Expand description
§Pure Rust implementation of the FAEST digital signature scheme
FAEST is a digital signature algorithm designed to be secure against quantum computers. The security of FAEST is based on standard cryptographic hashes and ciphers, specifically SHA3 and AES, which are believed to remain secure against quantum adversaries.
This crate provides an implementation of FAEST written in Rust.
§Security Notes
This crate has received no security audit. Use at your own risk.
§License
This crate is licensed under Apache-2.0 or the MIT license. Some parts of src/rijndael_32.rs are
based on the bitspliced implementation of AES from the aes crate
which is licensed under Apache License version 2.0 or
the MIT license.
§Acknowledgments
This work has received funding from the Austrian security research programme of the Federal Ministry of Finance (BMF) as part of the project PREPARED and from the DIGITAL-2021-QCI-01 Digital European Program under Project number No 101091642 (QCI-CAT) and the National Foundation for Research, Technology and Development.
§Usage
The crate implements the traits defined by the signature crate. The crate itself together with the Signer and Verifier trait are re-exported for convinience. The following examples are based on FAEST-128f. They work exactly the same for the other variants by replacing the types of the signing key and the signature.
Key generation, signing and verification can be implemented as follows:
use faest::{FAEST128fSigningKey, FAEST128fSignature}
use faest::{signature::{Signer, Verifier, Keypair}, KeypairGenerator};
let sk = FAEST128fSigningKey::generate(rand::thread_rng());
let msg = "some message".as_bytes();
let signature: FAEST128fSignature = sk.sign(msg);
let verification_key = sk.verifying_key();
verification_key.verify(msg, &signature).expect("Verification failed");Due to the size of the signatures, all variants support signing into boxed signatures:
use faest::{FAEST128fSigningKey, FAEST128fSignature}
use faest::{signature::{Signer, Verifier, Keypair}, KeypairGenerator};
let sk = FAEST128fSigningKey::generate(rand::thread_rng());
let msg = "some message".as_bytes();
let signature: Box<FAEST128fSignature> = sk.sign(msg);
let verification_key = sk.verifying_key();
verification_key.verify(msg, &signature).expect("Verification failed");The signature generation is determinstic per default. If the
randomized-signer feature is enabled, the signature::RandomizedSigner
trait is also implemented which allows the caller to specify an RNG to
provide additional randomness:
use faest::{FAEST128fSigningKey, FAEST128fSignature};
use faest::{signature::{RandomizedSigner, Verifier, Keypair}, KeypairGenerator};
let mut rng = rand::thread_rng();
let sk = FAEST128fSigningKey::generate(&mut rng);
let msg = "some message".as_bytes();
let signature: FAEST128fSignature = sk.sign_with_rng(&mut rng, msg);
let verification_key = sk.verifying_key();
verification_key.verify(msg, &signature).expect("Verification failed");Re-exports§
pub use signature;
Structs§
- Error
- Signature errors.
- FAES
T128f Signature - Signature for FAEST128f
- FAES
T128f Signing Key - Signing key for FAEST128f
- FAES
T128f Verification Key - Verification key for FAEST128f
- FAES
T128s Signature - Signature for FAEST128s
- FAES
T128s Signing Key - Signing key for FAEST128s
- FAES
T128s Verification Key - Verification key for FAEST128s
- FAES
T192f Signature - Signature for FAEST192f
- FAES
T192f Signing Key - Signing key for FAEST192f
- FAES
T192f Verification Key - Verification key for FAEST192f
- FAES
T192s Signature - Signature for FAEST192s
- FAES
T192s Signing Key - Signing key for FAEST192s
- FAES
T192s Verification Key - Verification key for FAEST192s
- FAES
T256f Signature - Signature for FAEST256f
- FAES
T256f Signing Key - Signing key for FAEST256f
- FAES
T256f Verification Key - Verification key for FAEST256f
- FAES
T256s Signature - Signature for FAEST256s
- FAES
T256s Signing Key - Signing key for FAEST256s
- FAES
T256s Verification Key - Verification key for FAEST256s
- FAESTE
M128f Signature - Signature for FAESTEM128f
- FAESTE
M128f Signing Key - Signing key for FAESTEM128f
- FAESTE
M128f Verification Key - Verification key for FAESTEM128f
- FAESTE
M128s Signature - Signature for FAESTEM128s
- FAESTE
M128s Signing Key - Signing key for FAESTEM128s
- FAESTE
M128s Verification Key - Verification key for FAESTEM128s
- FAESTE
M192f Signature - Signature for FAESTEM192f
- FAESTE
M192f Signing Key - Signing key for FAESTEM192f
- FAESTE
M192f Verification Key - Verification key for FAESTEM192f
- FAESTE
M192s Signature - Signature for FAESTEM192s
- FAESTE
M192s Signing Key - Signing key for FAESTEM192s
- FAESTE
M192s Verification Key - Verification key for FAESTEM192s
- FAESTE
M256f Signature - Signature for FAESTEM256f
- FAESTE
M256f Signing Key - Signing key for FAESTEM256f
- FAESTE
M256f Verification Key - Verification key for FAESTEM256f
- FAESTE
M256s Signature - Signature for FAESTEM256s
- FAESTE
M256s Signing Key - Signing key for FAESTEM256s
- FAESTE
M256s Verification Key - Verification key for FAESTEM256s
- Signature
Ref - Workaround to verify signatures available as slice
Traits§
- Byte
Encoding - Byte-based encoding of signing and verification keys
- Keypair
- Signing keypair with an associated verifying key.
- Keypair
Generator - Generate a key pair from a cryptographically secure RNG
- Randomized
Signer - Sign the given message using the provided external randomness source.
- Signer
- Sign the provided message bytestring using
Self(e.g. a cryptographic key or connection to an HSM), returning a digital signature. - Verifier
- Verify the provided message bytestring using
Self(e.g. a public key)