Expand description
Digital signature algorithms for authentication and non-repudiation.
用于认证和不可否认性的数字签名算法。
§Overview | 概述
Digital signature algorithms provide authentication, data integrity, and non-repudiation through public-key cryptography. A digital signature proves that a message was created by the holder of a private key, without revealing the private key itself.
数字签名算法通过公钥密码学提供认证、数据完整性和不可否认性。 数字签名证明消息是由私钥持有者创建的,而不会泄露私钥本身。
§Supported Algorithms | 支持的算法
§Traditional Algorithms | 传统算法
§Ed25519 (Edwards Curve Digital Signature Algorithm)
- Security Level: 128-bit
- Key Size: 32 bytes (public), 32 bytes (private)
- Signature Size: 64 bytes
- Performance: Very high
- Features: Deterministic, no hash function needed
§ECDSA P-256 (Elliptic Curve Digital Signature Algorithm)
- Security Level: 128-bit
- Key Size: 32 bytes (public), 32 bytes (private)
- Signature Size: ~64 bytes (variable)
- Performance: High
- Standardization: NIST FIPS 186-4, widely supported
§Post-Quantum Algorithms | 后量子算法
§Dilithium (Lattice-based signatures)
- Type: Post-quantum secure
- Security: Based on lattice problems
- NIST Status: Standardized (FIPS 204)
- Variants: Dilithium-2, Dilithium-3, Dilithium-5
§Algorithm Comparison | 算法对比
| Algorithm | Security | Key Size | Signature Size | Performance | Quantum Safe |
|---|---|---|---|---|---|
| Ed25519 | 128-bit | 64 bytes | 64 bytes | Very High | No |
| ECDSA P-256 | 128-bit | 64 bytes | ~64 bytes | High | No |
| Dilithium-2 | 128-bit | ~2.5KB | ~2.4KB | Medium | Yes |
| Dilithium-3 | 192-bit | ~4KB | ~3.3KB | Medium | Yes |
| Dilithium-5 | 256-bit | ~4.9KB | ~4.6KB | Medium | Yes |
§Security Considerations | 安全考虑
-
Private Key Protection: Private keys must be kept absolutely secret
-
Randomness Quality: Use high-quality random number generation
-
Hash Function: Use appropriate hash functions for message digests
-
Signature Verification: Always verify signatures before trusting data
-
Key Rotation: Implement regular key rotation policies
-
私钥保护: 私钥必须绝对保密
-
随机性质量: 使用高质量的随机数生成
-
哈希函数: 为消息摘要使用适当的哈希函数
-
签名验证: 在信任数据之前始终验证签名
-
密钥轮换: 实施定期密钥轮换策略
Structs§
- Signature
Algorithm Builder - Builder for constructing signature algorithm instances.
Enums§
- Dilithium
Security Level - Dilithium security level variants.
- Signature
Algorithm - Digital signature algorithm enumeration.