Selenite
An experimental rust crate for Post-Quantum Code-Signing Certificates.
All Digital Signatures are Round Three NIST Post-Quantum Candidates which are listed here.
Please read the documentation for usage.
Overview
Digital Signatures:
- SPHINCS+
- FALCON512 and FALCON1024
- ED25519*
- BLS12_381*
*: Not Post-Quantum Cryptography
Example Usage
SPHINCS+ (SHAKE256)
Read SPHINCS+
SPHINCS+ is a Stateless Hash-Based Signature Scheme taking its cryptographic assumptions against Quantum Computers from cryptographic hash functions.
This Digital Signature implementation reaches a Security Level of 5, which is the most secure a signature can be, by using the hash function SHAKE256 and setting other security parameters. However, SPHINCS+ has slow verification time compared to other choices.
-
SPHINCS+ Version: sphincsshake256256srobust
-
Public Key Size: 64 bytes
-
Private Key Size: 128 bytes
-
Signature Size: 29,792 bytes
use *;
FALCON512/FALCON1024
Read FALCON
FALCON is a lattice-based signature scheme whos underlying problem is based upon the short integer solution problem (SIS) over NTRU lattices, for which no efficient solving algorithm is currently known in the general case, even with the help of quantum computers. Falcon512 is similar in classical security assumptions to the security of RSA2048.
-
Public Key Size: 897 bytes | 1793 bytes
-
Private Key Size: 1281 bytes | 2305 bytes
-
Signature Size: 660 bytes | 1280 bytes
use *;
ED25519
ED25519 is an elliptic-curve based digital signature by DJB that has small public keys, private keys, and signatures.
It is not post-quantum secure but has been included in this library.
-
Public Key Size: 32 bytes
-
Private Key Size: 32 bytes
-
Signature Size: 64 bytes
use *;
BLS12_381
BLS12_381 is a pairing friendly elliptic curve that allows aggregation of signatures. Aggregation of signatures allow you to combine multiple signatures into a single one. Selenite supports aggregation (although it is still in the works).
use *;
Serialization
You can Serialize keypairs to YAML using serde-yaml.
Randomness From CSPRNG
Selenite allows you to easily get secure randomness from your operating system.
use OsRandom;
Create SPHINCS+ Certificate
use SphincsKeypair;
use *;
To-Do
-
Add Dilithium, another round three candidate
-
Add better Serialization
-
Add Tests
-
Refactor Code
Resources
License
Licensed under either of
-
Apache License, Version 2.0
-
MIT license
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.