# Hash-based signatures
A Rust implementation of hash-based signatures.
***Disclaimer:** This repository is a toy project to play around with Rust and cryptographic primitives.
It implements some ideas of Chapter 14 of ["A Graduate Course in
Applied Cryptography"](http://toc.cryptobook.us/) by Dan Boneh and Victor Shoup.*
Hash-based signatures - unlike signature schemes based on RSA or ECC - do not rely on number-theoretic assumptions that are known to be broken by Quantum computers.
Stateless many-time signature schemes can be built in a three-step process:
1. A one-time signature scheme can be built purely from hash functions.
2. From there, we build an indexed signature scheme.
Using a Merkle tree, the otherwise very large public key can be reduced to a single hash
(at the expense of a larger signature).
3. Finally, Merkle signatures build a tree of indexed signature schemes.
## Command line tool
[Install Rust](https://www.rust-lang.org/tools/install) and run:
```
$ cargo install hash-based-signatures
```
This gives you a command-line tool that lets you generate keys, sign files, and validate signatures:
<img src="assets/demo.gif" />
To get started with signature verification, check out [the example](./example)!
To sign files, run:
```bash
$ cargo run -- key-gen
```
This will create a `.private_key.json` in your working directory and print the corresponding public key.
Keep it private!
To sign a file, make sure that you have a `.private_key.json` in your working directory and run:
```bash
$ cargo run -- sign example/readme.md
```
## Web app
Last but not least, signatures can also be verified using a web app, based on a Web Assembly compilation of the code:
https://georgwiese.github.io/hash-based-signatures/