Module fips204::ml_dsa_87

Functionality for the ML-DSA-87 security parameter set. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The ML-DSA-87 parameter set is claimed to be in security strength category 5.

1) The basic usage is for an originator to start with the ml_dsa_44::try_keygen function below to generate both ml_dsa_44::PublicKey and ml_dsa_44::PrivateKey structs. The resulting ml_dsa_44::PrivateKey struct implements the traits::Signer trait which supplies a variety of functions to sign byte-array messages, such as traits::Signer::try_sign().

2) Both of the PrivateKey and PublicKey structs implement the traits::SerDes trait The originator utilizes the traits::SerDes::into_bytes() functions to serialize the structs into byte-arrays for storage and/or transmission, similar to the message. Upon retrieval and/or receipt, the remote party utilizes the traits::SerDes::try_from_bytes() functions to deserialize the byte-arrays into structs.

3) Finally, the remote party uses the traits::Verifier::verify() function implemented on the ml_dsa_44::PublicKey struct to verify the message with the Signature byte array.

See the top-level crate documentation for example code that implements the above flow.

Structs

• KG
  Empty struct to enable KeyGen trait objects across security parameter sets.
  Implements the crate::traits::KeyGen trait.

Constants

• PK_LEN
  Public key length in bytes.
• SIG_LEN
  Signature length in bytes.
• SK_LEN
  Private (secret) key length in bytes.

Functions

• try_keygen
  Generates a public and private key pair specific to this security parameter set. This function utilizes the OS default random number generator. This function operates in constant-time relative to secret data (which specifically excludes the OS random number generator internals, the rho value stored in the public key, and the hash-derived rho_prime value that is rejection-sampled/expanded into the internal s_1 and s_2 values).
• try_keygen_with_rng
  Generates a public and private key pair specific to this security parameter set. This function utilizes the provided random number generator. This function operates in constant-time relative to secret data (which specifically excludes the provided random number generator internals, the rho value stored in the public key, and the hash-derived rho_prime value that is rejection-sampled/expanded into the internal s_1 and s_2 values).

Type Aliases

• ExpandedPrivateKey
  Expanded private key, specific to the target security parameter set, that contains
  precomputed elements which increase (repeated) signature performance. Implements only the crate::traits::Signer trait. Derived from the PrivateKey.
• ExpandedPublicKey
  Expanded public key, specific to the target security parameter set, that contains
  precomputed elements which increase (repeated) verification performance. Implements only the crate::traits::Verifier traits. Derived from the PublicKey.
• PrivateKey
  Correctly sized private key specific to the target security parameter set.
  Implements the crate::traits::Signer and crate::traits::SerDes traits.
• PublicKey
  Correctly sized public key specific to the target security parameter set.
  Implements the crate::traits::Verifier and crate::traits::SerDes traits.