Expand description
High-level safe Rust SDK for FN-DSA (FIPS 206) post-quantum digital signatures.
FN-DSA (FFT over NTRU-Lattice-Based Digital Signature Algorithm) is the NIST standardization of the Falcon signature scheme as FIPS 206.
§Quick Start
use falcon::safe_api::{FnDsaKeyPair, FnDsaSignature, DomainSeparation};
let kp = FnDsaKeyPair::generate(9).unwrap();
let sig = kp.sign(b"Hello, post-quantum world!", &DomainSeparation::None).unwrap();
FnDsaSignature::verify(sig.to_bytes(), kp.public_key(), b"Hello, post-quantum world!", &DomainSeparation::None).unwrap();§Domain Separation (FIPS 206 §6)
FIPS 206 defines two signing modes:
-
FN-DSA (
ph_flag = 0x00) — pure signing; the raw message is hashed inside the algorithm. UseDomainSeparation::NoneorDomainSeparation::Contextfor optional domain binding. -
HashFN-DSA (
ph_flag = 0x01) — hash-and-sign; the message is pre-hashed with SHA-256 or SHA-512 before signing. UseDomainSeparation::Prehashedwith aPreHashAlgorithmselector.
let kp = FnDsaKeyPair::generate(9).unwrap();
// Pure FN-DSA with an application context string
let ctx = DomainSeparation::Context(b"my-protocol-v1");
let sig = kp.sign(b"msg", &ctx).unwrap();
FnDsaSignature::verify(sig.to_bytes(), kp.public_key(), b"msg", &ctx).unwrap();
// HashFN-DSA (pre-hash with SHA-256)
let ph = DomainSeparation::Prehashed { alg: PreHashAlgorithm::Sha256, context: b"" };
let sig2 = kp.sign(b"msg", &ph).unwrap();
FnDsaSignature::verify(sig2.to_bytes(), kp.public_key(), b"msg", &ph).unwrap();§Security Levels
| logn | Variant | NIST Level | Private Key | Public Key | Signature |
|---|---|---|---|---|---|
| 9 | FN-DSA-512 | I | 1281 B | 897 B | 666 B |
| 10 | FN-DSA-1024 | V | 2305 B | 1793 B | 1280 B |
Structs§
- FnDsa
Expanded Key - A precomputed Falcon signing tree for fast repeated signing.
- FnDsa
KeyPair - An FN-DSA key pair (private key + public key).
- FnDsa
Signature - An FN-DSA / HashFN-DSA digital signature.
Enums§
- Domain
Separation - Domain separation context for FN-DSA / HashFN-DSA (FIPS 206 §6).
- Falcon
Error - Errors returned by the FN-DSA API.
- PreHash
Algorithm - Pre-hash algorithm selector for
HashFN-DSA(FIPS 206 §6.2).
Type Aliases§
- Falcon
KeyPair - Type alias for backward compatibility.
- Falcon
Signature - Type alias for backward compatibility.