Skip to main content

Crate falcon_multisig

Crate falcon_multisig 

Source
Expand description

§falcon-multisig

Production-grade post-quantum threshold multisignature library based on Falcon-512 (NIST FIPS 206 / FN-DSA).

§Overview

This library provides M-of-N threshold signature schemes built entirely on Falcon-512, the lattice-based signature algorithm standardised by NIST. It is designed to be:

  • Chain-agnostic — no dependency on any specific blockchain runtime or VM.
  • Production-ready — extracted from and validated against a live PQC blockchain (QuantaChain) running Falcon-512 at the consensus layer.
  • WASM-compatible — uses falcon-rust (pure Rust, no C FFI) throughout.
  • Misuse-resistant — domain separation on all signed data; secret keys are zeroized on drop.

§Threat Model

The cryptographic security reduces to the hardness of the NTRU problem and the Short Integer Solution (SIS) problem over NTRU lattices — both believed to be quantum-resistant under current knowledge. No classical or known quantum algorithm breaks Falcon-512 with fewer than 2^128 operations.

§Quick Start

use falcon_multisig::{KeyPair, ThresholdConfig, SigningSession};

// Generate a 2-of-3 committee
let keypairs: Vec<KeyPair> = (0..3).map(|_| KeyPair::generate()).collect();
let public_keys: Vec<_> = keypairs.iter().map(|kp| kp.public_key().clone()).collect();

let config = ThresholdConfig::new(2, public_keys).unwrap();

// Each signer produces a partial signature
let message = b"transfer:alice:bob:1000";
let mut session = SigningSession::new(&config, message);

session.add_signature(0, keypairs[0].sign(message)).unwrap();
session.add_signature(1, keypairs[1].sign(message)).unwrap();

// Verify the complete threshold signature
assert!(session.verify().unwrap());

§Feature Flags

FeatureDefaultDescription
stdyesEnables std-dependent APIs and error formatting
serdeyesEnables JSON serialization of all public types

§Security Notes

  • Never reuse a KeyPair across incompatible domain contexts — always pass the full message payload to KeyPair::sign, not a pre-hashed digest.
  • Domain separation (FALCON_MULTISIG_V1:) is prepended internally before signing.
  • All secret key bytes are zeroized when a KeyPair is dropped.

Re-exports§

pub use address::MultisigAddress;
pub use error::Error;
pub use keypair::KeyPair;
pub use session::SigningSession;
pub use threshold::ThresholdConfig;
pub use verify::verify_partial;

Modules§

address
Address derivation for single keys and M-of-N committees.
error
Error types for the falcon-multisig library.
keypair
Falcon-512 keypair — signing and public key management.
session
Signing session — stateful collection and verification of threshold signatures.
threshold
Threshold configuration for an M-of-N Falcon-512 committee.
verify
Core verification primitive for Falcon-512 signatures.

Constants§

DOMAIN_TAG
The domain separation tag prepended to every message before signing.
PUBLIC_KEY_BYTES
Byte length of a Falcon-512 public key.
SIGNATURE_MAX_BYTES
Maximum byte length of a raw Falcon-512 signature.
SIGNATURE_MIN_BYTES
Minimum byte length of a valid raw Falcon-512 signature.