Crate pqc_sphincsplus

source ·
Expand description

SPHINCS+

A rust implementation of the SPHINCS+ stateless hash-based signature scheme, which has been included in NIST’s post-quantum cryptographic standard.

It is highly recommended to use SPHINCS+ in a hybrid system alongside a traditional signature algorithm such as RSA or ed25519.

Usage

To compile this library needs one from each of the following categories to be enabled, using more than one from each group will result in a compile error.

For example in Cargo.toml:

[dependencies]
pqc_sphincsplus = {version = "0.1.0", features = ["haraka", "f128", "simple"]}

To generate a keypair and sign a message with it:

 use pqc_sphincsplus::*;
 let keys = keypair();
 let msg = [0u8; 32];
 let sig = sign(&msg, &keys);
 let sig_verify = verify(&sig, &msg, &keys);
 assert!(sig_verify.is_ok());

The security levels target 128, 192 and 256 bit equivalents, corresponding to NIST levels 1,3,5 respectively. They are also separated into fast (f) and small (s) subtypes, which make the tradeoff between either quicker signing or smaller signatures sizes.

SPHINCS+ introduces a split of the signature schemes into a simple and a robust variant for each choice of hash function. The robust variant is from the original NIST PQC first round submission and comes with all the conservative security guarantees given before. The simple variants are pure random oracle instantiations. These instantiations achieve about a factor three speed-up compared to the robust counterparts. This comes at the cost of a purely heuristic security argument.

A comparison of the different security levels is below.

nhdlog(t)kwbit securitypk bytessk bytessig bytes
SPHINCS+-128s1663712141613332647,856
SPHINCS+-128f16662263316128326417,088
SPHINCS+-192s24637141716193489616,224
SPHINCS+-192f24662283316194489635,664
SPHINCS+-256s326481422162556412829,792
SPHINCS+-256f326817935162556412849,856