Crate kes_summed_ed25519
source ·Expand description
A key evolving signatures implementation based on “Composition and Efficiency Tradeoffs for Forward-Secure Digital Signatures” by Tal Malkin, Daniele Micciancio and Sara Miner https://eprint.iacr.org/2001/034
Specfically we do the binary sum composition directly as in the paper, and then use that in a nested/recursive fashion to construct up to a 7-level deep binary tree version.
We provide two different implementations in this crate, to provide compatibility
with Cardano’s different eras. The first, SumKes
, is a trivial construction,
while the second, SumCompactKes
, is a version with a more compact signature.
Consider the following Merkle tree:
(A)
/ \
(B) (C)
/ \ / \
(D) (E) (F) (G)
^
0 1 2 3
The caret points at leaf node E, indicating that the current period is 1. The signatures for leaf nodes D through G all contain their respective DSIGN keys.
In the naive SumKes
signatures the signature for branch node B holds
the signature for node E, and the VerKeys for nodes D and E. The signature
for branch node A (the root node), the signature for node B and the
VerKeys for nodes B and C. In other words, the number of individual hashes
to be stored equals the depth of the Merkle tree.
Instead, the more efficient SumCompactKes
gets rid of some redundant data
of the signature. In particular, the signature for branch node B only holds
the signature for node E, and the VerKey for node D. It can reconstruct its
own VerKey from these two. The signature for branch node A (the root node),
then, only contains the VerKey for node C, and the signature for node B. In
other words, the number of individual hashes to be stored equals the depth
of the Merkle tree.
Modules
- This module contains the macros to build the KES algorithms. Tentative at making a recursive, and smaller code, which builds a key formed by an array, allowing for a more granular memory management when calling the function. The goal is to provide a similar construction to what is achieved in sumed25519 while maintaining code simplicity, and a smaller crate to facilitate audit and maintenance.
- Traits that define a KES signature instance
Structs
- KES public key, which is represented as an array of bytes. A
PublicKey
is the output of a Blake2b hash.