Expand description
§IntegrityChain: FIPS 205 Stateless Hash-Based Digital Signature Standard
FIPS 205 Stateless Hash-Based Digital Signature Standard written in pure Rust for server, desktop, browser and embedded applications. The source repository includes examples demonstrating benchmarking, constant-time statistical measurements, and WASM execution.
This crate implements the FIPS 205 final/released standard in pure Rust with minimal and mainstream dependencies,
and without any unsafe code. All twelve (!!) security parameter sets are fully functional. The implementation’s
key- and signature-generation functionality operates in constant-time, does not require the standard library, e.g.
#[no_std]
, has no heap allocations, e.g. no alloc
needed, and exposes the RNG
so it is suitable for the full
range of applications from server down to the bare-metal. The API is stabilized and the code is heavily biased
towards safety and correctness; further performance optimizations will be implemented as the standard matures.
This crate will quickly follow any changes to FIPS 204 standard/vectors as they become available.
See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf for a full description of the target functionality.
The functionality is extremely simple to use, as demonstrated by the following example.
use fips205::slh_dsa_shake_128s; // Could use any of the twelve security parameter sets.
use fips205::traits::{SerDes, Signer, Verifier};
let msg_bytes = [0u8, 1, 2, 3, 4, 5, 6, 7];
// Generate both public and secret keys. This only fails when the OS rng fails.
let (pk1, sk) = slh_dsa_shake_128s::try_keygen()?;
// Use the secret key to generate a signature. The second parameter is the
// context string (often just an empty &[]), and the last parameter selects
// the preferred hedged variant. This only fails when the OS rng fails.
let sig_bytes = sk.try_sign(&msg_bytes, b"context", true)?;
// Serialize the public key, and send with message and signature bytes. These
// statements model sending byte arrays over the wire.
let (pk_send, msg_send, sig_send) = (pk1.into_bytes(), msg_bytes, sig_bytes);
let (pk_recv, msg_recv, sig_recv) = (pk_send, msg_send, sig_send);
// Deserialize the public key. This only fails on a malformed key.
let pk2 = slh_dsa_shake_128s::PublicKey::try_from_bytes(&pk_recv)?;
// Use the public key to verify the msg signature
let v = pk2.verify(&msg_recv, &sig_recv, b"context");
assert!(v);
The detailed Rust Documentation lives under each Module corresponding to the desired security parameter below.
§Notes
- This crate is fully functional and corresponds to the final/released FIPS 205 (August 13, 2024), including the pre-hash variants which formalize methods for signing a hash of the message instead of the message itself (along with metadata about the hasher used).
- Constant-time assurances target the source-code level only, with confirmation via
manual review/inspection, the embedded target, and the
dudect
dynamic tests. - Note that FIPS 205 places specific requirements on randomness per section 3.1, hence the exposed
RNG
. - Requires Rust 1.70 or higher. The minimum supported Rust version may be changed in the future, but it will be done with a minor version bump (when the major version is larger than 0).
- All on-by-default features of this library are covered by
SemVer
. - The FIPS 205 standard and this software should be considered experimental – USE AT YOUR OWN RISK!
§License
Contents are licensed under either the Apache License, Version 2.0 or MIT license at your option.
§Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Modules§
- Functionality for the SLH-DSA-SHA2-128f security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-128f parameter set is claimed to be in security strength category 1.
- Functionality for the SLH-DSA-SHA2-128s security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-128s parameter set is claimed to be in security strength category 1.
- Functionality for the SLH-DSA-SHA2-192f security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-192f parameter set is claimed to be in security strength category 3.
- Functionality for the SLH-DSA-SHA2-192s security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-192s parameter set is claimed to be in security strength category 3.
- Functionality for the SLH-DSA-SHA2-256f security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-256f parameter set is claimed to be in security strength category 5.
- Functionality for the SLH-DSA-SHA2-256s security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHA2-256s parameter set is claimed to be in security strength category 5.
- Functionality for the SLH-DSA-SHAKE-128f security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-128f parameter set is claimed to be in security strength category 1.
- Functionality for the SLH-DSA-SHAKE-128s security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-128s parameter set is claimed to be in security strength category 1.
- Functionality for the SLH-DSA-SHAKE-192f security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-192f parameter set is claimed to be in security strength category 3.
- Functionality for the SLH-DSA-SHAKE-192s security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-192s parameter set is claimed to be in security strength category 3.
- Functionality for the SLH-DSA-SHAKE-256f security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE-256f parameter set is claimed to be in security strength category 5.
- Functionality for the SLH-DSA-SHAKE-256s security parameter set per FIPS 205 section 11. This includes specific sizes for the public key, secret key, and signature along with a number of internal constants. The SLH-DSA-SHAKE_256s parameter set is claimed to be in security strength category 5.
- All functionality is covered by traits, such that consumers can utilize trait objects as desired.
Enums§
- Supported hash functions for
hash_sign()
andhash_verify()
functions