Skip to main content

Crate falcon

Crate falcon 

Source
Expand description

§falcon — FN-DSA (FIPS 206) Post-Quantum Digital Signatures

Native Rust implementation of FN-DSA (FFT over NTRU-Lattice-Based Digital Signature Algorithm), the NIST FIPS 206 standard formerly known as Falcon. Ported from the C reference by Thomas Pornin.

§Quick start — Pure FN-DSA

use falcon::prelude::*;

// Generate an FN-DSA-512 key pair
let kp = FnDsaKeyPair::generate(9).unwrap();

// Sign with no context (ph_flag = 0x00)
let sig = kp.sign(b"Hello, post-quantum world!", &DomainSeparation::None).unwrap();

// Verify
FnDsaSignature::verify(sig.to_bytes(), kp.public_key(),
    b"Hello, post-quantum world!", &DomainSeparation::None).unwrap();

§HashFN-DSA — pre-hash large messages

use falcon::prelude::*;

let kp = FnDsaKeyPair::generate(9).unwrap();

// ph_flag = 0x01: message is SHA-256 hashed before signing
let domain = DomainSeparation::Prehashed {
    alg: PreHashAlgorithm::Sha256,
    context: b"my-protocol-v1",   // optional, max 255 bytes
};
let sig = kp.sign(b"large document ...", &domain).unwrap();
FnDsaSignature::verify(sig.to_bytes(), kp.public_key(),
    b"large document ...", &domain).unwrap();

§Key serialization

let kp = FnDsaKeyPair::generate(9).unwrap();

let private_key = kp.private_key().to_vec();  // 1281 bytes (FN-DSA-512)
let public_key  = kp.public_key().to_vec();   // 897 bytes

// Import from both keys or from private key only
let restored = FnDsaKeyPair::from_keys(&private_key, &public_key).unwrap();
let restored2 = FnDsaKeyPair::from_private_key(&private_key).unwrap();
assert_eq!(public_key, restored2.public_key());

§Security levels

lognVariantNIST LevelPrivate KeyPublic KeySignature
9FN-DSA-512I1281 B897 B666 B
10FN-DSA-1024V2305 B1793 B1280 B

§Modules

ModuleDescription
preludeRe-exports all core public types — use falcon::prelude::*
safe_apiHigh-level SDK: keygen, sign, verify, serialization
falconLow-level C-equivalent API (streamed signing, expanded keys)
codec, shake, rng, …Internal ports of the C reference

§Features

FeatureDefaultDescription
stdOS-level entropy via /dev/urandom
(no std)no_std / WASM — use generate_deterministic
serdeSerialize/Deserialize for all public types

Re-exports§

pub use safe_api::DomainSeparation;
pub use safe_api::FalconError;
pub use safe_api::FalconKeyPair;
pub use safe_api::FalconSignature;
pub use safe_api::FnDsaExpandedKey;
pub use safe_api::FnDsaKeyPair;
pub use safe_api::FnDsaSignature;
pub use safe_api::PreHashAlgorithm;

Modules§

codec
Encoding/decoding for Falcon keys and signatures. Ported from codec.c.
common
Common utilities for Falcon. Ported from common.c.
falcon
High-level Falcon API. Ported from falcon.c.
fft
FFT operations for Falcon. Ported from fft.c (non-AVX2 path).
fpr
Floating-point representation for Falcon (FPNATIVE mode).
keygen
Falcon key pair generation. Ported from keygen.c.
prelude
Prelude — import the entire public API with use falcon::prelude::*.
rng
PRNG for Falcon (ChaCha20-based). Ported from rng.c + inline helpers from inner.h.
safe_api
High-level safe Rust SDK for FN-DSA (FIPS 206) post-quantum digital signatures.
shake
SHAKE256 implementation (Keccak-f[1600]).
sign
Signature generation for Falcon. Ported from sign.c (non-AVX2 paths).
vrfy
Signature verification for Falcon. Ported from vrfy.c.