klein
force-pushed
the
mldsa-ext-mu
branch
from
41c123a to
99ca3bc
Compare
Issue #, if available: i/ACCP-128
Description of changes:
Overview
This PR adds support for the External Mu variant of ML-DSA described in AWS-LC PR 2113. To facilitate calculation of mu in testing and for consumers, we expose a
computeMLDSAMuhelper function in a newPublicUtilsclass. Notably, External Mu ML-DSA is interoperable with Pure ML-DSA across signing and verification, as shown in tests.Interoperability
We expose External Mu as a distinct
Signatureservice to preserve forwards-compatibility with other providers' potential future implementations. Conventionally, this "prehash" mode would be configured with a call tosetParameter, passing anAlgorithmParameterSpecimplementation as in EdDSA. Because no other providers have yet created anAlgorithmParameterSpecimplementation that is aware of External Mu, this approach would have required us to expose an ACCP-specificAlgorithmParameterSpecthat callers would need to use, hampering interoperability.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.