Skip to main content

Crate fn_dsa_kgen

Crate fn_dsa_kgen 

Source
Expand description

§FN-DSA key pair generation

This crate implements key pair generation for FN-DSA. The process uses some temporary buffers which are held in an instance that follows the trait KeyPairGenerator, on which the keygen() method can be called. A cryptographically secure random source (e.g. OsRng) must be provided as parameter; the generator will extract an initial seed from it, then work deterministically from that seed. The output is a signing (private) key and a verifying (public) key, both encoded as a sequence of bytes with a given fixed length.

FN-DSA is parameterized by a degree, which is a power of two. Standard versions use degree 512 (“level I security”) or 1024 (“level V security”); smaller degrees are deemed too weak for production use and meant only for research and testing. The degree is provided logarithmically as the logn parameter, such that the degree is n = 2^logn (thus, degrees 512 and 1024 correspond to logn values 9 and 10, respectively).

Each KeyPairGenerator instance supports only a specific range of degrees:

  • KeyPairGeneratorStandard: degrees 512 and 1024 only
  • KeyPairGenerator512: degree 512 only
  • KeyPairGenerator1024: degree 1024 only
  • KeyPairGeneratorWeak: degrees 4 to 256 only

Given logn, the sign_key_size() and vrfy_key_size() constant functions yield the sizes of the signing and verifying keys (in bytes).

§Standards alignment

This crate targets NIST FIPS 206 (FN-DSA). Key encodings, message pre-hashing, and domain separation follow the published standard. If NIST publishes errata or CAVP test-vector updates that affect wire interoperability, releases of this crate may adjust accordingly; consult release notes when upgrading.

§Example usage

use rand_core::OsRng;
use fn_dsa_kgen::{
    sign_key_size, vrfy_key_size, FN_DSA_LOGN_512,
    KeyPairGenerator, KeyPairGeneratorStandard,
};

let mut kg = KeyPairGeneratorStandard::default();
let mut sign_key = [0u8; sign_key_size(FN_DSA_LOGN_512)];
let mut vrfy_key = [0u8; vrfy_key_size(FN_DSA_LOGN_512)];
kg.keygen(FN_DSA_LOGN_512, &mut OsRng, &mut sign_key, &mut vrfy_key);

Structs§

KeyPairGenerator512
Key pair generator for degrees (logn) 9 to 9 only.
KeyPairGenerator1024
Key pair generator for degrees (logn) 10 to 10 only.
KeyPairGeneratorStandard
Key pair generator for degrees (logn) 9 to 10 only.
KeyPairGeneratorWeak
Key pair generator for degrees (logn) 2 to 8 only.

Constants§

FN_DSA_LOGN_512
Symbolic constant for FN-DSA with degree 512 (logn = 9).
FN_DSA_LOGN_1024
Symbolic constant for FN-DSA with degree 1024 (logn = 10).

Traits§

CryptoRng
A marker trait for securely unpredictable infallible RNGs
KeyPairGenerator
Key pair generator and temporary buffers.
Rng
Trait for infallible random number generators

Functions§

sign_key_size
Get the size (in bytes) of a signing key for the provided degree (degree is n = 2^logn, with 2 <= logn <= 10).
vrfy_key_size
Get the size (in bytes) of a verifying key for the provided degree (degree is n = 2^logn, with 2 <= logn <= 10).

Type Aliases§

RngError
Error type for RNG operations.