falcon-rust 0.1.3

A rust implementation of the Falcon post-quantum digital signature scheme.

Coverage
5.56%
1 out of 18 items documented1 out of 7 items with examples
Size
Source code size: 455.76 kB This is the summed size of all the files inside the crates.io package for this release.
Documentation size: 2.04 MB This is the summed size of all files generated by rustdoc for all configured targets
Ø build duration
this release: 12s Average build duration of successful builds.
all releases: 24s Average build duration of successful builds in releases after 2024-10-23.
Links
Homepage
aszepieniec/falcon-rust
28 7 3
crates.io
Dependencies
Versions
Owners

Falcon-Rust

GitHub License GitHub Actions Workflow Status Crates.io Version docs.rs Crates.io Downloads (latest version) Deps.rs Crate Dependencies (latest) Crates.io Dependents

Unofficial rust implementation of the Falcon post-quantum digital signature scheme.

Falcon was submitted to the NIST PQC standardization project and was selected for standardization. The final standard is still outstanding. We do anticipate slight changes between the standard and the submission, and these changes might break compatibility.

Falcon comes in two variants. Falcon512 claims at least 108 bits of security, and Falcon1024 claims at least 252 bits of security, both against quantum computers.

This implementation adheres to the specification. It was originally written following the the official python implementation, but has since deviated.

Example

use rand::rng;
use rand::RngExt;
use falcon_rust::falcon512;

let mut rng = rng();
let mut msg : [u8; 5] = rng.random();
let (sk, pk) = falcon512::keygen(rng.random());
let sig = falcon512::sign(&msg, &sk);
assert!(falcon512::verify(&msg, &sig, &pk));

Performance

If you are after performance, you are probably better off with one of the implementations by the inventors, either the foreign function interface (FFI) into the optimized C code (pqcrypto-falcon), or the optimized rust crate (fn-dsa). The following benchmark was produced by my Intel(R) Core(TM) Ultra 9 275HX (which supports AVX2). You can make your own by running cargo bench.

	Keygen	Sign	Verify
falcon-rust 512	27.968 ms	253.19 µs	13.605 µs
falcon-rust 1024	71.982 ms	509.57 µs	28.004 µs
C FFI 512	3.5610 ms	118.27 µs	22.636 µs
C FFI 1024	10.725 ms	235.69 µs	44.329 µs
FN DSA 512	1.7758 ms	133.08 µs	8.1014 µs
FN DSA 1024	8.3540 ms	253.82 µs	16.871 µs

Features

key generation
signature generation
signature verification
derandomized algorithms
(de)serialization
Montgomery representation
better algorithms (e.g. RNS)
uncompressed signature format
signed-message interface
hardware optimizations
message-recovery mode
constant-time (?)

To-do's

NIST KATs
make LdlTree straightforward
optimize representation of secret key, signature, public key
test interoperability against the reference implementation
negative tests
profile, and fix bottlenecks
Residue number system (RNS) for big integer arithmetic
streaming (de)serialization
investigate secret-dependent time variability

Contributing

Contributions are welcome! If accepted, contributions will be released under the same license.