Crate fn_dsa_kgen

FN-DSA key pair generation

This crate implements key pair generation for FN-DSA. The process uses some temporary buffers which are held in an instance that follows the trait KeyPairGenerator, on which the keygen() method can be called. A cryptographically secure random source (e.g. OsRng) must be provided as parameter; the generator will extract an initial seed from it, then work deterministically from that seed. The output is a signing (private) key and a verifying (public) key, both encoded as a sequence of bytes with a given fixed length.

FN-DSA is parameterized by a degree, which is a power of two. Standard versions use degree 512 (“level I security”) or 1024 (“level V security”); smaller degrees are deemed too weak for production use and meant only for research and testing. The degree is provided logarithmically as the logn parameter, such that the degree is n = 2^logn (thus, degrees 512 and 1024 correspond to logn values 9 and 10, respectively).

Each KeyPairGenerator instance supports only a specific range of degrees:

• KeyPairGeneratorStandard: degrees 512 and 1024 only
• KeyPairGenerator512: degree 512 only
• KeyPairGenerator1024: degree 1024 only
• KeyPairGeneratorWeak: degrees 4 to 256 only

Given logn, the sign_key_size() and vrfy_key_size() constant functions yield the sizes of the signing and verifying keys (in bytes).

WARNING

The FN-DSA standard is currently being drafted, but no version has been published yet. When published, it may differ from the exact scheme implemented in this crate, in particular with regard to key encodings, message pre-hashing, and domain separation. Key pairs generated with this crate MAY fail to be interoperable with the final FN-DSA standard. This implementation is expected to be adjusted to the FN-DSA standard when published (before the 1.0 version release).

Example usage

use rand_core::OsRng;
use fn_dsa_kgen::{
    sign_key_size, vrfy_key_size, FN_DSA_LOGN_512,
    KeyPairGenerator, KeyPairGeneratorStandard,
};
 
let mut kg = KeyPairGeneratorStandard::default();
let mut sign_key = [0u8; sign_key_size(FN_DSA_LOGN_512)];
let mut vrfy_key = [0u8; vrfy_key_size(FN_DSA_LOGN_512)];
kg.keygen(FN_DSA_LOGN_512, &mut OsRng, &mut sign_key, &mut vrfy_key);

Structs

• KeyPairGenerator512
  Key pair generator for degrees (logn) 9 to 9 only.
• KeyPairGenerator1024
  Key pair generator for degrees (logn) 10 to 10 only.
• KeyPairGeneratorStandard
  Key pair generator for degrees (logn) 9 to 10 only.
• KeyPairGeneratorWeak
  Key pair generator for degrees (logn) 2 to 8 only.
• RngError
  Error type of random number generators

Constants

• FN_DSA_LOGN_512
  Symbolic constant for FN-DSA with degree 512 (logn = 9).
• FN_DSA_LOGN_1024
  Symbolic constant for FN-DSA with degree 1024 (logn = 10).

Traits

• CryptoRng
  A marker trait used to indicate that an RngCore or BlockRngCore implementation is supposed to be cryptographically secure.
• KeyPairGenerator
  Key pair generator and temporary buffers.
• RngCore
  The core of a random number generator.

Functions

• sign_key_size
  Get the size (in bytes) of a signing key for the provided degree (degree is n = 2^logn, with 2 <= logn <= 10).
• vrfy_key_size
  Get the size (in bytes) of a verifying key for the provided degree (degree is n = 2^logn, with 2 <= logn <= 10).